ÿþShared User Data: 0xFFDF0000(248000) Product: NT Workstation Suite: NT Version: 5.0 System Time: 0x1c569e1d9e897b0 2005-06-05 15:18:39Z Time Zone ID: 2 Bias: 144000000000 Local Time: 0x1c569c052d6f7b0 2005-06-05 11:18:39Z Tick Count: 0x1038ba System Root: C:\WINNT Processor Architecture: StandardDesign Processor Features: FloatingPointPrecisionErrata: FloatingPointEmulated: CompareExchangeDouble: X MMXInstructionsAvailable: X PPCMovemem64BitOk: AlphaByteInstructions: XMMIInstructionsAvailable: X 3DNOWInstructionsAvailable: RDTSCInstructionAvailable: X PAEEnabled: XMMI64InstructionsAvailable: Large page minimum: 0 Debugger Enabled: No NxSupport: 0x0 Active Console ID: 0 Physical Pages: 0 Booted in safe mode: No TestReturnInstruction: 0 0 0 0 SystemCall: 0x0 SystemCallReturn: 0x0 Cookie: 0x0 Kernel Base : 0x80400000 Kernel Size : 0x19fb90 Page Tables: 0xC0000000 (0x1680000) Page Directory: 0xC0300000 (0x30000) KeNumberProcessors: 0x8046B4CC(46b4cc) 1 KeActiveProcessors: 0x8046B4D4(46b4d4) 1 KiProcessorBlock: 0x8046BDA0(46bda0) KeBootTime: 0x8046B318 (46b318) Value: 0x1c569df60590f40 2005-06-05 15:00:56Z KeBootTimeBias: 0x8046B328 Value: 0 Processor Control Regions: KPCR0: 0xFFDFF000(247000) KdVersionBlock: 0x00000000(1) GDT Base: 0x80036000(36000) IDT Base: 0x80036400(36400) IDTR: 0x8003f400 Limit: 0x7ff GDTR: 0x8003f000 Limit: 0x3ff LDTR: 0x8003f000 Limit: 0x3ff TSS: 0x80249000(249000) Processor Control Block: 0xFFDFF120 IdleThread: 0x8046D3F0 BuildType: 2 CpuType: 6 CpuStep: 0x806 SetMember: 1 CpuID: 1 VendorString: GenuineIntel MHZ: 285 PRCBNumber: 0 LogicalProcessorsPerPhysicalProcessor: 0 DebugActive: false Pagefile Information: MmNumberOfPagingFiles: 0x80480644(480644) Value: 1 MmPagingFile: 0x80480C40(480c40) Pagingfile0: 0xFCD61E28(137ee28) Size: 0xc000 MaximumSize: 0x18000 MinimumSize: 0xc000 FreeSpace: 0xb737 CurrentUsage: 0x8c8 PeakUsage: 0x925 HighestPage: 0x0 FileObject: 0xFCD61EA8 PagefileName: \??\C:\pagefile.sys Memory Information: MmPagesSize: 0x1000 MmLowestPhysicalPage: 0x8046B4D0(46b4d0) Value: 0x2 MmHighestPhysicalPage: 0x8046B4D8(46b4d8) Value: 0x7e7f MmNumberOfPhysicalPages: 0x8046B4DC(46b4dc) Value: 0x7dfb MmPfnDatabase: 0x8046B448(46b448) IDT Tables: IDT: 0x80036400(36400) No. Selector:Offset ParamCount Dpl Type Module 0. 8:80463c46 0 0 0xe \WINNT\System32\ntoskrnl.exe 1. 8:80463d96 0 0 0xe \WINNT\System32\ntoskrnl.exe 3. 8:8046406e 0 3 0xe \WINNT\System32\ntoskrnl.exe 4. 8:804641d2 0 3 0xe \WINNT\System32\ntoskrnl.exe 5. 8:80464316 0 0 0xe \WINNT\System32\ntoskrnl.exe 6. 8:8046447a 0 0 0xe \WINNT\System32\ntoskrnl.exe 7. 8:804649b0 0 0 0xe \WINNT\System32\ntoskrnl.exe 9. 8:80464d6c 0 0 0xe \WINNT\System32\ntoskrnl.exe a. 8:80464e74 0 0 0xe \WINNT\System32\ntoskrnl.exe b. 8:80464fa0 0 0 0xe \WINNT\System32\ntoskrnl.exe c. 8:804652a4 0 0 0xe \WINNT\System32\ntoskrnl.exe d. 8:804654b0 0 0 0xe \WINNT\System32\ntoskrnl.exe e. 8:80465f04 0 0 0xe \WINNT\System32\ntoskrnl.exe f. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 10. 8:804663a7 0 0 0xe \WINNT\System32\ntoskrnl.exe 11. 8:804664cb 0 0 0xe \WINNT\System32\ntoskrnl.exe 13. 8:8046661b 0 0 0xe \WINNT\System32\ntoskrnl.exe 14. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 15. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 16. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 17. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 18. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 19. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1a. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1b. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1c. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1d. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1e. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1f. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 2a. 8:8046310c 0 3 0xe \WINNT\System32\ntoskrnl.exe 2b. 8:80463202 0 3 0xe \WINNT\System32\ntoskrnl.exe 2c. 8:80463322 0 3 0xe \WINNT\System32\ntoskrnl.exe 2d. 8:80463f5e 0 3 0xe \WINNT\System32\ntoskrnl.exe 2e. 8:80462c2d 0 3 0xe \WINNT\System32\ntoskrnl.exe 2f. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 30. 8:8006807c 0 0 0xe \WINNT\System32\hal.dll 31. 8:fcd9ddc4 0 0 0xe 32. 8:80462284 0 0 0xe \WINNT\System32\ntoskrnl.exe 33. 8:8046228e 0 0 0xe \WINNT\System32\ntoskrnl.exe 34. 8:fcdb1324 0 0 0xe 35. 8:804622a2 0 0 0xe \WINNT\System32\ntoskrnl.exe 36. 8:804622ac 0 0 0xe \WINNT\System32\ntoskrnl.exe 37. 8:804622b6 0 0 0xe \WINNT\System32\ntoskrnl.exe 38. 8:80062db0 0 0 0xe \WINNT\System32\hal.dll 39. 8:fcd30044 0 0 0xe 3a. 8:804622d4 0 0 0xe \WINNT\System32\ntoskrnl.exe 3b. 8:fcdb1944 0 0 0xe 3c. 8:fcd9db44 0 0 0xe 3d. 8:804622f2 0 0 0xe \WINNT\System32\ntoskrnl.exe 3e. 8:fcd29ce4 0 0 0xe 3f. 8:80462306 0 0 0xe \WINNT\System32\ntoskrnl.exe 40. 8:80462310 0 0 0xe \WINNT\System32\ntoskrnl.exe 41. 8:8046231a 0 0 0xe \WINNT\System32\ntoskrnl.exe 42. 8:80462324 0 0 0xe \WINNT\System32\ntoskrnl.exe 43. 8:8046232e 0 0 0xe \WINNT\System32\ntoskrnl.exe 44. 8:80462338 0 0 0xe \WINNT\System32\ntoskrnl.exe 45. 8:80462342 0 0 0xe \WINNT\System32\ntoskrnl.exe 46. 8:8046234c 0 0 0xe \WINNT\System32\ntoskrnl.exe 47. 8:80462356 0 0 0xe \WINNT\System32\ntoskrnl.exe 48. 8:80462360 0 0 0xe \WINNT\System32\ntoskrnl.exe 49. 8:8046236a 0 0 0xe \WINNT\System32\ntoskrnl.exe 4a. 8:80462374 0 0 0xe \WINNT\System32\ntoskrnl.exe 4b. 8:8046237e 0 0 0xe \WINNT\System32\ntoskrnl.exe 4c. 8:80462388 0 0 0xe \WINNT\System32\ntoskrnl.exe 4d. 8:80462392 0 0 0xe \WINNT\System32\ntoskrnl.exe 4e. 8:8046239c 0 0 0xe \WINNT\System32\ntoskrnl.exe 4f. 8:804623a6 0 0 0xe \WINNT\System32\ntoskrnl.exe 50. 8:804623b0 0 0 0xe \WINNT\System32\ntoskrnl.exe 51. 8:804623ba 0 0 0xe \WINNT\System32\ntoskrnl.exe 52. 8:804623c4 0 0 0xe \WINNT\System32\ntoskrnl.exe 53. 8:804623ce 0 0 0xe \WINNT\System32\ntoskrnl.exe 54. 8:804623d8 0 0 0xe \WINNT\System32\ntoskrnl.exe 55. 8:804623e2 0 0 0xe \WINNT\System32\ntoskrnl.exe 56. 8:804623ec 0 0 0xe \WINNT\System32\ntoskrnl.exe 57. 8:804623f6 0 0 0xe \WINNT\System32\ntoskrnl.exe 58. 8:80462400 0 0 0xe \WINNT\System32\ntoskrnl.exe 59. 8:8046240a 0 0 0xe \WINNT\System32\ntoskrnl.exe 5a. 8:80462414 0 0 0xe \WINNT\System32\ntoskrnl.exe 5b. 8:8046241e 0 0 0xe \WINNT\System32\ntoskrnl.exe 5c. 8:80462428 0 0 0xe \WINNT\System32\ntoskrnl.exe 5d. 8:80462432 0 0 0xe \WINNT\System32\ntoskrnl.exe 5e. 8:8046243c 0 0 0xe \WINNT\System32\ntoskrnl.exe 5f. 8:80462446 0 0 0xe \WINNT\System32\ntoskrnl.exe 60. 8:80462450 0 0 0xe \WINNT\System32\ntoskrnl.exe 61. 8:8046245a 0 0 0xe \WINNT\System32\ntoskrnl.exe 62. 8:80462464 0 0 0xe \WINNT\System32\ntoskrnl.exe 63. 8:8046246e 0 0 0xe \WINNT\System32\ntoskrnl.exe 64. 8:80462478 0 0 0xe \WINNT\System32\ntoskrnl.exe 65. 8:80462482 0 0 0xe \WINNT\System32\ntoskrnl.exe 66. 8:8046248c 0 0 0xe \WINNT\System32\ntoskrnl.exe 67. 8:80462496 0 0 0xe \WINNT\System32\ntoskrnl.exe 68. 8:804624a0 0 0 0xe \WINNT\System32\ntoskrnl.exe 69. 8:804624aa 0 0 0xe \WINNT\System32\ntoskrnl.exe 6a. 8:804624b4 0 0 0xe \WINNT\System32\ntoskrnl.exe 6b. 8:804624be 0 0 0xe \WINNT\System32\ntoskrnl.exe 6c. 8:804624c8 0 0 0xe \WINNT\System32\ntoskrnl.exe 6d. 8:804624d2 0 0 0xe \WINNT\System32\ntoskrnl.exe 6e. 8:804624dc 0 0 0xe \WINNT\System32\ntoskrnl.exe 6f. 8:804624e6 0 0 0xe \WINNT\System32\ntoskrnl.exe 70. 8:804624f0 0 0 0xe \WINNT\System32\ntoskrnl.exe 71. 8:804624fa 0 0 0xe \WINNT\System32\ntoskrnl.exe 72. 8:80462504 0 0 0xe \WINNT\System32\ntoskrnl.exe 73. 8:8046250e 0 0 0xe \WINNT\System32\ntoskrnl.exe 74. 8:80462518 0 0 0xe \WINNT\System32\ntoskrnl.exe 75. 8:80462522 0 0 0xe \WINNT\System32\ntoskrnl.exe 76. 8:8046252c 0 0 0xe \WINNT\System32\ntoskrnl.exe 77. 8:80462536 0 0 0xe \WINNT\System32\ntoskrnl.exe 78. 8:80462540 0 0 0xe \WINNT\System32\ntoskrnl.exe 79. 8:8046254a 0 0 0xe \WINNT\System32\ntoskrnl.exe 7a. 8:80462554 0 0 0xe \WINNT\System32\ntoskrnl.exe 7b. 8:8046255e 0 0 0xe \WINNT\System32\ntoskrnl.exe 7c. 8:80462568 0 0 0xe \WINNT\System32\ntoskrnl.exe 7d. 8:80462572 0 0 0xe \WINNT\System32\ntoskrnl.exe 7e. 8:8046257c 0 0 0xe \WINNT\System32\ntoskrnl.exe 7f. 8:80462586 0 0 0xe \WINNT\System32\ntoskrnl.exe 80. 8:80462590 0 0 0xe \WINNT\System32\ntoskrnl.exe 81. 8:8046259a 0 0 0xe \WINNT\System32\ntoskrnl.exe 82. 8:804625a4 0 0 0xe \WINNT\System32\ntoskrnl.exe 83. 8:804625ae 0 0 0xe \WINNT\System32\ntoskrnl.exe 84. 8:804625b8 0 0 0xe \WINNT\System32\ntoskrnl.exe 85. 8:804625c2 0 0 0xe \WINNT\System32\ntoskrnl.exe 86. 8:804625cc 0 0 0xe \WINNT\System32\ntoskrnl.exe 87. 8:804625d6 0 0 0xe \WINNT\System32\ntoskrnl.exe 88. 8:804625e0 0 0 0xe \WINNT\System32\ntoskrnl.exe 89. 8:804625ea 0 0 0xe \WINNT\System32\ntoskrnl.exe 8a. 8:804625f4 0 0 0xe \WINNT\System32\ntoskrnl.exe 8b. 8:804625fe 0 0 0xe \WINNT\System32\ntoskrnl.exe 8c. 8:80462608 0 0 0xe \WINNT\System32\ntoskrnl.exe 8d. 8:80462612 0 0 0xe \WINNT\System32\ntoskrnl.exe 8e. 8:8046261c 0 0 0xe \WINNT\System32\ntoskrnl.exe 8f. 8:80462626 0 0 0xe \WINNT\System32\ntoskrnl.exe 90. 8:80462630 0 0 0xe \WINNT\System32\ntoskrnl.exe 91. 8:8046263a 0 0 0xe \WINNT\System32\ntoskrnl.exe 92. 8:80462644 0 0 0xe \WINNT\System32\ntoskrnl.exe 93. 8:8046264e 0 0 0xe \WINNT\System32\ntoskrnl.exe 94. 8:80462658 0 0 0xe \WINNT\System32\ntoskrnl.exe 95. 8:80462662 0 0 0xe \WINNT\System32\ntoskrnl.exe 96. 8:8046266c 0 0 0xe \WINNT\System32\ntoskrnl.exe 97. 8:80462676 0 0 0xe \WINNT\System32\ntoskrnl.exe 98. 8:80462680 0 0 0xe \WINNT\System32\ntoskrnl.exe 99. 8:8046268a 0 0 0xe \WINNT\System32\ntoskrnl.exe 9a. 8:80462694 0 0 0xe \WINNT\System32\ntoskrnl.exe 9b. 8:8046269e 0 0 0xe \WINNT\System32\ntoskrnl.exe 9c. 8:804626a8 0 0 0xe \WINNT\System32\ntoskrnl.exe 9d. 8:804626b2 0 0 0xe \WINNT\System32\ntoskrnl.exe 9e. 8:804626bc 0 0 0xe \WINNT\System32\ntoskrnl.exe 9f. 8:804626c6 0 0 0xe \WINNT\System32\ntoskrnl.exe a0. 8:804626d0 0 0 0xe \WINNT\System32\ntoskrnl.exe a1. 8:804626da 0 0 0xe \WINNT\System32\ntoskrnl.exe a2. 8:804626e4 0 0 0xe \WINNT\System32\ntoskrnl.exe a3. 8:804626ee 0 0 0xe \WINNT\System32\ntoskrnl.exe a4. 8:804626f8 0 0 0xe \WINNT\System32\ntoskrnl.exe a5. 8:80462702 0 0 0xe \WINNT\System32\ntoskrnl.exe a6. 8:8046270c 0 0 0xe \WINNT\System32\ntoskrnl.exe a7. 8:80462716 0 0 0xe \WINNT\System32\ntoskrnl.exe a8. 8:80462720 0 0 0xe \WINNT\System32\ntoskrnl.exe a9. 8:8046272a 0 0 0xe \WINNT\System32\ntoskrnl.exe aa. 8:80462734 0 0 0xe \WINNT\System32\ntoskrnl.exe ab. 8:8046273e 0 0 0xe \WINNT\System32\ntoskrnl.exe ac. 8:80462748 0 0 0xe \WINNT\System32\ntoskrnl.exe ad. 8:80462752 0 0 0xe \WINNT\System32\ntoskrnl.exe ae. 8:8046275c 0 0 0xe \WINNT\System32\ntoskrnl.exe af. 8:80462766 0 0 0xe \WINNT\System32\ntoskrnl.exe b0. 8:80462770 0 0 0xe \WINNT\System32\ntoskrnl.exe b1. 8:8046277a 0 0 0xe \WINNT\System32\ntoskrnl.exe b2. 8:80462784 0 0 0xe \WINNT\System32\ntoskrnl.exe b3. 8:8046278e 0 0 0xe \WINNT\System32\ntoskrnl.exe b4. 8:80462798 0 0 0xe \WINNT\System32\ntoskrnl.exe b5. 8:804627a2 0 0 0xe \WINNT\System32\ntoskrnl.exe b6. 8:804627ac 0 0 0xe \WINNT\System32\ntoskrnl.exe b7. 8:804627b6 0 0 0xe \WINNT\System32\ntoskrnl.exe b8. 8:804627c0 0 0 0xe \WINNT\System32\ntoskrnl.exe b9. 8:804627ca 0 0 0xe \WINNT\System32\ntoskrnl.exe ba. 8:804627d4 0 0 0xe \WINNT\System32\ntoskrnl.exe bb. 8:804627de 0 0 0xe \WINNT\System32\ntoskrnl.exe bc. 8:804627e8 0 0 0xe \WINNT\System32\ntoskrnl.exe bd. 8:804627f2 0 0 0xe \WINNT\System32\ntoskrnl.exe be. 8:804627fc 0 0 0xe \WINNT\System32\ntoskrnl.exe bf. 8:80462806 0 0 0xe \WINNT\System32\ntoskrnl.exe c0. 8:80462810 0 0 0xe \WINNT\System32\ntoskrnl.exe c1. 8:8046281a 0 0 0xe \WINNT\System32\ntoskrnl.exe c2. 8:80462824 0 0 0xe \WINNT\System32\ntoskrnl.exe c3. 8:8046282e 0 0 0xe \WINNT\System32\ntoskrnl.exe c4. 8:80462838 0 0 0xe \WINNT\System32\ntoskrnl.exe c5. 8:80462842 0 0 0xe \WINNT\System32\ntoskrnl.exe c6. 8:8046284c 0 0 0xe \WINNT\System32\ntoskrnl.exe c7. 8:80462856 0 0 0xe \WINNT\System32\ntoskrnl.exe c8. 8:80462860 0 0 0xe \WINNT\System32\ntoskrnl.exe c9. 8:8046286a 0 0 0xe \WINNT\System32\ntoskrnl.exe ca. 8:80462874 0 0 0xe \WINNT\System32\ntoskrnl.exe cb. 8:8046287e 0 0 0xe \WINNT\System32\ntoskrnl.exe cc. 8:80462888 0 0 0xe \WINNT\System32\ntoskrnl.exe cd. 8:80462892 0 0 0xe \WINNT\System32\ntoskrnl.exe ce. 8:8046289c 0 0 0xe \WINNT\System32\ntoskrnl.exe cf. 8:804628a6 0 0 0xe \WINNT\System32\ntoskrnl.exe d0. 8:804628b0 0 0 0xe \WINNT\System32\ntoskrnl.exe d1. 8:804628ba 0 0 0xe \WINNT\System32\ntoskrnl.exe d2. 8:804628c4 0 0 0xe \WINNT\System32\ntoskrnl.exe d3. 8:804628ce 0 0 0xe \WINNT\System32\ntoskrnl.exe d4. 8:804628d8 0 0 0xe \WINNT\System32\ntoskrnl.exe d5. 8:804628e2 0 0 0xe \WINNT\System32\ntoskrnl.exe d6. 8:804628ec 0 0 0xe \WINNT\System32\ntoskrnl.exe d7. 8:804628f6 0 0 0xe \WINNT\System32\ntoskrnl.exe d8. 8:80462900 0 0 0xe \WINNT\System32\ntoskrnl.exe d9. 8:8046290a 0 0 0xe \WINNT\System32\ntoskrnl.exe da. 8:80462914 0 0 0xe \WINNT\System32\ntoskrnl.exe db. 8:8046291e 0 0 0xe \WINNT\System32\ntoskrnl.exe dc. 8:80462928 0 0 0xe \WINNT\System32\ntoskrnl.exe dd. 8:80462932 0 0 0xe \WINNT\System32\ntoskrnl.exe de. 8:8046293c 0 0 0xe \WINNT\System32\ntoskrnl.exe df. 8:80462946 0 0 0xe \WINNT\System32\ntoskrnl.exe e0. 8:80462950 0 0 0xe \WINNT\System32\ntoskrnl.exe e1. 8:8046295a 0 0 0xe \WINNT\System32\ntoskrnl.exe e2. 8:80462964 0 0 0xe \WINNT\System32\ntoskrnl.exe e3. 8:8046296e 0 0 0xe \WINNT\System32\ntoskrnl.exe e4. 8:80462978 0 0 0xe \WINNT\System32\ntoskrnl.exe e5. 8:80462982 0 0 0xe \WINNT\System32\ntoskrnl.exe e6. 8:8046298c 0 0 0xe \WINNT\System32\ntoskrnl.exe e7. 8:80462996 0 0 0xe \WINNT\System32\ntoskrnl.exe e8. 8:804629a0 0 0 0xe \WINNT\System32\ntoskrnl.exe e9. 8:804629aa 0 0 0xe \WINNT\System32\ntoskrnl.exe ea. 8:804629b4 0 0 0xe \WINNT\System32\ntoskrnl.exe eb. 8:804629be 0 0 0xe \WINNT\System32\ntoskrnl.exe ec. 8:804629c8 0 0 0xe \WINNT\System32\ntoskrnl.exe ed. 8:804629d2 0 0 0xe \WINNT\System32\ntoskrnl.exe ee. 8:804629d9 0 0 0xe \WINNT\System32\ntoskrnl.exe ef. 8:804629e0 0 0 0xe \WINNT\System32\ntoskrnl.exe f0. 8:804629e7 0 0 0xe \WINNT\System32\ntoskrnl.exe f1. 8:804629ee 0 0 0xe \WINNT\System32\ntoskrnl.exe f2. 8:804629f5 0 0 0xe \WINNT\System32\ntoskrnl.exe f3. 8:804629fc 0 0 0xe \WINNT\System32\ntoskrnl.exe f4. 8:80462a03 0 0 0xe \WINNT\System32\ntoskrnl.exe f5. 8:80462a0a 0 0 0xe \WINNT\System32\ntoskrnl.exe f6. 8:80462a11 0 0 0xe \WINNT\System32\ntoskrnl.exe f7. 8:80462a18 0 0 0xe \WINNT\System32\ntoskrnl.exe f8. 8:80462a1f 0 0 0xe \WINNT\System32\ntoskrnl.exe f9. 8:80462a26 0 0 0xe \WINNT\System32\ntoskrnl.exe fa. 8:80462a2d 0 0 0xe \WINNT\System32\ntoskrnl.exe fb. 8:80462a34 0 0 0xe \WINNT\System32\ntoskrnl.exe fc. 8:80462a3b 0 0 0xe \WINNT\System32\ntoskrnl.exe fd. 8:80462a42 0 0 0xe \WINNT\System32\ntoskrnl.exe fe. 8:80462a49 0 0 0xe \WINNT\System32\ntoskrnl.exe ff. 8:80462a50 0 0 0xe \WINNT\System32\ntoskrnl.exe GDT Tables: GDT (callgates only): 0x80036000(36000) No. Selector:Offset ParamCount Dpl Type Module PsLoadedModuleList : 0x8046B618(46b618) Loaded System Modules: 1. ntoskrnl.exe<0xFCE28288(1445280)>: BaseAddress: 0x80400000 (400000) EntryPoint: 0x8040CF90 Size: 1702528 Flags: 0xc004000 Checksum: 0x1ac8b7 LoadCount: 1 Unknown1: 0 ImagePath: \WINNT\System32\ntoskrnl.exe 2. hal.dll<0xFCE281E8(14451e0)>: BaseAddress: 0x80062000 (62000) EntryPoint: 0x8006FE30 Size: 66528 Flags: 0xc004000 Checksum: 0x1a78e LoadCount: 1 Unknown1: 0 ImagePath: \WINNT\System32\hal.dll 3. BOOTVID.DLL<0xFCE28168(1445160)>: BaseAddress: 0xF0810000 (7d01000) EntryPoint: 0xF08118B0 Size: 12288 Flags: 0x9004000 Checksum: 0xd8a2 LoadCount: 2 Unknown1: 0 ImagePath: \WINNT\System32\BOOTVID.DLL 4. ACPI.sys<0xFCE280E8(14450e0)>: BaseAddress: 0xFC9F8000 (7d04000) EntryPoint: 0xFCA1C10B Size: 163840 Flags: 0x9004000 Checksum: 0x2d30f LoadCount: 1 Unknown1: 0 ImagePath: ACPI.sys 5. WMILIB.SYS<0xFCE28068(1445060)>: BaseAddress: 0xF09C8000 (7d2c000) EntryPoint: 0xF09C8AA0 Size: 4096 Flags: 0xd004000 Checksum: 0x8bfd LoadCount: 12 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\WMILIB.SYS 6. pci.sys<0xFCE26F88(1443f80)>: BaseAddress: 0xF0400000 (7d2d000) EntryPoint: 0xF040BA88 Size: 61440 Flags: 0x9004000 Checksum: 0x154e3 LoadCount: 1 Unknown1: 0 ImagePath: pci.sys 7. isapnp.sys<0xFCE26F08(1443f00)>: BaseAddress: 0xF0410000 (7d3c000) EntryPoint: 0xF0419A80 Size: 49152 Flags: 0x9004000 Checksum: 0x15782 LoadCount: 1 Unknown1: 0 ImagePath: isapnp.sys 8. ohci1394.sys<0xFCE26E88(1443e80)>: BaseAddress: 0xF0420000 (7d48000) EntryPoint: 0xF04273E0 Size: 40960 Flags: 0x9004000 Checksum: 0xd649 LoadCount: 1 Unknown1: 0 ImagePath: ohci1394.sys 9. 1394BUS.SYS<0xFCE26DE8(1443de0)>: BaseAddress: 0xF0430000 (7d52000) EntryPoint: 0xF0435360 Size: 45056 Flags: 0xd004000 Checksum: 0x111a7 LoadCount: 2 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\1394BUS.SYS 10. compbatt.sys<0xFCE26D68(1443d60)>: BaseAddress: 0xF0814000 (7d5d000) EntryPoint: 0xF0815900 Size: 12288 Flags: 0x9004000 Checksum: 0x63b9 LoadCount: 1 Unknown1: 0 ImagePath: compbatt.sys 11. BATTC.SYS<0xFCE27FA8(1444fa0)>: BaseAddress: 0xF0900000 (7da0000) EntryPoint: 0xF0900700 Size: 8192 Flags: 0xd004000 Checksum: 0xba7c LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\BATTC.SYS 12. PCIIde.sys<0xFCE27F48(1444f40)>: BaseAddress: 0xF09C9000 (7d62000) EntryPoint: 0xF09C92C0 Size: 4096 Flags: 0x9004000 Checksum: 0xfff0 LoadCount: 1 Unknown1: 0 ImagePath: PCIIde.sys 13. PCIIDEX.SYS<0xFCE27EC8(1444ec0)>: BaseAddress: 0xF0680000 (7d63000) EntryPoint: 0xF0683E70 Size: 24576 Flags: 0xd004000 Checksum: 0xbafb LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\Drivers\PCIIDEX.SYS 14. intelide.sys<0xFCE27E48(1444e40)>: BaseAddress: 0xF09CA000 (7d69000) EntryPoint: 0xF09CA2C0 Size: 4096 Flags: 0x9004000 Checksum: 0x3b0a LoadCount: 1 Unknown1: 0 ImagePath: intelide.sys 15. pcmcia.sys<0xFCE27DA8(1444da0)>: BaseAddress: 0xFC9DD000 (7d6a000) EntryPoint: 0xFC9F4A1C Size: 110592 Flags: 0x9004000 Checksum: 0x293f1 LoadCount: 1 Unknown1: 0 ImagePath: pcmcia.sys 16. ftdisk.sys<0xFCE27D28(1444d20)>: BaseAddress: 0xFC9C0000 (7d85000) EntryPoint: 0xFC9D91D8 Size: 118784 Flags: 0x9004000 Checksum: 0x2b963 LoadCount: 1 Unknown1: 0 ImagePath: ftdisk.sys 17. Diskperf.sys<0xFCE25008(1442000)>: BaseAddress: 0xF0902000 (7da2000) EntryPoint: 0xF09032C0 Size: 8192 Flags: 0x9004000 Checksum: 0xeef0 LoadCount: 1 Unknown1: 0 ImagePath: Diskperf.sys 18. dmio.sys<0xFCE25FA8(1442fa0)>: BaseAddress: 0xFC99E000 (7da4000) EntryPoint: 0xFC9A0824 Size: 139264 Flags: 0x9004000 Checksum: 0x30f8e LoadCount: 1 Unknown1: 0 ImagePath: dmio.sys 19. sbp2port.sys<0xFCE25F28(1442f20)>: BaseAddress: 0xF0440000 (7dc6000) EntryPoint: 0xF0446480 Size: 36864 Flags: 0x9004000 Checksum: 0xfd87 LoadCount: 1 Unknown1: 0 ImagePath: sbp2port.sys 20. ACPIEC.sys<0xFCE25E88(1442e80)>: BaseAddress: 0xF0818000 (7dcf000) EntryPoint: 0xF081A280 Size: 12288 Flags: 0x9004000 Checksum: 0x57c2 LoadCount: 1 Unknown1: 0 ImagePath: ACPIEC.sys 21. PartMgr.sys<0xFCE25E08(1442e00)>: BaseAddress: 0xF081C000 (7dd2000) EntryPoint: 0xF081E040 Size: 12288 Flags: 0x9004000 Checksum: 0x742c LoadCount: 1 Unknown1: 0 ImagePath: PartMgr.sys 22. MountMgr.sys<0xFCE25D88(1442d80)>: BaseAddress: 0xF0688000 (7dd5000) EntryPoint: 0xF068E160 Size: 32768 Flags: 0x9004000 Checksum: 0xe831 LoadCount: 1 Unknown1: 0 ImagePath: MountMgr.sys 23. atapi.sys<0xFCE25CE8(1442ce0)>: BaseAddress: 0xFC989000 (7ddd000) EntryPoint: 0xFC99B5BA Size: 86016 Flags: 0x9004000 Checksum: 0x1ad3f LoadCount: 1 Unknown1: 0 ImagePath: atapi.sys 24. va32w2.sys<0xFCE25C68(1442c60)>: BaseAddress: 0xF0690000 (7df2000) EntryPoint: 0xF0693FCE Size: 28672 Flags: 0x9004000 Checksum: 0x9158 LoadCount: 1 Unknown1: 0 ImagePath: va32w2.sys 25. SCSIPORT.SYS<0xFCE25BE8(1442be0)>: BaseAddress: 0xFC977000 (7df9000) EntryPoint: 0xFC9868BC Size: 73728 Flags: 0xd004000 Checksum: 0x162c6 LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\SCSIPORT.SYS 26. va16w2.sys<0xFCE25B48(1442b40)>: BaseAddress: 0xF0698000 (7e0b000) EntryPoint: 0xF069B246 Size: 20480 Flags: 0x9004000 Checksum: 0x10d4e LoadCount: 1 Unknown1: 0 ImagePath: va16w2.sys 27. disk.sys<0xFCE25AC8(1442ac0)>: BaseAddress: 0xF06A0000 (7e10000) EntryPoint: 0xF06A5120 Size: 28672 Flags: 0x9004000 Checksum: 0x11fe4 LoadCount: 1 Unknown1: 0 ImagePath: disk.sys 28. CLASSPNP.SYS<0xFCE25A48(1442a40)>: BaseAddress: 0xF0450000 (7e17000) EntryPoint: 0xF04570A0 Size: 36864 Flags: 0xd004000 Checksum: 0xa231 LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\CLASSPNP.SYS 29. Fastfat.sys<0xFCE259A8(14429a0)>: BaseAddress: 0xFC954000 (7e60000) EntryPoint: 0xFC972806 Size: 143360 Flags: 0x9004000 Checksum: 0x2d073 LoadCount: 1 Unknown1: 0 ImagePath: Fastfat.sys 30. KSecDD.sys<0xFCE25928(1442920)>: BaseAddress: 0xFC943000 (7e43000) EntryPoint: 0xFC9528BE Size: 69632 Flags: 0x9004000 Checksum: 0x15d45 LoadCount: 4 Unknown1: 0 ImagePath: KSecDD.sys 31. NDIS.sys<0xFCE258A8(14428a0)>: BaseAddress: 0xFC91B000 (7e54000) EntryPoint: 0xFC93FF1E Size: 163840 Flags: 0x9004000 Checksum: 0x373fe LoadCount: 13 Unknown1: 0 ImagePath: NDIS.sys 32. NaiFsRec.sys<0xFCE25828(1442820)>: BaseAddress: 0xF0904000 (7e7c000) EntryPoint: 0xF090494E Size: 8192 Flags: 0x1004000 Checksum: 0xd391 LoadCount: 1 Unknown1: 0 ImagePath: NaiFsRec.sys 33. Mup.sys<0xFCE25788(1442780)>: BaseAddress: 0xFC905000 (7e7e000) EntryPoint: 0xFC90AB04 Size: 90112 Flags: 0x9004000 Checksum: 0x1f266 LoadCount: 1 Unknown1: 0 ImagePath: Mup.sys 34. VIDEOPRT.SYS<0xFCDC7E68(13e4e60)>: BaseAddress: 0xF0480000 (2234000) EntryPoint: 0xF048A800 Size: 53248 Flags: 0x9104000 Checksum: 0x1a5d2 LoadCount: 3 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS 35. i81xnt5.sys<0xFCDA42A8(13c12a0)>: BaseAddress: 0xFC8B2000 (2212000) EntryPoint: 0xFC8B22E0 Size: 139264 Flags: 0x9104000 Checksum: 0x26d86 LoadCount: 1 Unknown1: 86 ImagePath: \SystemRoot\System32\DRIVERS\i81xnt5.sys 36. PxHelper.sys<0xFCDC7928(13e4920)>: BaseAddress: 0xF087C000 (2283000) EntryPoint: 0xF087D3D8 Size: 12288 Flags: 0x1104000 Checksum: 0x95bd LoadCount: 1 Unknown1: 0 ImagePath: \??\C:\WINNT\System32\drivers\PxHelper.sys 37. cdrom.sys<0xFCDC7308(13e4300)>: BaseAddress: 0xF06D0000 (226b000) EntryPoint: 0xF06D5980 Size: 28672 Flags: 0x9104000 Checksum: 0x9f9f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\cdrom.sys 38. e100bnt5.sys<0xFCD284C8(13454c0)>: BaseAddress: 0xFC898000 (2293000) EntryPoint: 0xFC89B7B8 Size: 106496 Flags: 0x9104000 Checksum: 0x222a9 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\e100bnt5.sys 39. i8042prt.sys<0xFCDC6E68(13e3e60)>: BaseAddress: 0xF0490000 (22ad000) EntryPoint: 0xF0498000 Size: 49152 Flags: 0x9104000 Checksum: 0xc15a LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\i8042prt.sys 40. kbdclass.sys<0xFCDC69E8(13e39e0)>: BaseAddress: 0xF06E0000 (22be000) EntryPoint: 0xF06E3E64 Size: 24576 Flags: 0x9104000 Checksum: 0xe259 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\kbdclass.sys 41. Apfiltr.sys<0xFCDA3748(13c0740)>: BaseAddress: 0xF04A0000 (22e6000) EntryPoint: 0xF04A8F80 Size: 40960 Flags: 0x9104000 Checksum: 0xa904 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\Apfiltr.sys 42. mouclass.sys<0xFCDA3428(13c0420)>: BaseAddress: 0xF06F0000 (22f0000) EntryPoint: 0xF06F34E4 Size: 24576 Flags: 0x9104000 Checksum: 0x7e78 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\mouclass.sys 43. CmBatt.sys<0xFCD27D68(1344d60)>: BaseAddress: 0xF088C000 (22f9000) EntryPoint: 0xF088DBA0 Size: 12288 Flags: 0x9104000 Checksum: 0x2bdd LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\CmBatt.sys 44. SonyPI.sys<0xFCD4AF68(1367f60)>: BaseAddress: 0xF04B0000 (231c000) EntryPoint: 0xF04B785C Size: 36864 Flags: 0x1104000 Checksum: 0x14b69 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\SonyPI.sys 45. SonyNC.sys<0xFCD4A728(1367720)>: BaseAddress: 0xF06F8000 (2345000) EntryPoint: 0xF06FBE72 Size: 20480 Flags: 0x1104000 Checksum: 0x1ab68 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\SonyNC.sys 46. serial.sys<0xFCD4A0E8(13670e0)>: BaseAddress: 0xF04C0000 (234f000) EntryPoint: 0xF04CA300 Size: 65536 Flags: 0x9104000 Checksum: 0x11703 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\serial.sys 47. serenum.sys<0xFCD49D88(1366d80)>: BaseAddress: 0xF089C000 (2384000) EntryPoint: 0xF089E9C0 Size: 16384 Flags: 0x9104000 Checksum: 0x1105e LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\serenum.sys 48. parport.sys<0xFCD48EE8(1365ee0)>: BaseAddress: 0xF0710000 (238c000) EntryPoint: 0xF07104A2 Size: 28672 Flags: 0x9104000 Checksum: 0xeedd LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\parport.sys 49. fdc.sys<0xFCD48828(1365820)>: BaseAddress: 0xF0720000 (1) EntryPoint: 0xF0724F30 Size: 28672 Flags: 0x9104000 Checksum: 0x1553c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\fdc.sys 50. USBD.SYS<0xFCD47CE8(1364ce0)>: BaseAddress: 0xF0740000 (23b2000) EntryPoint: 0xF0740300 Size: 20480 Flags: 0x9104000 Checksum: 0x5465 LoadCount: 3 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\USBD.SYS 51. uhcd.sys<0xFCD47EE8(1364ee0)>: BaseAddress: 0xF0730000 (23aa000) EntryPoint: 0xF07302E0 Size: 32768 Flags: 0x9104000 Checksum: 0x11484 LoadCount: 1 Unknown1: 85 ImagePath: \SystemRoot\System32\DRIVERS\uhcd.sys 52. KS.SYS<0xFCDC2C48(13dfc40)>: BaseAddress: 0xFC80B000 (2526000) EntryPoint: 0xFC826060 Size: 122880 Flags: 0x9104000 Checksum: 0x2d626 LoadCount: 5 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\KS.SYS 53. portcls.sys<0xFCDC2EE8(13dfee0)>: BaseAddress: 0xFC829000 (2501000) EntryPoint: 0xFC83F87C Size: 151552 Flags: 0x9104000 Checksum: 0x30ed1 LoadCount: 1 Unknown1: 75 ImagePath: \SystemRoot\system32\drivers\portcls.sys 54. smwdm.sys<0xFCD471E8(13641e0)>: BaseAddress: 0xFC84E000 (2417000) EntryPoint: 0xFC88BE78 Size: 303104 Flags: 0x9104000 Checksum: 0x580c3 LoadCount: 1 Unknown1: 112 ImagePath: \SystemRoot\system32\drivers\smwdm.sys 55. rksample.sys<0xFCDC1D88(13ded80)>: BaseAddress: 0xF04D0000 (254f000) EntryPoint: 0xF04DBE18 Size: 57344 Flags: 0x9104000 Checksum: 0x2434c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rksample.sys 56. winachsf.sys<0xFCDC1948(13de940)>: BaseAddress: 0xFC715000 (2624000) EntryPoint: 0xFC77AFC0 Size: 450560 Flags: 0x9104000 Checksum: 0x9726c LoadCount: 1 Unknown1: 621 ImagePath: \SystemRoot\System32\DRIVERS\winachsf.sys 57. Modem.SYS<0xFCDC1548(13de540)>: BaseAddress: 0xF0768000 (26f2000) EntryPoint: 0xF076D6EA Size: 28672 Flags: 0x9104000 Checksum: 0x16f4a LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Modem.SYS 58. audstub.sys<0xFCDC08E8(13dd8e0)>: BaseAddress: 0xF0A45000 (2727000) EntryPoint: 0xF0A45500 Size: 4096 Flags: 0x9104000 Checksum: 0x8ef7 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\audstub.sys 59. rasl2tp.sys<0xFCD46908(1363900)>: BaseAddress: 0xF04E0000 (272c000) EntryPoint: 0xF04EB2A0 Size: 53248 Flags: 0x9104000 Checksum: 0x10dac LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rasl2tp.sys 60. ndistapi.sys<0xFCD46348(1363340)>: BaseAddress: 0xF08A8000 (2739000) EntryPoint: 0xF08A96E2 Size: 12288 Flags: 0x9104000 Checksum: 0xe062 LoadCount: 2 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ndistapi.sys 61. ndiswan.sys<0xFCDBFC48(13dcc40)>: BaseAddress: 0xFC6FE000 (273e000) EntryPoint: 0xFC711180 Size: 94208 Flags: 0x9104000 Checksum: 0x24edb LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ndiswan.sys 62. TDI.SYS<0xFCD45DA8(1362da0)>: BaseAddress: 0xF08B8000 (275b000) EntryPoint: 0xF08B87D0 Size: 16384 Flags: 0x9104000 Checksum: 0x1329d LoadCount: 10 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\TDI.SYS 63. raspptp.sys<0xFCD45FA8(1362fa0)>: BaseAddress: 0xF04F0000 (278f000) EntryPoint: 0xF04FA6C0 Size: 49152 Flags: 0x9104000 Checksum: 0xe275 LoadCount: 1 Unknown1: 84 ImagePath: \SystemRoot\System32\DRIVERS\raspptp.sys 64. ptilink.sys<0xFCD451E8(13621e0)>: BaseAddress: 0xF0788000 (27e1000) EntryPoint: 0xF07882E0 Size: 20480 Flags: 0x9104000 Checksum: 0xf2be LoadCount: 2 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ptilink.sys 65. raspti.sys<0xFCD25548(1342540)>: BaseAddress: 0xF0798000 (27c9000) EntryPoint: 0xF079B240 Size: 20480 Flags: 0x9104000 Checksum: 0xfed0 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\raspti.sys 66. SonyiNet.sys<0xFCDBEE88(13dbe80)>: BaseAddress: 0xF07A8000 (27d3000) EntryPoint: 0xF07A8414 Size: 28672 Flags: 0x9104000 Checksum: 0x10386 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\SonyiNet.sys 67. parallel.sys<0xFCDBE808(13db800)>: BaseAddress: 0xF0500000 (27ba000) EntryPoint: 0xF0502BBE Size: 61440 Flags: 0x9104000 Checksum: 0x16ad6 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\parallel.sys 68. swenum.sys<0xFCD448E8(13618e0)>: BaseAddress: 0xF0A48000 (280a000) EntryPoint: 0xF0A486A0 Size: 4096 Flags: 0x9104000 Checksum: 0x7716 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\swenum.sys 69. update.sys<0xFCD24D08(1341d00)>: BaseAddress: 0xFC6E4000 (2881000) EntryPoint: 0xFC6FCE60 Size: 106496 Flags: 0x9104000 Checksum: 0x209d8 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\update.sys 70. flpydisk.sys<0xFCDB03A8(13cd3a0)>: BaseAddress: 0xF07C8000 (2878000) EntryPoint: 0xF07CBBA0 Size: 20480 Flags: 0x9104000 Checksum: 0xf1a2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\flpydisk.sys 71. usbhub.sys<0xFCD3C4E8(13594e0)>: BaseAddress: 0xF0540000 (287f000) EntryPoint: 0xF0540372 Size: 40960 Flags: 0x9104000 Checksum: 0xaef8 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\usbhub.sys 72. NDProxy.SYS<0xFCD9A568(13b7560)>: BaseAddress: 0xF0550000 (292b000) EntryPoint: 0xF0558720 Size: 40960 Flags: 0x9104000 Checksum: 0x121c3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\NDProxy.SYS 73. USBSTOR.SYS<0xFCD97DA8(13b4da0)>: BaseAddress: 0xF07D8000 (2969000) EntryPoint: 0xF07D9CA0 Size: 20480 Flags: 0x9104000 Checksum: 0x10fba LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\USBSTOR.SYS 74. SonyUSBL.sys<0xFCD96A28(13b3a20)>: BaseAddress: 0xF0912000 (296e000) EntryPoint: 0xF09122C0 Size: 8192 Flags: 0x9104000 Checksum: 0xf068 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\SonyUSBL.sys 75. Fs_Rec.SYS<0xFCCC8608(12e5600)>: BaseAddress: 0xF0916000 (29c2000) EntryPoint: 0xF0917294 Size: 8192 Flags: 0x9104000 Checksum: 0xab4c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Fs_Rec.SYS 76. Null.SYS<0xFCCC8548(12e5540)>: BaseAddress: 0xF0A7F000 (29a4000) EntryPoint: 0xF0A7F47A Size: 4096 Flags: 0x9104000 Checksum: 0x23ce LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Null.SYS 77. Beep.SYS<0xFCD8E708(13ab700)>: BaseAddress: 0xF0A83000 (29a5000) EntryPoint: 0xF0A8329A Size: 4096 Flags: 0x9104000 Checksum: 0xc54f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Beep.SYS 78. biosview.sys<0xFCCC93C8(12e63c0)>: BaseAddress: 0xF091A000 (29a6000) EntryPoint: 0xF091A2E2 Size: 8192 Flags: 0x9104000 Checksum: 0x76f0 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\biosview.sys 79. vga.sys<0xFCCC8A88(12e5a80)>: BaseAddress: 0xF08D4000 (29a8000) EntryPoint: 0xF08D6C40 Size: 16384 Flags: 0x9104000 Checksum: 0x1047d LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\drivers\vga.sys 80. mnmdd.SYS<0xFCCC73A8(12e43a0)>: BaseAddress: 0xF0A8B000 (29b9000) EntryPoint: 0xF0A8B3A0 Size: 4096 Flags: 0x9104000 Checksum: 0xf6c2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\mnmdd.SYS 81. Msfs.SYS<0xFCCC72E8(12e42e0)>: BaseAddress: 0xF07F8000 (29ce000) EntryPoint: 0xF07FBEDA Size: 24576 Flags: 0x9104000 Checksum: 0xe5fa LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Msfs.SYS 82. Npfs.SYS<0xFCCC63E8(12e33e0)>: BaseAddress: 0xF0560000 (29d4000) EntryPoint: 0xF056790E Size: 36864 Flags: 0x9104000 Checksum: 0x17e60 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Npfs.SYS 83. UdfReadr.SYS<0xFCCC4208(12e1200)>: BaseAddress: 0xF8371000 (29fd000) EntryPoint: 0xF8372722 Size: 208896 Flags: 0x1004000 Checksum: 0x38b5d LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\UdfReadr.SYS 84. rasacd.sys<0xFCD8DD68(13aad60)>: BaseAddress: 0xF0922000 (2a85000) EntryPoint: 0xF0923493 Size: 8192 Flags: 0x9104000 Checksum: 0xf369 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rasacd.sys 85. tcpip.sys<0xFCCC5FA8(12e2fa0)>: BaseAddress: 0xF82E8000 (2aad000) EntryPoint: 0xF832E4CA Size: 323584 Flags: 0x9104000 Checksum: 0x56824 LoadCount: 3 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\tcpip.sys 86. msgpc.sys<0xFCC90C68(12adc60)>: BaseAddress: 0xF0570000 (2b33000) EntryPoint: 0xF05702E0 Size: 36864 Flags: 0x9104000 Checksum: 0x17874 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\msgpc.sys 87. netbt.sys<0xFCC8EFA8(12abfa0)>: BaseAddress: 0xF82C4000 (2be0000) EntryPoint: 0xF82E3F2E Size: 147456 Flags: 0x9104000 Checksum: 0x282d2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\netbt.sys 88. wanarp.sys<0xFCC8D848(12aa840)>: BaseAddress: 0xF06B0000 (2b8a000) EntryPoint: 0xF06B6266 Size: 32768 Flags: 0x9104000 Checksum: 0x9122 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\wanarp.sys 89. netbios.sys<0xFCD6C348(1389340)>: BaseAddress: 0xF0580000 (2bb6000) EntryPoint: 0xF0586E20 Size: 36864 Flags: 0x9104000 Checksum: 0xb5c1 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\netbios.sys 90. rdbss.sys<0xFCC864C8(12a34c0)>: BaseAddress: 0xF82A2000 (2c11000) EntryPoint: 0xF82BFF20 Size: 139264 Flags: 0x9104000 Checksum: 0x2c2a9 LoadCount: 2 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rdbss.sys 91. mrxsmb.sys<0xFCD6D688(138a680)>: BaseAddress: 0xF8232000 (2c8d000) EntryPoint: 0xF8254DD6 Size: 385024 Flags: 0x9104000 Checksum: 0x69eb4 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\mrxsmb.sys 92. dump_WMILIB.SYS<0xFCD5ECA8(137bca0)>: BaseAddress: 0xF0AEE000 (5a83000) EntryPoint: 0xF0AEEAA0 Size: 4096 Flags: 0x9104000 Checksum: 0x8bfd LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\dump_WMILIB.SYS 93. dump_atapi.sys<0xFCD61068(137e060)>: BaseAddress: 0xF81F5000 (59ee000) EntryPoint: 0xF82075BA Size: 86016 Flags: 0x9104000 Checksum: 0x1ad3f LoadCount: 1 Unknown1: 87 ImagePath: \SystemRoot\System32\Drivers\dump_atapi.sys 94. win32k.sys<0xFCD5DCE8(137ace0)>: BaseAddress: 0xA0000000 (67ef000) EntryPoint: 0xA0194C37 Size: 1728512 Flags: 0x9104000 Checksum: 0x1b02d1 LoadCount: 1 Unknown1: 0 ImagePath: \??\C:\WINNT\system32\win32k.sys 95. Vchnt5.DLL<0xFCC5F408(127c400)>: BaseAddress: 0xFC793000 (6a4e000) EntryPoint: 0xFC793300 Size: 12288 Flags: 0x9104000 Checksum: 0xfa01 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\Vchnt5.DLL 96. Ch7xxNT5.DLL<0xFCC5F168(127c160)>: BaseAddress: 0xFC78B000 (1) EntryPoint: 0xFC78B300 Size: 16384 Flags: 0x9104000 Checksum: 0xb9b7 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\Ch7xxNT5.DLL 97. SiInt5.DLL<0xFCC5E9A8(127b9a0)>: BaseAddress: 0xF0AF3000 (6a56000) EntryPoint: 0xF0AF32E0 Size: 4096 Flags: 0x9104000 Checksum: 0x10943 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\SiInt5.DLL 98. atv01nt5.DLL<0xFCC5DE48(127ae40)>: BaseAddress: 0xF0778000 (1) EntryPoint: 0xF0778300 Size: 24576 Flags: 0x9104000 Checksum: 0x6ccb LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv01nt5.DLL 99. adv01nt5.DLL<0xFCC5D6C8(127a6c0)>: BaseAddress: 0xF0930000 (6a3e000) EntryPoint: 0xF09302E0 Size: 8192 Flags: 0x9104000 Checksum: 0xa1f2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\adv01nt5.DLL 100. atv02nt5.DLL<0xFCC5CF68(1279f60)>: BaseAddress: 0xFC783000 (6b21000) EntryPoint: 0xFC783300 Size: 12288 Flags: 0x9104000 Checksum: 0x4caf LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv02nt5.DLL 101. adv02nt5.DLL<0xFCC5C868(1279860)>: BaseAddress: 0xF0AF6000 (6a64000) EntryPoint: 0xF0AF62E0 Size: 4096 Flags: 0x9104000 Checksum: 0xcef8 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\adv02nt5.DLL 102. atv04nt5.DLL<0xFCC5C128(1279120)>: BaseAddress: 0xF0790000 (1) EntryPoint: 0xF0790300 Size: 24576 Flags: 0x9104000 Checksum: 0xced3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv04nt5.DLL 103. adv05nt5.DLL<0xFCC5BDE8(1278de0)>: BaseAddress: 0xF0AF9000 (6a8d000) EntryPoint: 0xF0AF92E0 Size: 4096 Flags: 0x9104000 Checksum: 0x4c3f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\adv05nt5.DLL 104. atv06nt5.DLL<0xFCC5B668(1278660)>: BaseAddress: 0xF08A4000 (6a8f000) EntryPoint: 0xF08A4300 Size: 12288 Flags: 0x9104000 Checksum: 0x97ce LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv06nt5.DLL 105. i81xdnt5.dll<0xFCC5A9E8(12779e0)>: BaseAddress: 0xF8133000 (6b33000) EntryPoint: 0xF8133320 Size: 663552 Flags: 0x9104000 Checksum: 0xa775c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\i81xdnt5.dll 106. afd.sys<0xFF282F68(9def60)>: BaseAddress: 0xF7FFD000 (bb1000) EntryPoint: 0xF801784A Size: 122880 Flags: 0x9104000 Checksum: 0x2ce34 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\drivers\afd.sys 107. ParVdm.SYS<0xFF26C9C8(fad9c0)>: BaseAddress: 0xF094A000 (15b6000) EntryPoint: 0xF094A900 Size: 8192 Flags: 0x9104000 Checksum: 0x770b LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\ParVdm.SYS 108. amosnt.sys<0xFF26B6E8(2506e0)>: BaseAddress: 0xF7F8A000 (f9d000) EntryPoint: 0xF7FAAD78 Size: 143360 Flags: 0x9104000 Checksum: 0x3dee3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\amosnt.sys 109. Aspi32.SYS<0xFF26B1C8(2501c0)>: BaseAddress: 0xF80EB000 (61000) EntryPoint: 0xF80EB48A Size: 16384 Flags: 0x1104000 Checksum: 0xc64f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Aspi32.SYS 110. dfrwsdrv.sys<0xFF25C7E8(19827e0)>: BaseAddress: 0xF0A74000 (19a7000) EntryPoint: 0xF0A74718 Size: 4096 Flags: 0x9104000 Checksum: 0xb8ac LoadCount: 1 Unknown1: 0 ImagePath: \??\c:\winnt\system32\dfrwsdrv.sys 111. fallback.sys<0xFF25E848(1d8840)>: BaseAddress: 0xF7E7C000 (2b46000) EntryPoint: 0xF7EBF958 Size: 286720 Flags: 0x9104000 Checksum: 0x74577 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\fallback.sys 112. fsksnt.sys<0xFF251A08(4793a00)>: BaseAddress: 0xF7E66000 (454d000) EntryPoint: 0xF7E7A938 Size: 90112 Flags: 0x9104000 Checksum: 0x32482 LoadCount: 1 Unknown1: 1112 ImagePath: \SystemRoot\System32\DRIVERS\fsksnt.sys 113. wdmaud.sys<0xFF250B88(7c7b80)>: BaseAddress: 0xF7E53000 (45d1000) EntryPoint: 0xF7E568B8 Size: 77824 Flags: 0x9104000 Checksum: 0x183eb LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\wdmaud.sys 114. Ich.sys<0xFF24ED08(7d47d00)>: BaseAddress: 0xF8063000 (460e000) EntryPoint: 0xF806F638 Size: 57344 Flags: 0x9104000 Checksum: 0x20e7f LoadCount: 1 Unknown1: 1128 ImagePath: \SystemRoot\System32\DRIVERS\Ich.sys 115. sysaudio.sys<0xFF24E528(7d47520)>: BaseAddress: 0xF8053000 (47c1000) EntryPoint: 0xF805D340 Size: 49152 Flags: 0x9104000 Checksum: 0xe409 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\sysaudio.sys 116. k56nt.sys<0xFF253708(651700)>: BaseAddress: 0xF7DF3000 (4a65000) EntryPoint: 0xF7E4F498 Size: 393216 Flags: 0x9104000 Checksum: 0xaf3ad LoadCount: 1 Unknown1: 1162 ImagePath: \SystemRoot\System32\DRIVERS\k56nt.sys 117. kmixer.sys<0xFF226168(778160)>: BaseAddress: 0xF7D07000 (7ef000) EntryPoint: 0xF7D181B3 Size: 147456 Flags: 0x9104000 Checksum: 0x2ef53 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\kmixer.sys 118. faxnt.sys<0xFF225788(478b780)>: BaseAddress: 0xF7CD6000 (4e82000) EntryPoint: 0xF7D04B18 Size: 200704 Flags: 0x9104000 Checksum: 0x57808 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\faxnt.sys 119. srv.sys<0xFF24A828(3bd820)>: BaseAddress: 0xF7C73000 (1be0000) EntryPoint: 0xF7CA90A0 Size: 241664 Flags: 0x9104000 Checksum: 0x3abee LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\srv.sys 120. tonesnt.sys<0xFF24DAC8(766ac0)>: BaseAddress: 0xF80A3000 (516f000) EntryPoint: 0xF80ADEB8 Size: 53248 Flags: 0x9104000 Checksum: 0x18925 LoadCount: 1 Unknown1: 1271 ImagePath: \SystemRoot\System32\DRIVERS\tonesnt.sys 121. v124nt.sys<0xFF1FEF08(5486f00)>: BaseAddress: 0xF7B60000 (4a31000) EntryPoint: 0xF7BCE698 Size: 471040 Flags: 0x9104000 Checksum: 0xc7564 LoadCount: 1 Unknown1: 65535 ImagePath: \SystemRoot\System32\DRIVERS\v124nt.sys 122. Cdfs.SYS<0xFF1FDB08(4859b00)>: BaseAddress: 0xF7DB3000 (540e000) EntryPoint: 0xF7DC01A0 Size: 61440 Flags: 0x9104000 Checksum: 0x1296d LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Cdfs.SYS 123. ipsec.sys<0xFCDA5588(13c2580)>: BaseAddress: 0xF7AFB000 (1ed4000) EntryPoint: 0xF7B0DCE6 Size: 86016 Flags: 0x9104000 Checksum: 0x21cb3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ipsec.sys 124. ATMFD.DLL<0xFF191B88(39b1b80)>: BaseAddress: 0xF7656000 (1) EntryPoint: 0xF7658E3A Size: 290816 Flags: 0x9104000 Checksum: 0x4f552 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\ATMFD.DLL Unloaded System Modules: 0x80480418 (0x480418) 1. (0x0): BaseAddress: 0x00000000 ImageEnd: 0x00000000 Unknown1: 0x0 Unknown2: 0x0 2. DMusic.sys(0x55b3848): BaseAddress: 0xF8654000 ImageEnd: 0xF8661000 Unknown1: 0xca2635b0 Unknown2: 0x1c569df 3. swmidi.sys(0x3bd7c8): BaseAddress: 0xF0600000 ImageEnd: 0xF060D000 Unknown1: 0xc7580390 Unknown2: 0x1c569df 4. VGA.dll(0x12784c8): BaseAddress: 0xF81C0000 ImageEnd: 0xF81D5000 Unknown1: 0x91c40090 Unknown2: 0x1c569df 5. i81xdnt5.dll(0x1278728): BaseAddress: 0xF8133000 ImageEnd: 0xF81D5000 Unknown1: 0x91c0f230 Unknown2: 0x1c569df 6. redbook.sys(0x12a99a8): BaseAddress: 0xF0590000 ImageEnd: 0xF0599000 Unknown1: 0x68202490 Unknown2: 0x1c569df Drivers: \Driver\WMI<0xFCDF4A30(1411a30)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0xFCDF44D8 DriverInit: 0x80561536 \WINNT\System32\ntoskrnl.exe DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80512A98 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80512AD8 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x804B1C53 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80512B8C \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80512FB6 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: \Driver\WMI \Driver\KSecDD<0xFCD50650(136d650)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25928 KSecDD.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9528BE KSecDD.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC94BA3A KSecDD.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC94BA3A KSecDD.sys IRP_MJ_READ: 0xFC94BA3A KSecDD.sys IRP_MJ_WRITE: 0xFC94BA3A KSecDD.sys IRP_MJ_QUERY_INFORMATION: 0xFC94BA3A KSecDD.sys IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC94BA3A KSecDD.sys IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC94BA3A KSecDD.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: KSecDD \Driver\NDIS<0xFCD4E8F0(136b8f0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE258A8 NDIS.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC93FF1E NDIS.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC91F196 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC91F196 NDIS.sys IRP_MJ_CLOSE: 0xFC91F196 NDIS.sys IRP_MJ_READ: 0xFC91F196 NDIS.sys IRP_MJ_WRITE: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_EA: 0xFC91F196 NDIS.sys IRP_MJ_SET_EA: 0xFC91F196 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC91F196 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_CLEANUP: 0xFC91F196 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC91F196 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC91F196 NDIS.sys IRP_MJ_POWER: 0xFC91F196 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC91F196 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC91F196 NDIS.sys IRP_MJ_PNP: 0xFC91F196 NDIS.sys AddDevice: 0x00000000 ServiceKeyName: NDIS \Driver\Beep<0xFCD8E5D0(13ab5d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD8E708 \SystemRoot\System32\Drivers\Beep.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0A8329A \SystemRoot\System32\Drivers\Beep.SYS DriverStartIo: 0xF0A83572 \SystemRoot\System32\Drivers\Beep.SYS DriverUnload: 0xF0A8367E \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_CREATE: 0xF0A834C0 \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A8350E \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0A83456 \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0A8339E \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Beep \Driver\V124<0xFF217E50(53cae50)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF1FEF08 \SystemRoot\System32\DRIVERS\v124nt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7BCE698 \SystemRoot\System32\DRIVERS\v124nt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7B6BA60 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_CREATE: 0xF7B6BB00 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7B6BB00 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_READ: 0xF7B6BB00 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: V124 \Driver\Raspti<0xFCD253B0(13423b0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD25548 \SystemRoot\System32\DRIVERS\raspti.sys FastIoDispatch: 0x00000000 DriverInit: 0xF079B240 \SystemRoot\System32\DRIVERS\raspti.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: Raspti \Driver\Mouclass<0xFCD4BED0(1368ed0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA3428 \SystemRoot\System32\DRIVERS\mouclass.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06F34E4 \SystemRoot\System32\DRIVERS\mouclass.sys DriverStartIo: 0xF06F0C7C \SystemRoot\System32\DRIVERS\mouclass.sys DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF06F058C \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF06F0808 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_READ: 0xF06F0A38 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF06F04F2 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF06F2466 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06F2080 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF06F04B6 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF06F2F92 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_SYSTEM_CONTROL: 0xF06F3270 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF06F1026 \SystemRoot\System32\DRIVERS\mouclass.sys AddDevice: 0xF06F2142 \SystemRoot\System32\DRIVERS\mouclass.sys ServiceKeyName: Mouclass \Driver\Diskperf<0xFCD59570(1376570)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25008 Diskperf.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09032C0 Diskperf.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0902EC2 Diskperf.sys IRP_MJ_CREATE: 0xF09023B6 Diskperf.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF09022F6 Diskperf.sys IRP_MJ_CLOSE: 0xF09022F6 Diskperf.sys IRP_MJ_READ: 0xF09023CC Diskperf.sys IRP_MJ_WRITE: 0xF09023CC Diskperf.sys IRP_MJ_QUERY_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_SET_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_QUERY_EA: 0xF09022F6 Diskperf.sys IRP_MJ_SET_EA: 0xF09022F6 Diskperf.sys IRP_MJ_FLUSH_BUFFERS: 0xF090268A Diskperf.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_DIRECTORY_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_DEVICE_CONTROL: 0xF090256E Diskperf.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_SHUTDOWN: 0xF090268A Diskperf.sys IRP_MJ_LOCK_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_CLEANUP: 0xF09022F6 Diskperf.sys IRP_MJ_CREATE_MAILSLOT: 0xF09022F6 Diskperf.sys IRP_MJ_QUERY_SECURITY: 0xF09022F6 Diskperf.sys IRP_MJ_SET_SECURITY: 0xF09022F6 Diskperf.sys IRP_MJ_POWER: 0xF0902314 Diskperf.sys IRP_MJ_SYSTEM_CONTROL: 0xF0902DCA Diskperf.sys IRP_MJ_DEVICE_CHANGE: 0xF09022F6 Diskperf.sys IRP_MJ_QUERY_QUOTA: 0xF09022F6 Diskperf.sys IRP_MJ_SET_QUOTA: 0xF09022F6 Diskperf.sys IRP_MJ_PNP: 0xF0902C26 Diskperf.sys AddDevice: 0xF0902AFA Diskperf.sys ServiceKeyName: Diskperf \Driver\Kbdclass<0xFCDC6810(13e3810)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC69E8 \SystemRoot\System32\DRIVERS\kbdclass.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06E3E64 \SystemRoot\System32\DRIVERS\kbdclass.sys DriverStartIo: 0xF06E0D58 \SystemRoot\System32\DRIVERS\kbdclass.sys DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF06E066E \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF06E08EC \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_READ: 0xF06E0B1C \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF06E05D4 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF06E28EC \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06E2380 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF06E04B6 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF06E35E2 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_SYSTEM_CONTROL: 0xF06E3BFE \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF06E1168 \SystemRoot\System32\DRIVERS\kbdclass.sys AddDevice: 0xF06E2494 \SystemRoot\System32\DRIVERS\kbdclass.sys ServiceKeyName: Kbdclass \Driver\Compbatt<0xFCD2B670(1348670)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26D68 compbatt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0815900 compbatt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0814DC0 compbatt.sys IRP_MJ_CREATE: 0xF081445C compbatt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF081445C compbatt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0814DC8 compbatt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0814930 compbatt.sys IRP_MJ_SYSTEM_CONTROL: 0xF0814476 compbatt.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0814872 compbatt.sys AddDevice: 0xF081432E compbatt.sys ServiceKeyName: Compbatt \Driver\NDProxy<0xFCD9A3D0(13b73d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD9A568 \SystemRoot\System32\Drivers\NDProxy.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0558720 \SystemRoot\System32\Drivers\NDProxy.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF0550506 \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_CREATE: 0xF0550604 \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0550604 \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF055061E \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: NDProxy \Driver\VgaSave<0xFCCC87D0(12e57d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC8A88 \SystemRoot\System32\drivers\vga.sys FastIoDispatch: 0x00000000 DriverInit: 0xF08D6C40 \SystemRoot\System32\drivers\vga.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04886C4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: VgaSave \Driver\MountMgr<0xFCDAEA30(13cba30)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25D88 MountMgr.sys FastIoDispatch: 0x00000000 DriverInit: 0xF068E160 MountMgr.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF068C622 MountMgr.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF068C622 MountMgr.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF068DEB6 MountMgr.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0688658 MountMgr.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: MountMgr \Driver\Ptilink<0xFCD25030(1342030)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD451E8 \SystemRoot\System32\DRIVERS\ptilink.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07882E0 \SystemRoot\System32\DRIVERS\ptilink.sys DriverStartIo: 0x00000000 DriverUnload: 0xF07894AC \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_CREATE: 0xF0788E1A \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07890B8 \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_READ: 0xF078930A \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_WRITE: 0xF0789298 \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0789404 \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Ptilink \Driver\SonyUSBL<0xFCD963F0(13b33f0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD96A28 \SystemRoot\System32\DRIVERS\SonyUSBL.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09122C0 \SystemRoot\System32\DRIVERS\SonyUSBL.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0912308 \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CREATE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CLOSE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_READ: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_WRITE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_EA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_EA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_FLUSH_BUFFERS: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_DIRECTORY_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_DEVICE_CONTROL: 0xF091267A \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF091267A \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SHUTDOWN: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_LOCK_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CLEANUP: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CREATE_MAILSLOT: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_SECURITY: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_SECURITY: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_POWER: 0xF0912598 \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SYSTEM_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_DEVICE_CHANGE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_QUOTA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_QUOTA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_PNP: 0xF0912442 \SystemRoot\System32\DRIVERS\SonyUSBL.sys AddDevice: 0xF0912322 \SystemRoot\System32\DRIVERS\SonyUSBL.sys ServiceKeyName: SonyUSBL \Driver\wdmaud<0xFF2507D0(7c77d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF250B88 \SystemRoot\system32\drivers\wdmaud.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7E568B8 \SystemRoot\system32\drivers\wdmaud.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7E5F56B \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_CREATE: 0xF7E5939D \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7E5883C \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF7E571A1 \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF7E58666 \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC80CA6A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC81682C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF7E5E18E \SystemRoot\system32\drivers\wdmaud.sys AddDevice: 0xF7E56920 \SystemRoot\system32\drivers\wdmaud.sys ServiceKeyName: wdmaud \Driver\ohci1394<0xFCD57590(1374590)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26E88 ohci1394.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04273E0 ohci1394.sys DriverStartIo: 0xF04215AA ohci1394.sys DriverUnload: 0xF04202C0 ohci1394.sys IRP_MJ_CREATE: 0xF0430300 \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0430300 \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0420D1A ohci1394.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF043031A \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0432EEA \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_SYSTEM_CONTROL: 0xF04276EA ohci1394.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04364C1 \WINNT\System32\DRIVERS\1394BUS.SYS AddDevice: 0xF0427426 ohci1394.sys ServiceKeyName: ohci1394 \Driver\Aspi32<0xFF26A030(f99030)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF26B1C8 \SystemRoot\System32\Drivers\Aspi32.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF80EB48A \SystemRoot\System32\Drivers\Aspi32.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF80ED8BC \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_CREATE: 0xF80EBF98 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF80EC3E4 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF80EBFB2 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF80EC3B2 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Aspi32 \Driver\SoftFax<0xFF2253F0(478b3f0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF225788 \SystemRoot\System32\DRIVERS\faxnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7D04B18 \SystemRoot\System32\DRIVERS\faxnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7CD8B10 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_CREATE: 0xF7CD8BB0 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7CD8BB0 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_READ: 0xF7CD8BB0 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: SoftFax \Driver\isapnp<0xFCD2EB70(134bb70)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F08 isapnp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0419A80 isapnp.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04140E0 isapnp.sys IRP_MJ_CREATE: 0xF0414322 isapnp.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0414322 isapnp.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04142E8 isapnp.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF041337F isapnp.sys IRP_MJ_SYSTEM_CONTROL: 0xF04142E8 isapnp.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0414262 isapnp.sys AddDevice: 0xF04140E4 isapnp.sys ServiceKeyName: isapnp \Driver\atapi<0xFCDAE730(13cb730)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25CE8 atapi.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC99B5BA atapi.sys DriverStartIo: 0xFC98EC44 atapi.sys DriverUnload: 0xFC998A00 atapi.sys IRP_MJ_CREATE: 0xFC992BFA atapi.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC992BFA atapi.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC992C10 atapi.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC98E6BE atapi.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC992C30 atapi.sys IRP_MJ_SYSTEM_CONTROL: 0xFC998984 atapi.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC998956 atapi.sys AddDevice: 0xFC996D76 atapi.sys ServiceKeyName: atapi \Driver\E100B<0xFCD28390(1345390)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD284C8 \SystemRoot\System32\DRIVERS\e100bnt5.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC89B7B8 \SystemRoot\System32\DRIVERS\e100bnt5.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: E100B \Driver\K56<0xFF250D50(7c7d50)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF253708 \SystemRoot\System32\DRIVERS\k56nt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7E4F498 \SystemRoot\System32\DRIVERS\k56nt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7DFB560 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_CREATE: 0xF7DFB600 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7DFB600 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_READ: 0xF7DFB600 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: K56 \Driver\dmio<0xFCD59470(1376470)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25FA8 dmio.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9A0824 dmio.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC9A0D18 dmio.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC9A0DCC dmio.sys IRP_MJ_READ: 0xFC9A0E4C dmio.sys IRP_MJ_WRITE: 0xFC9A0EA6 dmio.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC9A14C6 dmio.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC9A0F90 dmio.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9A1F3E dmio.sys IRP_MJ_SHUTDOWN: 0xFC9A14C6 dmio.sys IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC9A1ED0 dmio.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC9A18FC dmio.sys AddDevice: 0xFC9A1814 dmio.sys ServiceKeyName: dmio \Driver\USBSTOR<0xFCD31910(134e910)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD97DA8 \SystemRoot\System32\DRIVERS\USBSTOR.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF07D9CA0 \SystemRoot\System32\DRIVERS\USBSTOR.SYS DriverStartIo: 0xF07D86AE \SystemRoot\System32\DRIVERS\USBSTOR.SYS DriverUnload: 0xF07D9D06 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_CREATE: 0xF07DBF08 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07DBF08 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_READ: 0xF07DBF22 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_WRITE: 0xF07DBF22 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF07DB486 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF07D8422 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF07D9E40 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_SYSTEM_CONTROL: 0xF07D9F2C \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF07D9F70 \SystemRoot\System32\DRIVERS\USBSTOR.SYS AddDevice: 0xF07D9D0A \SystemRoot\System32\DRIVERS\USBSTOR.SYS ServiceKeyName: USBSTOR \Driver\RasAcd<0xFCD8DBD0(13aabd0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD8DD68 \SystemRoot\System32\DRIVERS\rasacd.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0923493 \SystemRoot\System32\DRIVERS\rasacd.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CLOSE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_READ: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_WRITE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_EA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_EA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_FLUSH_BUFFERS: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_DIRECTORY_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_DEVICE_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SHUTDOWN: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_LOCK_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CLEANUP: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CREATE_MAILSLOT: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_SECURITY: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_SECURITY: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_POWER: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SYSTEM_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_DEVICE_CHANGE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_QUOTA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_QUOTA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: RasAcd \Driver\DFRWSDRV2005<0xFF25C490(1982490)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25C7E8 \??\c:\winnt\system32\dfrwsdrv.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0A74718 \??\c:\winnt\system32\dfrwsdrv.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0A74692 \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_CREATE: 0xF0A7440A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A7440A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_READ: 0xF0A7440A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_WRITE: 0xF0A7440A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0A74424 \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: DFRWSDRV2005 \Driver\uhcd<0xFCD47B10(1364b10)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD47EE8 \SystemRoot\System32\DRIVERS\uhcd.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07302E0 \SystemRoot\System32\DRIVERS\uhcd.sys DriverStartIo: 0xF0731A22 \SystemRoot\System32\DRIVERS\uhcd.sys DriverUnload: 0xF07306FE \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_CREATE: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_SYSTEM_CONTROL: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys AddDevice: 0xF0730702 \SystemRoot\System32\DRIVERS\uhcd.sys ServiceKeyName: uhcd \Driver\audstub<0xFCDC0750(13dd750)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC08E8 \SystemRoot\System32\DRIVERS\audstub.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0A45500 \SystemRoot\System32\DRIVERS\audstub.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0A454C8 \SystemRoot\System32\DRIVERS\audstub.sys IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0A4542E \SystemRoot\System32\DRIVERS\audstub.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0A453B4 \SystemRoot\System32\DRIVERS\audstub.sys AddDevice: 0xF0A45360 \SystemRoot\System32\DRIVERS\audstub.sys ServiceKeyName: audstub \Driver\Win32k<0xFCA2E430(104b430)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0xA000A8ED \??\C:\WINNT\system32\win32k.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: \Driver\Win32k \Driver\winachsf<0xFCDC17D0(13de7d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC1948 \SystemRoot\System32\DRIVERS\winachsf.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC77AFC0 \SystemRoot\System32\DRIVERS\winachsf.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC776EFC \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_CREATE: 0xFC775890 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC775DBA \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_READ: 0xFC77608A \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_WRITE: 0xFC77611A \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_QUERY_INFORMATION: 0xFC775FF6 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_SET_INFORMATION: 0xFC77605C \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC776174 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC7761B4 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC77A636 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xFC775F42 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC77988E \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC77914A \SystemRoot\System32\DRIVERS\winachsf.sys AddDevice: 0xFC7787D4 \SystemRoot\System32\DRIVERS\winachsf.sys ServiceKeyName: winachsf \Driver\swenum<0xFCD44750(1361750)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD448E8 \SystemRoot\System32\DRIVERS\swenum.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0A486A0 \SystemRoot\System32\DRIVERS\swenum.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0A482C0 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_CREATE: 0xF0A485A2 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A4865C \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0A48606 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0A482E0 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_SYSTEM_CONTROL: 0xF0A482C4 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0A484E2 \SystemRoot\System32\DRIVERS\swenum.sys AddDevice: 0xF0A48476 \SystemRoot\System32\DRIVERS\swenum.sys ServiceKeyName: swenum \Driver\usbhub<0xFCDB0110(13cd110)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD3C4E8 \SystemRoot\System32\DRIVERS\usbhub.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0540372 \SystemRoot\System32\DRIVERS\usbhub.sys DriverStartIo: 0x00000000 DriverUnload: 0xF05406B4 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_CREATE: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_SYSTEM_CONTROL: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys AddDevice: 0xF0541168 \SystemRoot\System32\DRIVERS\usbhub.sys ServiceKeyName: usbhub \Driver\Update<0xFCD24B70(1341b70)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD24D08 \SystemRoot\System32\DRIVERS\update.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC6FCE60 \SystemRoot\System32\DRIVERS\update.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC6E4D36 \SystemRoot\System32\DRIVERS\update.sys IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC6E4C3A \SystemRoot\System32\DRIVERS\update.sys IRP_MJ_SYSTEM_CONTROL: 0xFC6E4D0A \SystemRoot\System32\DRIVERS\update.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC6E45E0 \SystemRoot\System32\DRIVERS\update.sys AddDevice: 0xFC6E4677 \SystemRoot\System32\DRIVERS\update.sys ServiceKeyName: Update \Driver\Ftdisk<0xFCD59C90(1376c90)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27D28 ftdisk.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9D91D8 ftdisk.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9CB450 ftdisk.sys IRP_MJ_CREATE: 0xFC9C04D4 ftdisk.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0xFC9C0A2E ftdisk.sys IRP_MJ_WRITE: 0xFC9C0A2E ftdisk.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC9C0D7A ftdisk.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC9C9FB2 ftdisk.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9C86B4 ftdisk.sys IRP_MJ_SHUTDOWN: 0xFC9C0D7A ftdisk.sys IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xFC9C105A ftdisk.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC9C0784 ftdisk.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC9CB45E ftdisk.sys AddDevice: 0x00000000 ServiceKeyName: Ftdisk \Driver\smwdm<0xFCDC2AF0(13dfaf0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD471E8 \SystemRoot\system32\drivers\smwdm.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC88BE78 \SystemRoot\system32\drivers\smwdm.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC83908D \SystemRoot\system32\drivers\portcls.sys IRP_MJ_CREATE: 0xFC88B5C4 \SystemRoot\system32\drivers\smwdm.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC88B5C4 \SystemRoot\system32\drivers\smwdm.sys IRP_MJ_READ: 0xFC8172F6 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_WRITE: 0xFC81733C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC817382 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC88B538 \SystemRoot\system32\drivers\smwdm.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0xFC81829A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SET_SECURITY: 0xFC8182C4 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_POWER: 0xFC8421F6 \SystemRoot\system32\drivers\portcls.sys IRP_MJ_SYSTEM_CONTROL: 0xFC83FA6A \SystemRoot\system32\drivers\portcls.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC83CC7C \SystemRoot\system32\drivers\portcls.sys AddDevice: 0xFC88C000 \SystemRoot\system32\drivers\smwdm.sys ServiceKeyName: smwdm \Driver\Modem<0xFCDC1410(13de410)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC1548 \SystemRoot\System32\Drivers\Modem.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF076D6EA \SystemRoot\System32\Drivers\Modem.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF0769320 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_CREATE: 0xF076A0D6 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF076A15C \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_READ: 0xF076C106 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_WRITE: 0xF076C070 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_QUERY_INFORMATION: 0xF076AC20 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_SET_INFORMATION: 0xF076AC20 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF076AC20 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF076AE08 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF076BF6A \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF076925E \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_SYSTEM_CONTROL: 0xF076A996 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0769563 \SystemRoot\System32\Drivers\Modem.SYS AddDevice: 0xF0769336 \SystemRoot\System32\Drivers\Modem.SYS ServiceKeyName: Modem \Driver\sysaudio<0xFF24AE50(3bde50)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24E528 \SystemRoot\system32\drivers\sysaudio.sys FastIoDispatch: 0x00000000 DriverInit: 0xF805D340 \SystemRoot\system32\drivers\sysaudio.sys DriverStartIo: 0x00000000 DriverUnload: 0xF805B084 \SystemRoot\system32\drivers\sysaudio.sys IRP_MJ_CREATE: 0xFC817186 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC81739E \SystemRoot\system32\drivers\KS.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0xFC81733C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC818272 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC80CA6A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC81682C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF805A2A8 \SystemRoot\system32\drivers\sysaudio.sys AddDevice: 0xF8056C45 \SystemRoot\system32\drivers\sysaudio.sys ServiceKeyName: sysaudio \Driver\Fdc<0xFCD48690(1365690)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD48828 \SystemRoot\System32\DRIVERS\fdc.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0724F30 \SystemRoot\System32\DRIVERS\fdc.sys DriverStartIo: 0xF0722C6E \SystemRoot\System32\DRIVERS\fdc.sys DriverUnload: 0xF07202E0 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_CREATE: 0xF0722518 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0722518 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0722534 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0722572 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0720BA2 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0720408 \SystemRoot\System32\DRIVERS\fdc.sys AddDevice: 0xF07202F8 \SystemRoot\System32\DRIVERS\fdc.sys ServiceKeyName: Fdc \Driver\Rasl2tp<0xFCD46770(1363770)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD46908 \SystemRoot\System32\DRIVERS\rasl2tp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04EB2A0 \SystemRoot\System32\DRIVERS\rasl2tp.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: Rasl2tp \Driver\AmosNT<0xFF26B510(250510)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF26B6E8 \SystemRoot\System32\DRIVERS\amosnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7FAAD78 \SystemRoot\System32\DRIVERS\amosnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7F8C010 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_CREATE: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_READ: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_WRITE: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: AmosNT \Driver\Ich<0xFF24E930(7d47930)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24ED08 \SystemRoot\System32\DRIVERS\Ich.sys FastIoDispatch: 0x00000000 DriverInit: 0xF806F638 \SystemRoot\System32\DRIVERS\Ich.sys DriverStartIo: 0x00000000 DriverUnload: 0xF8063420 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_CREATE: 0xF80634C0 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF80634C0 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_READ: 0xF80634C0 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Ich \Driver\ACPIEC<0xFCDA77D0(13c47d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25E88 ACPIEC.sys FastIoDispatch: 0x00000000 DriverInit: 0xF081A280 ACPIEC.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0819B97 ACPIEC.sys IRP_MJ_CREATE: 0xF0819C78 ACPIEC.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0819C78 ACPIEC.sys IRP_MJ_READ: 0xF08182E0 ACPIEC.sys IRP_MJ_WRITE: 0xF08182E0 ACPIEC.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF08183FE ACPIEC.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0819CBE ACPIEC.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF08183BA ACPIEC.sys IRP_MJ_SYSTEM_CONTROL: 0xF08183FE ACPIEC.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF081899A ACPIEC.sys AddDevice: 0xF0818633 ACPIEC.sys ServiceKeyName: ACPIEC \Driver\ParVdm<0xFF275030(dbd030)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF26C9C8 \SystemRoot\System32\Drivers\ParVdm.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF094A900 \SystemRoot\System32\Drivers\ParVdm.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF094A712 \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_CREATE: 0xF094A4E8 \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF094A58A \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF094A63E \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: ParVdm \Driver\Fallback<0xFF2527B0(7c87b0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25E848 \SystemRoot\System32\DRIVERS\fallback.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7EBF958 \SystemRoot\System32\DRIVERS\fallback.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7E81070 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_CREATE: 0xF7E81110 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7E81110 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_READ: 0xF7E81110 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Fallback \Driver\ACPI_HAL<0xFCDF4B30(1411b30)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0x8006CEFE \WINNT\System32\hal.dll DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x8006A876 \WINNT\System32\hal.dll IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x8006D016 \WINNT\System32\hal.dll AddDevice: 0x8006CF5A \WINNT\System32\hal.dll ServiceKeyName: \Driver\ACPI_HAL \Driver\serenum<0xFCD49B50(1366b50)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD49D88 \SystemRoot\System32\DRIVERS\serenum.sys FastIoDispatch: 0x00000000 DriverInit: 0xF089E9C0 \SystemRoot\System32\DRIVERS\serenum.sys DriverStartIo: 0x00000000 DriverUnload: 0xF089D606 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CREATE: 0xF089C4EA \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CLOSE: 0xF089C4EA \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_READ: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_WRITE: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_EA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_EA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_FLUSH_BUFFERS: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_DIRECTORY_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_DEVICE_CONTROL: 0xF089C608 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF089C75C \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SHUTDOWN: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_LOCK_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CLEANUP: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CREATE_MAILSLOT: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_SECURITY: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_SECURITY: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_POWER: 0xF089C8D8 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SYSTEM_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_DEVICE_CHANGE: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_QUOTA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_QUOTA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_PNP: 0xF089CDF4 \SystemRoot\System32\DRIVERS\serenum.sys AddDevice: 0xF089CC80 \SystemRoot\System32\DRIVERS\serenum.sys ServiceKeyName: serenum \Driver\PptpMiniport<0xFCD45C10(1362c10)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD45FA8 \SystemRoot\System32\DRIVERS\raspptp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04FA6C0 \SystemRoot\System32\DRIVERS\raspptp.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: PptpMiniport \Driver\NetBT<0xFCD8B470(13a8470)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC8EFA8 \SystemRoot\System32\DRIVERS\netbt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF82E3F2E \SystemRoot\System32\DRIVERS\netbt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF82DFF34 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_CREATE: 0xF82DCE74 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF82DD552 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF82DD5DB \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82C58FD \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF82DD298 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF82CBE01 \SystemRoot\System32\DRIVERS\netbt.sys AddDevice: 0x00000000 ServiceKeyName: NetBT \Driver\PCIIde<0xFCDABDD0(13c8dd0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27F48 PCIIde.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09C92C0 PCIIde.sys DriverStartIo: 0x00000000 DriverUnload: 0xF06841A4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06840D4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0680886 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0684088 \WINNT\System32\Drivers\PCIIDEX.SYS AddDevice: 0xF0681BB2 \WINNT\System32\Drivers\PCIIDEX.SYS ServiceKeyName: PCIIde \Driver\va16w2<0xFCD29210(1346210)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25B48 va16w2.sys FastIoDispatch: 0x00000000 DriverInit: 0xF069B246 va16w2.sys DriverStartIo: 0xFC9785E0 \WINNT\System32\DRIVERS\SCSIPORT.SYS DriverUnload: 0xFC982396 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS AddDevice: 0xFC98232C \WINNT\System32\DRIVERS\SCSIPORT.SYS ServiceKeyName: va16w2 \Driver\Cdrom<0xFCD28030(1345030)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC7308 \SystemRoot\System32\DRIVERS\cdrom.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06D5980 \SystemRoot\System32\DRIVERS\cdrom.sys DriverStartIo: 0xF0452BAF \WINNT\System32\DRIVERS\CLASSPNP.SYS DriverUnload: 0xF0454A1C \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_READ: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_WRITE: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04520DB \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0452A77 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SHUTDOWN: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF045331D \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SYSTEM_CONTROL: 0xF0456152 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0454AA3 \WINNT\System32\DRIVERS\CLASSPNP.SYS AddDevice: 0xF0454A52 \WINNT\System32\DRIVERS\CLASSPNP.SYS ServiceKeyName: Cdrom \Driver\Tones<0xFF24D170(766170)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24DAC8 \SystemRoot\System32\DRIVERS\tonesnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF80ADEB8 \SystemRoot\System32\DRIVERS\tonesnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF80A3E00 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_CREATE: 0xF80A3EA0 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF80A3EA0 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_READ: 0xF80A3EA0 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Tones \Driver\Pcmcia<0xFCD59D90(1376d90)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27DA8 pcmcia.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9F4A1C pcmcia.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9F12B6 pcmcia.sys IRP_MJ_CREATE: 0xFC9DD946 pcmcia.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC9DD946 pcmcia.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC9DD946 pcmcia.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0xFC9DD946 pcmcia.sys IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xFC9DD946 pcmcia.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC9DD946 pcmcia.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9DD946 pcmcia.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC9DD946 pcmcia.sys AddDevice: 0xFC9F0D32 pcmcia.sys ServiceKeyName: Pcmcia \Driver\va32w2<0xFCD29450(1346450)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25C68 va32w2.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0693FCE va32w2.sys DriverStartIo: 0xFC9785E0 \WINNT\System32\DRIVERS\SCSIPORT.SYS DriverUnload: 0xFC982396 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS AddDevice: 0xFC98232C \WINNT\System32\DRIVERS\SCSIPORT.SYS ServiceKeyName: va32w2 \Driver\SNC<0xFCD4A590(1367590)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD4A728 \SystemRoot\System32\Drivers\SonyNC.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06FBE72 \SystemRoot\System32\Drivers\SonyNC.sys DriverStartIo: 0xF06F8CF5 \SystemRoot\System32\Drivers\SonyNC.sys DriverUnload: 0xF06F8CAE \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_CREATE: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_READ: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_WRITE: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys AddDevice: 0xF06F8D08 \SystemRoot\System32\Drivers\SonyNC.sys ServiceKeyName: SNC \Driver\kmixer<0xFF227030(4ff5030)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF226168 \SystemRoot\system32\drivers\kmixer.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7D181B3 \SystemRoot\system32\drivers\kmixer.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7D1A049 \SystemRoot\system32\drivers\kmixer.sys IRP_MJ_CREATE: 0xFC817186 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC81739E \SystemRoot\system32\drivers\KS.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0xFC81733C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC818272 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC80CA6A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC81682C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF7D1475A \SystemRoot\system32\drivers\kmixer.sys AddDevice: 0xF7D18531 \SystemRoot\system32\drivers\kmixer.sys ServiceKeyName: kmixer \Driver\mnmdd<0xFCCC7210(12e4210)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC73A8 \SystemRoot\System32\Drivers\mnmdd.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0A8B3A0 \SystemRoot\System32\Drivers\mnmdd.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF04886C4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: mnmdd \Driver\Tcpip<0xFCCC5E10(12e2e10)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC5FA8 \SystemRoot\System32\DRIVERS\tcpip.sys FastIoDispatch: 0x00000000 DriverInit: 0xF832E4CA \SystemRoot\System32\DRIVERS\tcpip.sys DriverStartIo: 0x00000000 DriverUnload: 0xF831B604 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CREATE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CLOSE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_READ: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_WRITE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_EA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_EA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_FLUSH_BUFFERS: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_DIRECTORY_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_DEVICE_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82E997F \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SHUTDOWN: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_LOCK_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CLEANUP: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CREATE_MAILSLOT: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_SECURITY: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_SECURITY: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_POWER: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SYSTEM_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_DEVICE_CHANGE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_QUOTA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_QUOTA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_PNP: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys AddDevice: 0x00000000 ServiceKeyName: Tcpip \Driver\Wanarp<0xFCC8D6F0(12aa6f0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC8D848 \SystemRoot\System32\DRIVERS\wanarp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06B6266 \SystemRoot\System32\DRIVERS\wanarp.sys DriverStartIo: 0x00000000 DriverUnload: 0xF06B5C96 \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CREATE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CLOSE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_READ: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_WRITE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_EA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_EA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_FLUSH_BUFFERS: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_DIRECTORY_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_DEVICE_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SHUTDOWN: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_LOCK_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CLEANUP: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CREATE_MAILSLOT: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_SECURITY: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_SECURITY: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_POWER: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SYSTEM_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_DEVICE_CHANGE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_QUOTA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_QUOTA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_PNP: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys AddDevice: 0x00000000 ServiceKeyName: Wanarp \Driver\PxHelper<0xFCDC7710(13e4710)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC7928 \??\C:\WINNT\System32\drivers\PxHelper.sys FastIoDispatch: 0x00000000 DriverInit: 0xF087D3D8 \??\C:\WINNT\System32\drivers\PxHelper.sys DriverStartIo: 0x00000000 DriverUnload: 0xF087CA2C \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CREATE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CLOSE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_READ: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_WRITE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_EA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_EA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_FLUSH_BUFFERS: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_DIRECTORY_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_DEVICE_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SHUTDOWN: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_LOCK_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CLEANUP: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CREATE_MAILSLOT: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_SECURITY: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_SECURITY: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_POWER: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SYSTEM_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_DEVICE_CHANGE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_QUOTA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_QUOTA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_PNP: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys AddDevice: 0xF087CA30 \??\C:\WINNT\System32\drivers\PxHelper.sys ServiceKeyName: PxHelper \Driver\biosview<0xFCCC94B0(12e64b0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC93C8 \SystemRoot\system32\drivers\biosview.sys FastIoDispatch: 0x00000000 DriverInit: 0xF091A2E2 \SystemRoot\system32\drivers\biosview.sys DriverStartIo: 0x00000000 DriverUnload: 0xF091A458 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_CREATE: 0xF091A3E6 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF091A3E6 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF091A3E6 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: biosview \Driver\Rksample<0xFCDC1C10(13dec10)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC1D88 \SystemRoot\System32\DRIVERS\rksample.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04DBE18 \SystemRoot\System32\DRIVERS\rksample.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04D0E50 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_CREATE: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_READ: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys AddDevice: 0xF04D0EF0 \SystemRoot\System32\DRIVERS\rksample.sys ServiceKeyName: Rksample \Driver\Null<0xFCD8E9D0(13ab9d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC8548 \SystemRoot\System32\Drivers\Null.SYS FastIoDispatch: 0xFCCC9928 DriverInit: 0xF0A7F47A \SystemRoot\System32\Drivers\Null.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF0A7F360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A7F360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_READ: 0xF0A7F360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_WRITE: 0xF0A7F360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_QUERY_INFORMATION: 0xF0A7F360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0xF0A7F360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Null \Driver\PCI<0xFCE03950(1420950)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys FastIoDispatch: 0x00000000 DriverInit: 0xF040BA88 pci.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04073A6 pci.sys IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0400D84 pci.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0400D84 pci.sys IRP_MJ_SYSTEM_CONTROL: 0xF0400D84 pci.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0400D84 pci.sys AddDevice: 0xF0406B90 pci.sys ServiceKeyName: PCI \Driver\sbp2port<0xFCD2D470(134a470)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25F28 sbp2port.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0446480 sbp2port.sys DriverStartIo: 0xF0444B4E sbp2port.sys DriverUnload: 0xF0440AB6 sbp2port.sys IRP_MJ_CREATE: 0xF0446DB6 sbp2port.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0446DB6 sbp2port.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0446D32 sbp2port.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04448A8 sbp2port.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0441758 sbp2port.sys IRP_MJ_SYSTEM_CONTROL: 0xF044753C sbp2port.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0440F20 sbp2port.sys AddDevice: 0xF04464D8 sbp2port.sys ServiceKeyName: sbp2port \Driver\Disk<0xFCDA6030(13c3030)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06A5120 disk.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0454A1C \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_READ: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_WRITE: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04520DB \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0452A77 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SHUTDOWN: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF045331D \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SYSTEM_CONTROL: 0xF0456152 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0454AA3 \WINNT\System32\DRIVERS\CLASSPNP.SYS AddDevice: 0xF0454A52 \WINNT\System32\DRIVERS\CLASSPNP.SYS ServiceKeyName: Disk \Driver\IPSEC<0xFF1E7D70(1c86d70)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA5588 \SystemRoot\System32\DRIVERS\ipsec.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7B0DCE6 \SystemRoot\System32\DRIVERS\ipsec.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7AFB30A \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_CREATE: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: IPSEC \Driver\NdisWan<0xFCDBFAB0(13dcab0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBFC48 \SystemRoot\System32\DRIVERS\ndiswan.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC711180 \SystemRoot\System32\DRIVERS\ndiswan.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: NdisWan \Driver\NdisTapi<0xFCD461B0(13631b0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD46348 \SystemRoot\System32\DRIVERS\ndistapi.sys FastIoDispatch: 0x00000000 DriverInit: 0xF08A96E2 \SystemRoot\System32\DRIVERS\ndistapi.sys DriverStartIo: 0x00000000 DriverUnload: 0xF08A8BD8 \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_CREATE: 0xF08A84DA \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF08A84DA \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF08A84DA \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF08A8376 \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: NdisTapi \Driver\PartMgr<0xFCDAEB30(13cbb30)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25E08 PartMgr.sys FastIoDispatch: 0x00000000 DriverInit: 0xF081E040 PartMgr.sys DriverStartIo: 0x00000000 DriverUnload: 0xF081C3BE PartMgr.sys IRP_MJ_CREATE: 0xF081CC80 PartMgr.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF081C2C0 PartMgr.sys IRP_MJ_CLOSE: 0xF081CC80 PartMgr.sys IRP_MJ_READ: 0xF081C2C0 PartMgr.sys IRP_MJ_WRITE: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_EA: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_EA: 0xF081C2C0 PartMgr.sys IRP_MJ_FLUSH_BUFFERS: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_DIRECTORY_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_DEVICE_CONTROL: 0xF081DB90 PartMgr.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_SHUTDOWN: 0xF081C2C0 PartMgr.sys IRP_MJ_LOCK_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_CLEANUP: 0xF081C2C0 PartMgr.sys IRP_MJ_CREATE_MAILSLOT: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_SECURITY: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_SECURITY: 0xF081C2C0 PartMgr.sys IRP_MJ_POWER: 0xF081C396 PartMgr.sys IRP_MJ_SYSTEM_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_DEVICE_CHANGE: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_QUOTA: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_QUOTA: 0xF081C2C0 PartMgr.sys IRP_MJ_PNP: 0xF081CD20 PartMgr.sys AddDevice: 0xF081CEFA PartMgr.sys ServiceKeyName: PartMgr \Driver\Serial<0xFCD49E70(1366e70)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD4A0E8 \SystemRoot\System32\DRIVERS\serial.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04CA300 \SystemRoot\System32\DRIVERS\serial.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04C5257 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_CREATE: 0xF04C4983 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04C7A49 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_READ: 0xF04C754A \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_WRITE: 0xF04C9D1B \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_QUERY_INFORMATION: 0xF04C4748 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_SET_INFORMATION: 0xF04C573A \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04C4BDB \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04C6F30 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04C6BF5 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF04C7C41 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF04C48DD \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_SYSTEM_CONTROL: 0xF04C2800 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04C2872 \SystemRoot\System32\DRIVERS\serial.sys AddDevice: 0xF04C435C \SystemRoot\System32\DRIVERS\serial.sys ServiceKeyName: Serial \Driver\Gpc<0xFCD6EF30(138bf30)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC90C68 \SystemRoot\System32\DRIVERS\msgpc.sys FastIoDispatch: 0x00000000 DriverInit: 0xF05702E0 \SystemRoot\System32\DRIVERS\msgpc.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CLOSE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_READ: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_WRITE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_EA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_EA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_FLUSH_BUFFERS: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_DIRECTORY_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_DEVICE_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SHUTDOWN: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_LOCK_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CLEANUP: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CREATE_MAILSLOT: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_SECURITY: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_SECURITY: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_POWER: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SYSTEM_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_DEVICE_CHANGE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_QUOTA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_QUOTA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_PNP: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys AddDevice: 0x00000000 ServiceKeyName: Gpc \Driver\ACPI<0xFCDF3030(1410030)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys FastIoDispatch: 0xFCA11560 ACPI.sys DriverInit: 0xFCA1C10B ACPI.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9FE758 ACPI.sys IRP_MJ_CREATE: 0xFC9FE52C ACPI.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC9FE52C ACPI.sys IRP_MJ_CLOSE: 0xFC9FE52C ACPI.sys IRP_MJ_READ: 0xFC9FE52C ACPI.sys IRP_MJ_WRITE: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_SET_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_EA: 0xFC9FE52C ACPI.sys IRP_MJ_SET_EA: 0xFC9FE52C ACPI.sys IRP_MJ_FLUSH_BUFFERS: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_DEVICE_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_SHUTDOWN: 0xFC9FE52C ACPI.sys IRP_MJ_LOCK_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_CLEANUP: 0xFC9FE52C ACPI.sys IRP_MJ_CREATE_MAILSLOT: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_SECURITY: 0xFC9FE52C ACPI.sys IRP_MJ_SET_SECURITY: 0xFC9FE52C ACPI.sys IRP_MJ_POWER: 0xFC9FE52C ACPI.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_DEVICE_CHANGE: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_QUOTA: 0xFC9FE52C ACPI.sys IRP_MJ_SET_QUOTA: 0xFC9FE52C ACPI.sys IRP_MJ_PNP: 0xFC9FE52C ACPI.sys AddDevice: 0xFC9FE1FB ACPI.sys ServiceKeyName: ACPI \Driver\PnpManager<0xFCE18EF0(1435ef0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0x80551D98 \WINNT\System32\ntoskrnl.exe DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x8042890A \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x804E210C \WINNT\System32\ntoskrnl.exe AddDevice: 0x8051DE5C \WINNT\System32\ntoskrnl.exe ServiceKeyName: \Driver\PnpManager \Driver\Parallel<0xFCDBE630(13db630)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBE808 \SystemRoot\System32\DRIVERS\parallel.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0502BBE \SystemRoot\System32\DRIVERS\parallel.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0502CFA \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_CREATE: 0xF0503B08 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0503CB4 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_READ: 0xF05093EC \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_WRITE: 0xF05093EC \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_QUERY_INFORMATION: 0xF0504B48 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_SET_INFORMATION: 0xF0504BE4 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0502D5C \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0503106 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0503C30 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0508876 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_SYSTEM_CONTROL: 0xF050CF24 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0507612 \SystemRoot\System32\DRIVERS\parallel.sys AddDevice: 0xF0507EC4 \SystemRoot\System32\DRIVERS\parallel.sys ServiceKeyName: Parallel \Driver\Flpydisk<0xFCD9E330(13bb330)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDB03A8 \SystemRoot\System32\DRIVERS\flpydisk.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07CBBA0 \SystemRoot\System32\DRIVERS\flpydisk.sys DriverStartIo: 0x00000000 DriverUnload: 0xF07C82E0 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_CREATE: 0xF07C93B8 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07C93B8 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_READ: 0xF07C9CCE \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_WRITE: 0xF07C9CCE \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF07C9466 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF07C9BEE \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF07C991C \SystemRoot\System32\DRIVERS\flpydisk.sys AddDevice: 0xF07C900C \SystemRoot\System32\DRIVERS\flpydisk.sys ServiceKeyName: Flpydisk \Driver\i81x<0xFCDC7D30(13e4d30)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA42A8 \SystemRoot\System32\DRIVERS\i81xnt5.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC8B22E0 \SystemRoot\System32\DRIVERS\i81xnt5.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04886C4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0485F98 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF048572C \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS AddDevice: 0xF04886F4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS ServiceKeyName: i81x \Driver\AFD<0xFF27F8D0(a068d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF282F68 \SystemRoot\System32\drivers\afd.sys FastIoDispatch: 0xF7FFFC30 \SystemRoot\System32\drivers\afd.sys DriverInit: 0xF801784A \SystemRoot\System32\drivers\afd.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CLOSE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_READ: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_WRITE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_EA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_EA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_FLUSH_BUFFERS: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_DIRECTORY_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_DEVICE_CONTROL: 0xF80002D6 \SystemRoot\System32\drivers\afd.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SHUTDOWN: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_LOCK_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CLEANUP: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CREATE_MAILSLOT: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_SECURITY: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_SECURITY: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_POWER: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SYSTEM_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_DEVICE_CHANGE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_QUOTA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_QUOTA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_PNP: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys AddDevice: 0x00000000 ServiceKeyName: AFD \Driver\Fsks<0xFF253E10(651e10)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF251A08 \SystemRoot\System32\DRIVERS\fsksnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7E7A938 \SystemRoot\System32\DRIVERS\fsksnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7E68560 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_CREATE: 0xF7E68600 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7E68600 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_READ: 0xF7E68600 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Fsks \Driver\Parport<0xFCD48D50(1365d50)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD48EE8 \SystemRoot\System32\DRIVERS\parport.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07104A2 \SystemRoot\System32\DRIVERS\parport.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0710572 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_CREATE: 0xF0710EF0 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0710F66 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0710850 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF07102E0 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF071334A \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_SYSTEM_CONTROL: 0xF0714B86 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0712914 \SystemRoot\System32\DRIVERS\parport.sys AddDevice: 0xF071289A \SystemRoot\System32\DRIVERS\parport.sys ServiceKeyName: Parport \Driver\IntelIde<0xFCDCB0F0(13e80f0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27E48 intelide.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09CA2C0 intelide.sys DriverStartIo: 0x00000000 DriverUnload: 0xF06841A4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06840D4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0680886 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0684088 \WINNT\System32\Drivers\PCIIDEX.SYS AddDevice: 0xF0681BB2 \WINNT\System32\Drivers\PCIIDEX.SYS ServiceKeyName: IntelIde \Driver\ApfiltrService<0xFCDA35B0(13c05b0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA3748 \SystemRoot\System32\DRIVERS\Apfiltr.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04A8F80 \SystemRoot\System32\DRIVERS\Apfiltr.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04A8F74 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CREATE: 0xF04A7C76 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CLOSE: 0xF04A7C76 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_READ: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_WRITE: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_EA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_EA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_FLUSH_BUFFERS: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_DIRECTORY_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_DEVICE_CONTROL: 0xF04A7DA6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04A8B5A \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SHUTDOWN: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_LOCK_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CLEANUP: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CREATE_MAILSLOT: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_SECURITY: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_SECURITY: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_POWER: 0xF04A8EFA \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SYSTEM_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_DEVICE_CHANGE: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_QUOTA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_QUOTA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_PNP: 0xF04A8D82 \SystemRoot\System32\DRIVERS\Apfiltr.sys AddDevice: 0xF04A7B20 \SystemRoot\System32\DRIVERS\Apfiltr.sys ServiceKeyName: ApfiltrService \Driver\CmBatt<0xFCD27BD0(1344bd0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD27D68 \SystemRoot\System32\DRIVERS\CmBatt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF088DBA0 \SystemRoot\System32\DRIVERS\CmBatt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF088D340 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_CREATE: 0xF088D344 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF088D344 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF088D3AA \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF088D060 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_SYSTEM_CONTROL: 0xF088D0A4 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF088CE78 \SystemRoot\System32\DRIVERS\CmBatt.sys AddDevice: 0xF088CA18 \SystemRoot\System32\DRIVERS\CmBatt.sys ServiceKeyName: CmBatt \Driver\SPI<0xFCD4ADD0(1367dd0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD4AF68 \SystemRoot\System32\Drivers\SonyPI.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04B785C \SystemRoot\System32\Drivers\SonyPI.sys DriverStartIo: 0xF04B0EBD \SystemRoot\System32\Drivers\SonyPI.sys DriverUnload: 0xF04B6720 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_CREATE: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_READ: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_WRITE: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys AddDevice: 0xF04B0ED3 \SystemRoot\System32\Drivers\SonyPI.sys ServiceKeyName: SPI \Driver\iLINKnet<0xFCDBED10(13dbd10)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBEE88 \SystemRoot\System32\DRIVERS\SonyiNet.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07A8414 \SystemRoot\System32\DRIVERS\SonyiNet.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: iLINKnet \Driver\i8042prt<0xFCDC6C90(13e3c90)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC6E68 \SystemRoot\System32\DRIVERS\i8042prt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0498000 \SystemRoot\System32\DRIVERS\i8042prt.sys DriverStartIo: 0xF04906D6 \SystemRoot\System32\DRIVERS\i8042prt.sys DriverUnload: 0xF0495091 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_CREATE: 0xF0493295 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0494F3F \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF0491583 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0494F68 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0490300 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0496695 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_SYSTEM_CONTROL: 0xF04932DA \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0493120 \SystemRoot\System32\DRIVERS\i8042prt.sys AddDevice: 0xF0494E5C \SystemRoot\System32\DRIVERS\i8042prt.sys ServiceKeyName: i8042prt \FileSystem\NetBIOS<0xFCD6CF30(1389f30)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD6C348 \SystemRoot\System32\DRIVERS\netbios.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0586E20 \SystemRoot\System32\DRIVERS\netbios.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0581676 \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_CREATE: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: NetBIOS \FileSystem\Fastfat<0xFCD4E470(136b470)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE259A8 Fastfat.sys FastIoDispatch: 0xFC957220 Fastfat.sys DriverInit: 0xFC972806 Fastfat.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC95805E Fastfat.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC958DDA Fastfat.sys IRP_MJ_READ: 0xFC9542E0 Fastfat.sys IRP_MJ_WRITE: 0xFC954482 Fastfat.sys IRP_MJ_QUERY_INFORMATION: 0xFC95DA34 Fastfat.sys IRP_MJ_SET_INFORMATION: 0xFC960D30 Fastfat.sys IRP_MJ_QUERY_EA: 0xFC9683AC Fastfat.sys IRP_MJ_SET_EA: 0xFC96845C Fastfat.sys IRP_MJ_FLUSH_BUFFERS: 0xFC963082 Fastfat.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC9637BE Fastfat.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC972264 Fastfat.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC957EF0 Fastfat.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC95FF78 Fastfat.sys IRP_MJ_DEVICE_CONTROL: 0xFC95F84E Fastfat.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0xFC9711FA Fastfat.sys IRP_MJ_LOCK_CONTROL: 0xFC9704B8 Fastfat.sys IRP_MJ_CLEANUP: 0xFC95B288 Fastfat.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC97092E Fastfat.sys AddDevice: 0x00000000 ServiceKeyName: Fastfat \FileSystem\Rdbss<0xFCC8CA10(12a9a10)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC864C8 \SystemRoot\System32\DRIVERS\rdbss.sys FastIoDispatch: 0xF82A9760 \SystemRoot\System32\DRIVERS\rdbss.sys DriverInit: 0xF82BFF20 \SystemRoot\System32\DRIVERS\rdbss.sys DriverStartIo: 0x00000000 DriverUnload: 0xF82BA154 \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CREATE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CLOSE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_READ: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_WRITE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_EA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_EA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_FLUSH_BUFFERS: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_DIRECTORY_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_DEVICE_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SHUTDOWN: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_LOCK_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CLEANUP: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CREATE_MAILSLOT: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_SECURITY: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_SECURITY: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_POWER: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SYSTEM_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_DEVICE_CHANGE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_QUOTA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_QUOTA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Rdbss \FileSystem\UdfReadr<0xFCCC4DB0(12e1db0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC4208 \SystemRoot\System32\Drivers\UdfReadr.SYS FastIoDispatch: 0xF8395560 \SystemRoot\System32\Drivers\UdfReadr.SYS DriverInit: 0xF8372722 \SystemRoot\System32\Drivers\UdfReadr.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF8372BAA \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CREATE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CREATE_NAMED_PIPE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CLOSE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_READ: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_WRITE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_EA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_EA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_FLUSH_BUFFERS: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_DIRECTORY_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_DEVICE_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SHUTDOWN: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_LOCK_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CLEANUP: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CREATE_MAILSLOT: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_SECURITY: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_SECURITY: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_POWER: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SYSTEM_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_DEVICE_CHANGE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_QUOTA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_QUOTA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_PNP: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS AddDevice: 0x00000000 ServiceKeyName: UdfReadr \FileSystem\Msfs<0xFCCC6A70(12e3a70)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC72E8 \SystemRoot\System32\Drivers\Msfs.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF07FBEDA \SystemRoot\System32\Drivers\Msfs.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF07F9740 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07FA834 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_READ: 0xF07F9140 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_WRITE: 0xF07F9478 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_QUERY_INFORMATION: 0xF07FABC4 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_SET_INFORMATION: 0xF07FB7EE \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF07FB09A \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0xF07FB268 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF07FBC4C \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF07FA368 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_CREATE_MAILSLOT: 0xF07F9DAC \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_QUERY_SECURITY: 0xF07FB97C \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_SET_SECURITY: 0xF07FB9FE \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Msfs \FileSystem\MRxSmb<0xFCC91590(12ae590)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD6D688 \SystemRoot\System32\DRIVERS\mrxsmb.sys FastIoDispatch: 0xF82A9760 \SystemRoot\System32\DRIVERS\rdbss.sys DriverInit: 0xF8254DD6 \SystemRoot\System32\DRIVERS\mrxsmb.sys DriverStartIo: 0x00000000 DriverUnload: 0xF8269508 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CREATE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CLOSE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_READ: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_WRITE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_EA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_EA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_FLUSH_BUFFERS: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_DIRECTORY_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_DEVICE_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SHUTDOWN: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_LOCK_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CLEANUP: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CREATE_MAILSLOT: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_SECURITY: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_SECURITY: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_POWER: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SYSTEM_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_DEVICE_CHANGE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_QUOTA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_QUOTA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_PNP: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys AddDevice: 0x00000000 ServiceKeyName: MRxSmb \FileSystem\Srv<0xFF24DCD0(766cd0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24A828 \SystemRoot\System32\DRIVERS\srv.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7CA90A0 \SystemRoot\System32\DRIVERS\srv.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7C98727 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CREATE: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CLOSE: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_READ: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_WRITE: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_INFORMATION: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_INFORMATION: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_EA: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_EA: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_FLUSH_BUFFERS: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_DIRECTORY_CONTROL: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_DEVICE_CONTROL: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SHUTDOWN: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_LOCK_CONTROL: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CLEANUP: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CREATE_MAILSLOT: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_SECURITY: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_SECURITY: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_POWER: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SYSTEM_CONTROL: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_DEVICE_CHANGE: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_QUOTA: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_QUOTA: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_PNP: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys AddDevice: 0x00000000 ServiceKeyName: Srv \FileSystem\NaiFsRec<0xFCDA5790(13c2790)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25828 NaiFsRec.sys FastIoDispatch: 0x00000000 DriverInit: 0xF090494E NaiFsRec.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF09043FA NaiFsRec.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF09043FA NaiFsRec.sys IRP_MJ_CLOSE: 0xF09043FA NaiFsRec.sys IRP_MJ_READ: 0xF09043FA NaiFsRec.sys IRP_MJ_WRITE: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_EA: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_EA: 0xF09043FA NaiFsRec.sys IRP_MJ_FLUSH_BUFFERS: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_DIRECTORY_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_DEVICE_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_SHUTDOWN: 0xF09043FA NaiFsRec.sys IRP_MJ_LOCK_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_CLEANUP: 0xF09043FA NaiFsRec.sys IRP_MJ_CREATE_MAILSLOT: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_SECURITY: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_SECURITY: 0xF09043FA NaiFsRec.sys IRP_MJ_POWER: 0xF09043FA NaiFsRec.sys IRP_MJ_SYSTEM_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_DEVICE_CHANGE: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_QUOTA: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_QUOTA: 0xF09043FA NaiFsRec.sys IRP_MJ_PNP: 0xF09043FA NaiFsRec.sys AddDevice: 0x00000000 ServiceKeyName: NaiFsRec \FileSystem\Mup<0xFCD4E6D0(136b6d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25788 Mup.sys FastIoDispatch: 0xFC907258 Mup.sys DriverInit: 0xFC90AB04 Mup.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC90936E Mup.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC90936E Mup.sys IRP_MJ_CLOSE: 0xFC90911E Mup.sys IRP_MJ_READ: 0xFC9056B6 Mup.sys IRP_MJ_WRITE: 0xFC90A1D8 Mup.sys IRP_MJ_QUERY_INFORMATION: 0xFC90FBBC Mup.sys IRP_MJ_SET_INFORMATION: 0xFC90FCD0 Mup.sys IRP_MJ_QUERY_EA: 0xFC9056B6 Mup.sys IRP_MJ_SET_EA: 0xFC9056B6 Mup.sys IRP_MJ_FLUSH_BUFFERS: 0xFC9056B6 Mup.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC917AE8 Mup.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC917CB6 Mup.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC90A5DA Mup.sys IRP_MJ_DEVICE_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_SHUTDOWN: 0xFC9056B6 Mup.sys IRP_MJ_LOCK_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_CLEANUP: 0xFC908E2E Mup.sys IRP_MJ_CREATE_MAILSLOT: 0xFC90936E Mup.sys IRP_MJ_QUERY_SECURITY: 0xFC9056B6 Mup.sys IRP_MJ_SET_SECURITY: 0xFC9056B6 Mup.sys IRP_MJ_POWER: 0xFC9056B6 Mup.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_DEVICE_CHANGE: 0xFC9056B6 Mup.sys IRP_MJ_QUERY_QUOTA: 0xFC9056B6 Mup.sys IRP_MJ_SET_QUOTA: 0xFC9056B6 Mup.sys IRP_MJ_PNP: 0xFC9056B6 Mup.sys AddDevice: 0x00000000 ServiceKeyName: Mup \FileSystem\RAW<0xFCE14CB0(1431cb0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0x8055EF80 \WINNT\System32\ntoskrnl.exe DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x804FE1AF \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 \FileSystem\Npfs<0xFCCC6250(12e3250)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC63E8 \SystemRoot\System32\Drivers\Npfs.SYS FastIoDispatch: 0xF0562208 \SystemRoot\System32\Drivers\Npfs.SYS DriverInit: 0xF056790E \SystemRoot\System32\Drivers\Npfs.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF05626FE \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_CREATE_NAMED_PIPE: 0xF0562AE4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_CLOSE: 0xF056257C \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_READ: 0xF0565BB4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_WRITE: 0xF0566F5A \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_QUERY_INFORMATION: 0xF0563792 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_SET_INFORMATION: 0xF0563832 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF0563ED4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF0566DD4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0xF05631BE \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF0564070 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF05623E6 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0xF056633C \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_SET_SECURITY: 0xF05663DC \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Npfs \FileSystem\Fs_Rec<0xFCD90510(13ad510)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC8608 \SystemRoot\System32\Drivers\Fs_Rec.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0917294 \SystemRoot\System32\Drivers\Fs_Rec.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF091653E \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_CREATE: 0xF0916492 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0916480 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09164C4 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0916480 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Fs_Rec \FileSystem\Cdfs<0xFF1FCB90(198ab90)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF1FDB08 \SystemRoot\System32\Drivers\Cdfs.SYS FastIoDispatch: 0xF7DB4CE0 \SystemRoot\System32\Drivers\Cdfs.SYS DriverInit: 0xF7DC01A0 \SystemRoot\System32\Drivers\Cdfs.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_READ: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_SET_INFORMATION: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_DEVICE_CONTROL: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_CLEANUP: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS AddDevice: 0x00000000 ServiceKeyName: Cdfs Driver count: 100 KeServiceDescriptorTable at virtual address : 0x8046B840(46b840) 0 0x804BBAD9 \WINNT\System32\ntoskrnl.exe 1 0x804B322A \WINNT\System32\ntoskrnl.exe 2 0x804B371A \WINNT\System32\ntoskrnl.exe 3 0x8050ABDE \WINNT\System32\ntoskrnl.exe 4 0x804AADD7 \WINNT\System32\ntoskrnl.exe 5 0x8045A6DE \WINNT\System32\ntoskrnl.exe 6 0x8050BE92 \WINNT\System32\ntoskrnl.exe 7 0x8050BED2 \WINNT\System32\ntoskrnl.exe 8 0x804A6E80 \WINNT\System32\ntoskrnl.exe 9 0x80508458 \WINNT\System32\ntoskrnl.exe a 0x804ABA51 \WINNT\System32\ntoskrnl.exe b 0x804FBBF0 \WINNT\System32\ntoskrnl.exe c 0x804AECE7 \WINNT\System32\ntoskrnl.exe d 0x804AB72A \WINNT\System32\ntoskrnl.exe e 0x804492BA \WINNT\System32\ntoskrnl.exe f 0x804AAE39 \WINNT\System32\ntoskrnl.exe 10 0x8049ED34 \WINNT\System32\ntoskrnl.exe 11 0x804EF7C3 \WINNT\System32\ntoskrnl.exe 12 0x804FBFA3 \WINNT\System32\ntoskrnl.exe 13 0x8040189A \WINNT\System32\ntoskrnl.exe 14 0x804CB21E \WINNT\System32\ntoskrnl.exe 15 0x80418F04 \WINNT\System32\ntoskrnl.exe 16 0x804E9B8C \WINNT\System32\ntoskrnl.exe 17 0x80498F39 \WINNT\System32\ntoskrnl.exe 18 0x8044D292 \WINNT\System32\ntoskrnl.exe 19 0x804AAD7D \WINNT\System32\ntoskrnl.exe 1a 0x804BBF63 \WINNT\System32\ntoskrnl.exe 1b 0x804BC28B \WINNT\System32\ntoskrnl.exe 1c 0x804668B0 \WINNT\System32\ntoskrnl.exe 1d 0x804F3CE6 \WINNT\System32\ntoskrnl.exe 1e 0x8049AE26 \WINNT\System32\ntoskrnl.exe 1f 0x804C47BF \WINNT\System32\ntoskrnl.exe 20 0x8049A5F1 \WINNT\System32\ntoskrnl.exe 21 0x804BA7B0 \WINNT\System32\ntoskrnl.exe 22 0x804FBCC6 \WINNT\System32\ntoskrnl.exe 23 0x804A0635 \WINNT\System32\ntoskrnl.exe 24 0x8048ECD1 \WINNT\System32\ntoskrnl.exe 25 0x804A6DBA \WINNT\System32\ntoskrnl.exe 26 0x8048EBF9 \WINNT\System32\ntoskrnl.exe 27 0x804ECAC7 \WINNT\System32\ntoskrnl.exe 28 0x804B501B \WINNT\System32\ntoskrnl.exe 29 0x804BD4CB \WINNT\System32\ntoskrnl.exe 2a 0x804C3D89 \WINNT\System32\ntoskrnl.exe 2b 0x804B963E \WINNT\System32\ntoskrnl.exe 2c 0x804B849C \WINNT\System32\ntoskrnl.exe 2d 0x80491F98 \WINNT\System32\ntoskrnl.exe 2e 0x804BB61D \WINNT\System32\ntoskrnl.exe 2f 0x8048E37F \WINNT\System32\ntoskrnl.exe 30 0x8050E0D0 \WINNT\System32\ntoskrnl.exe 31 0x804EA9EA \WINNT\System32\ntoskrnl.exe 32 0x80498B96 \WINNT\System32\ntoskrnl.exe 33 0x804B7FE0 \WINNT\System32\ntoskrnl.exe 34 0x804CB386 \WINNT\System32\ntoskrnl.exe 35 0x804958F5 \WINNT\System32\ntoskrnl.exe 36 0x8050C24E \WINNT\System32\ntoskrnl.exe 37 0x804AC8B6 \WINNT\System32\ntoskrnl.exe 38 0x804A22EF \WINNT\System32\ntoskrnl.exe 39 0x804C0066 \WINNT\System32\ntoskrnl.exe 3a 0x804BAA57 \WINNT\System32\ntoskrnl.exe 3b 0x804A408E \WINNT\System32\ntoskrnl.exe 3c 0x804B9EEF \WINNT\System32\ntoskrnl.exe 3d 0x804A14B2 \WINNT\System32\ntoskrnl.exe 3e 0x804F0212 \WINNT\System32\ntoskrnl.exe 3f 0x80508F0A \WINNT\System32\ntoskrnl.exe 40 0x804A6385 \WINNT\System32\ntoskrnl.exe 41 0x804A1CCB \WINNT\System32\ntoskrnl.exe 42 0x804B927C \WINNT\System32\ntoskrnl.exe 43 0x804B306C \WINNT\System32\ntoskrnl.exe 44 0x804B0757 \WINNT\System32\ntoskrnl.exe 45 0x804F063F \WINNT\System32\ntoskrnl.exe 46 0x804498E5 \WINNT\System32\ntoskrnl.exe 47 0x804A29E7 \WINNT\System32\ntoskrnl.exe 48 0x8049C1A5 \WINNT\System32\ntoskrnl.exe 49 0x80492F9B \WINNT\System32\ntoskrnl.exe 4a 0x804F5C02 \WINNT\System32\ntoskrnl.exe 4b 0x80517DFD \WINNT\System32\ntoskrnl.exe 4c 0x80461606 \WINNT\System32\ntoskrnl.exe 4d 0x80449F2C \WINNT\System32\ntoskrnl.exe 4e 0x8050EB71 \WINNT\System32\ntoskrnl.exe 4f 0x804A4826 \WINNT\System32\ntoskrnl.exe 50 0x80453B63 \WINNT\System32\ntoskrnl.exe 51 0x8051E658 \WINNT\System32\ntoskrnl.exe 52 0x804F59F0 \WINNT\System32\ntoskrnl.exe 53 0x804F5BF4 \WINNT\System32\ntoskrnl.exe 54 0x804EAC0D \WINNT\System32\ntoskrnl.exe 55 0x8052AD90 \WINNT\System32\ntoskrnl.exe 56 0x8051F33B \WINNT\System32\ntoskrnl.exe 57 0x80460FCE \WINNT\System32\ntoskrnl.exe 58 0x804A75FD \WINNT\System32\ntoskrnl.exe 59 0x804F06D6 \WINNT\System32\ntoskrnl.exe 5a 0x80491967 \WINNT\System32\ntoskrnl.exe 5b 0x804489A9 \WINNT\System32\ntoskrnl.exe 5c 0x80448DBC \WINNT\System32\ntoskrnl.exe 5d 0x804B977E \WINNT\System32\ntoskrnl.exe 5e 0x804B4CBA \WINNT\System32\ntoskrnl.exe 5f 0x804B9AD4 \WINNT\System32\ntoskrnl.exe 60 0x804B9B02 \WINNT\System32\ntoskrnl.exe 61 0x804BC938 \WINNT\System32\ntoskrnl.exe 62 0x804A6810 \WINNT\System32\ntoskrnl.exe 63 0x804C48AB \WINNT\System32\ntoskrnl.exe 64 0x804B6C37 \WINNT\System32\ntoskrnl.exe 65 0x804CFC5B \WINNT\System32\ntoskrnl.exe 66 0x804FBEDB \WINNT\System32\ntoskrnl.exe 67 0x8049FDAE \WINNT\System32\ntoskrnl.exe 68 0x804A7039 \WINNT\System32\ntoskrnl.exe 69 0x804AED64 \WINNT\System32\ntoskrnl.exe 6a 0x804BE76D \WINNT\System32\ntoskrnl.exe 6b 0x8049E5E5 \WINNT\System32\ntoskrnl.exe 6c 0x804B941B \WINNT\System32\ntoskrnl.exe 6d 0x804AAA86 \WINNT\System32\ntoskrnl.exe 6e 0x804BC708 \WINNT\System32\ntoskrnl.exe 6f 0x804ABD64 \WINNT\System32\ntoskrnl.exe 70 0x80499353 \WINNT\System32\ntoskrnl.exe 71 0x804C4485 \WINNT\System32\ntoskrnl.exe 72 0x804B11E3 \WINNT\System32\ntoskrnl.exe 73 0x8049227F \WINNT\System32\ntoskrnl.exe 74 0x804ABF6F \WINNT\System32\ntoskrnl.exe 75 0x8050B5E3 \WINNT\System32\ntoskrnl.exe 76 0x8050B3BF \WINNT\System32\ntoskrnl.exe 77 0x804BAE4E \WINNT\System32\ntoskrnl.exe 78 0x804BF790 \WINNT\System32\ntoskrnl.exe 79 0x804B4964 \WINNT\System32\ntoskrnl.exe 7a 0x804B6EE6 \WINNT\System32\ntoskrnl.exe 7b 0x804B67D3 \WINNT\System32\ntoskrnl.exe 7c 0x804A7A5C \WINNT\System32\ntoskrnl.exe 7d 0x804BED76 \WINNT\System32\ntoskrnl.exe 7e 0x80491C73 \WINNT\System32\ntoskrnl.exe 7f 0x804D06D6 \WINNT\System32\ntoskrnl.exe 80 0x804BEA2A \WINNT\System32\ntoskrnl.exe 81 0x804B43D3 \WINNT\System32\ntoskrnl.exe 82 0x804B7154 \WINNT\System32\ntoskrnl.exe 83 0x804BDA90 \WINNT\System32\ntoskrnl.exe 84 0x80498DBB \WINNT\System32\ntoskrnl.exe 85 0x804EAC8B \WINNT\System32\ntoskrnl.exe 86 0x804B6854 \WINNT\System32\ntoskrnl.exe 87 0x80498FC2 \WINNT\System32\ntoskrnl.exe 88 0x8049E3E0 \WINNT\System32\ntoskrnl.exe 89 0x804A7E24 \WINNT\System32\ntoskrnl.exe 8a 0x804C4357 \WINNT\System32\ntoskrnl.exe 8b 0x804A0EB7 \WINNT\System32\ntoskrnl.exe 8c 0x8051F9F0 \WINNT\System32\ntoskrnl.exe 8d 0x804C461E \WINNT\System32\ntoskrnl.exe 8e 0x804A2E40 \WINNT\System32\ntoskrnl.exe 8f 0x80520094 \WINNT\System32\ntoskrnl.exe 90 0x804BF0C1 \WINNT\System32\ntoskrnl.exe 91 0x804D15EE \WINNT\System32\ntoskrnl.exe 92 0x804BCAFC \WINNT\System32\ntoskrnl.exe 93 0x8044D7BA \WINNT\System32\ntoskrnl.exe 94 0x804C2ECD \WINNT\System32\ntoskrnl.exe 95 0x804BC7A5 \WINNT\System32\ntoskrnl.exe 96 0x804C37D8 \WINNT\System32\ntoskrnl.exe 97 0x8049F2CE \WINNT\System32\ntoskrnl.exe 98 0x804A2888 \WINNT\System32\ntoskrnl.exe 99 0x804AD79C \WINNT\System32\ntoskrnl.exe 9a 0x804B0536 \WINNT\System32\ntoskrnl.exe 9b 0x804A01DA \WINNT\System32\ntoskrnl.exe 9c 0x804B77C4 \WINNT\System32\ntoskrnl.exe 9d 0x804A6670 \WINNT\System32\ntoskrnl.exe 9e 0x804AD6F9 \WINNT\System32\ntoskrnl.exe 9f 0x804668F8 \WINNT\System32\ntoskrnl.exe a0 0x804C2B38 \WINNT\System32\ntoskrnl.exe a1 0x8049AF1B \WINNT\System32\ntoskrnl.exe a2 0x804D2295 \WINNT\System32\ntoskrnl.exe a3 0x804BC642 \WINNT\System32\ntoskrnl.exe a4 0x804A585A \WINNT\System32\ntoskrnl.exe a5 0x804BB8F2 \WINNT\System32\ntoskrnl.exe a6 0x80499536 \WINNT\System32\ntoskrnl.exe a7 0x8049DAC1 \WINNT\System32\ntoskrnl.exe a8 0x804991E5 \WINNT\System32\ntoskrnl.exe a9 0x8051F81F \WINNT\System32\ntoskrnl.exe aa 0x804A42A8 \WINNT\System32\ntoskrnl.exe ab 0x804986CE \WINNT\System32\ntoskrnl.exe ac 0x804339E4 \WINNT\System32\ntoskrnl.exe ad 0x804EAE8E \WINNT\System32\ntoskrnl.exe ae 0x804F5B92 \WINNT\System32\ntoskrnl.exe af 0x804B29EE \WINNT\System32\ntoskrnl.exe b0 0x80498311 \WINNT\System32\ntoskrnl.exe b1 0x804F599C \WINNT\System32\ntoskrnl.exe b2 0x804BF8E0 \WINNT\System32\ntoskrnl.exe b3 0x8044A413 \WINNT\System32\ntoskrnl.exe b4 0x8051EF54 \WINNT\System32\ntoskrnl.exe b5 0x804BB755 \WINNT\System32\ntoskrnl.exe b6 0x80495A06 \WINNT\System32\ntoskrnl.exe b7 0x8051F0B8 \WINNT\System32\ntoskrnl.exe b8 0x804330BD \WINNT\System32\ntoskrnl.exe b9 0x804BEE87 \WINNT\System32\ntoskrnl.exe ba 0x804931B3 \WINNT\System32\ntoskrnl.exe bb 0x804C2DCF \WINNT\System32\ntoskrnl.exe bc 0x804C0322 \WINNT\System32\ntoskrnl.exe bd 0x804C08F0 \WINNT\System32\ntoskrnl.exe be 0x804D0C43 \WINNT\System32\ntoskrnl.exe bf 0x80498E90 \WINNT\System32\ntoskrnl.exe c0 0x804C4B4D \WINNT\System32\ntoskrnl.exe c1 0x804C4A93 \WINNT\System32\ntoskrnl.exe c2 0x804A16C0 \WINNT\System32\ntoskrnl.exe c3 0x804FCE5A \WINNT\System32\ntoskrnl.exe c4 0x8051F525 \WINNT\System32\ntoskrnl.exe c5 0x804A2F65 \WINNT\System32\ntoskrnl.exe c6 0x804B732C \WINNT\System32\ntoskrnl.exe c7 0x8049D596 \WINNT\System32\ntoskrnl.exe c8 0x8050F100 \WINNT\System32\ntoskrnl.exe c9 0x804C4345 \WINNT\System32\ntoskrnl.exe ca 0x80492B0E \WINNT\System32\ntoskrnl.exe cb 0x804C4AF7 \WINNT\System32\ntoskrnl.exe cc 0x804C4A2F \WINNT\System32\ntoskrnl.exe cd 0x804D1B59 \WINNT\System32\ntoskrnl.exe ce 0x8044D6C5 \WINNT\System32\ntoskrnl.exe cf 0x804C3A62 \WINNT\System32\ntoskrnl.exe d0 0x8048D7CA \WINNT\System32\ntoskrnl.exe d1 0x80489C29 \WINNT\System32\ntoskrnl.exe d2 0x8048DE42 \WINNT\System32\ntoskrnl.exe d3 0x804921A9 \WINNT\System32\ntoskrnl.exe d4 0x8041909D \WINNT\System32\ntoskrnl.exe d5 0x8048DF4C \WINNT\System32\ntoskrnl.exe d6 0x804C3279 \WINNT\System32\ntoskrnl.exe d7 0x804A8822 \WINNT\System32\ntoskrnl.exe d8 0x804D1C75 \WINNT\System32\ntoskrnl.exe d9 0x804C0034 \WINNT\System32\ntoskrnl.exe da 0x8044E121 \WINNT\System32\ntoskrnl.exe db 0x804C3FFA \WINNT\System32\ntoskrnl.exe dc 0x804C42A1 \WINNT\System32\ntoskrnl.exe dd 0x80492ECB \WINNT\System32\ntoskrnl.exe de 0x8052ABEF \WINNT\System32\ntoskrnl.exe df 0x804FDC2C \WINNT\System32\ntoskrnl.exe e0 0x804BE082 \WINNT\System32\ntoskrnl.exe e1 0x804B7C2F \WINNT\System32\ntoskrnl.exe e2 0x804BB99A \WINNT\System32\ntoskrnl.exe e3 0x8052AF5D \WINNT\System32\ntoskrnl.exe e4 0x8051F34D \WINNT\System32\ntoskrnl.exe e5 0x804A73C6 \WINNT\System32\ntoskrnl.exe e6 0x804B469E \WINNT\System32\ntoskrnl.exe e7 0x804B82A3 \WINNT\System32\ntoskrnl.exe e8 0x80494707 \WINNT\System32\ntoskrnl.exe e9 0x8044E312 \WINNT\System32\ntoskrnl.exe ea 0x80498C2D \WINNT\System32\ntoskrnl.exe eb 0x804C49D1 \WINNT\System32\ntoskrnl.exe ec 0x804C4973 \WINNT\System32\ntoskrnl.exe ed 0x804A1A9A \WINNT\System32\ntoskrnl.exe ee 0x804D2B4A \WINNT\System32\ntoskrnl.exe ef 0x804BC69B \WINNT\System32\ntoskrnl.exe f0 0x804A56D1 \WINNT\System32\ntoskrnl.exe f1 0x804E9B84 \WINNT\System32\ntoskrnl.exe f2 0x804E9B84 \WINNT\System32\ntoskrnl.exe f3 0x804E9B84 \WINNT\System32\ntoskrnl.exe f4 0x80432FFF \WINNT\System32\ntoskrnl.exe f5 0x80446B97 \WINNT\System32\ntoskrnl.exe f6 0x804E9B8C \WINNT\System32\ntoskrnl.exe f7 0x80433007 \WINNT\System32\ntoskrnl.exe KeServiceDescriptorTableShadow at virtual address : 0x8046B880(46b880) 0 0xA0105666 \??\C:\WINNT\system32\win32k.sys 1 0xA011D430 \??\C:\WINNT\system32\win32k.sys 2 0xA00AEB4F \??\C:\WINNT\system32\win32k.sys 3 0xA0111BE9 \??\C:\WINNT\system32\win32k.sys 4 0xA011F1CA \??\C:\WINNT\system32\win32k.sys 5 0xA0105C7B \??\C:\WINNT\system32\win32k.sys 6 0xA0106355 \??\C:\WINNT\system32\win32k.sys 7 0xA0102E82 \??\C:\WINNT\system32\win32k.sys 8 0xA011E911 \??\C:\WINNT\system32\win32k.sys 9 0xA004B276 \??\C:\WINNT\system32\win32k.sys a 0xA00B5F7A \??\C:\WINNT\system32\win32k.sys b 0xA005284F \??\C:\WINNT\system32\win32k.sys c 0xA00477BD \??\C:\WINNT\system32\win32k.sys d 0xA001AF74 \??\C:\WINNT\system32\win32k.sys e 0xA011EE73 \??\C:\WINNT\system32\win32k.sys f 0xA0120C7F \??\C:\WINNT\system32\win32k.sys 10 0xA00550C7 \??\C:\WINNT\system32\win32k.sys 11 0xA0120DD9 \??\C:\WINNT\system32\win32k.sys 12 0xA0077603 \??\C:\WINNT\system32\win32k.sys 13 0xA004D14B \??\C:\WINNT\system32\win32k.sys 14 0xA007A0EF \??\C:\WINNT\system32\win32k.sys 15 0xA0016344 \??\C:\WINNT\system32\win32k.sys 16 0xA004F7EF \??\C:\WINNT\system32\win32k.sys 17 0xA001E106 \??\C:\WINNT\system32\win32k.sys 18 0xA0089E93 \??\C:\WINNT\system32\win32k.sys 19 0xA004FE0F \??\C:\WINNT\system32\win32k.sys 1a 0xA0120932 \??\C:\WINNT\system32\win32k.sys 1b 0xA00761D6 \??\C:\WINNT\system32\win32k.sys 1c 0xA001D56E \??\C:\WINNT\system32\win32k.sys 1d 0xA006854C \??\C:\WINNT\system32\win32k.sys 1e 0xA0091F45 \??\C:\WINNT\system32\win32k.sys 1f 0xA009310D \??\C:\WINNT\system32\win32k.sys 20 0xA010938E \??\C:\WINNT\system32\win32k.sys 21 0xA0094717 \??\C:\WINNT\system32\win32k.sys 22 0xA00526B9 \??\C:\WINNT\system32\win32k.sys 23 0xA004CC3F \??\C:\WINNT\system32\win32k.sys 24 0xA0093FF3 \??\C:\WINNT\system32\win32k.sys 25 0xA008AD46 \??\C:\WINNT\system32\win32k.sys 26 0xA007786F \??\C:\WINNT\system32\win32k.sys 27 0xA0077E6B \??\C:\WINNT\system32\win32k.sys 28 0xA01094A3 \??\C:\WINNT\system32\win32k.sys 29 0xA00B103A \??\C:\WINNT\system32\win32k.sys 2a 0xA001DC18 \??\C:\WINNT\system32\win32k.sys 2b 0xA0123824 \??\C:\WINNT\system32\win32k.sys 2c 0xA0123BC3 \??\C:\WINNT\system32\win32k.sys 2d 0xA0123C54 \??\C:\WINNT\system32\win32k.sys 2e 0xA012402C \??\C:\WINNT\system32\win32k.sys 2f 0xA0123CC2 \??\C:\WINNT\system32\win32k.sys 30 0xA01241FE \??\C:\WINNT\system32\win32k.sys 31 0xA0127078 \??\C:\WINNT\system32\win32k.sys 32 0xA0128FDC \??\C:\WINNT\system32\win32k.sys 33 0xA00BB12D \??\C:\WINNT\system32\win32k.sys 34 0xA012875C \??\C:\WINNT\system32\win32k.sys 35 0xA0125E29 \??\C:\WINNT\system32\win32k.sys 36 0xA00A7695 \??\C:\WINNT\system32\win32k.sys 37 0xA012697A \??\C:\WINNT\system32\win32k.sys 38 0xA01278BC \??\C:\WINNT\system32\win32k.sys 39 0xA00A8397 \??\C:\WINNT\system32\win32k.sys 3a 0xA00A73F2 \??\C:\WINNT\system32\win32k.sys 3b 0xA00A73F2 \??\C:\WINNT\system32\win32k.sys 3c 0xA012811E \??\C:\WINNT\system32\win32k.sys 3d 0xA00BBF6C \??\C:\WINNT\system32\win32k.sys 3e 0xA00A647F \??\C:\WINNT\system32\win32k.sys 3f 0xA00A6BED \??\C:\WINNT\system32\win32k.sys 40 0xA01286ED \??\C:\WINNT\system32\win32k.sys 41 0xA00BAFA1 \??\C:\WINNT\system32\win32k.sys 42 0xA0126FAF \??\C:\WINNT\system32\win32k.sys 43 0xA01289C6 \??\C:\WINNT\system32\win32k.sys 44 0xA00BC55B \??\C:\WINNT\system32\win32k.sys 45 0xA0127723 \??\C:\WINNT\system32\win32k.sys 46 0xA00B01E9 \??\C:\WINNT\system32\win32k.sys 47 0xA01267AF \??\C:\WINNT\system32\win32k.sys 48 0xA00BC9E9 \??\C:\WINNT\system32\win32k.sys 49 0xA00A8962 \??\C:\WINNT\system32\win32k.sys 4a 0xA0127B83 \??\C:\WINNT\system32\win32k.sys 4b 0xA00BBE3A \??\C:\WINNT\system32\win32k.sys 4c 0xA0128598 \??\C:\WINNT\system32\win32k.sys 4d 0xA01283B5 \??\C:\WINNT\system32\win32k.sys 4e 0xA0127CC7 \??\C:\WINNT\system32\win32k.sys 4f 0xA0127E7B \??\C:\WINNT\system32\win32k.sys 50 0xA01274DD \??\C:\WINNT\system32\win32k.sys 51 0xA00A6DF5 \??\C:\WINNT\system32\win32k.sys 52 0xA012659B \??\C:\WINNT\system32\win32k.sys 53 0xA00A8CF2 \??\C:\WINNT\system32\win32k.sys 54 0xA0128E95 \??\C:\WINNT\system32\win32k.sys 55 0xA00A90B3 \??\C:\WINNT\system32\win32k.sys 56 0xA00BC940 \??\C:\WINNT\system32\win32k.sys 57 0xA0128B4E \??\C:\WINNT\system32\win32k.sys 58 0xA00510ED \??\C:\WINNT\system32\win32k.sys 59 0xA00BC44C \??\C:\WINNT\system32\win32k.sys 5a 0xA012760B \??\C:\WINNT\system32\win32k.sys 5b 0xA0129484 \??\C:\WINNT\system32\win32k.sys 5c 0xA01295F6 \??\C:\WINNT\system32\win32k.sys 5d 0xA012737F \??\C:\WINNT\system32\win32k.sys 5e 0xA00BB0B6 \??\C:\WINNT\system32\win32k.sys 5f 0xA00A6D46 \??\C:\WINNT\system32\win32k.sys 60 0xA012669E \??\C:\WINNT\system32\win32k.sys 61 0xA00BAC82 \??\C:\WINNT\system32\win32k.sys 62 0xA00BC7BB \??\C:\WINNT\system32\win32k.sys 63 0xA012A818 \??\C:\WINNT\system32\win32k.sys 64 0xA012C011 \??\C:\WINNT\system32\win32k.sys 65 0xA012A960 \??\C:\WINNT\system32\win32k.sys 66 0xA012ABB0 \??\C:\WINNT\system32\win32k.sys 67 0xA012AC1F \??\C:\WINNT\system32\win32k.sys 68 0xA012AD9E \??\C:\WINNT\system32\win32k.sys 69 0xA012AF3D \??\C:\WINNT\system32\win32k.sys 6a 0xA012B076 \??\C:\WINNT\system32\win32k.sys 6b 0xA012B18C \??\C:\WINNT\system32\win32k.sys 6c 0xA012B53D \??\C:\WINNT\system32\win32k.sys 6d 0xA012B353 \??\C:\WINNT\system32\win32k.sys 6e 0xA012B623 \??\C:\WINNT\system32\win32k.sys 6f 0xA012B7E0 \??\C:\WINNT\system32\win32k.sys 70 0xA012B8C6 \??\C:\WINNT\system32\win32k.sys 71 0xA012BEE1 \??\C:\WINNT\system32\win32k.sys 72 0xA0089E60 \??\C:\WINNT\system32\win32k.sys 73 0xA005091C \??\C:\WINNT\system32\win32k.sys 74 0xA0120BA8 \??\C:\WINNT\system32\win32k.sys 75 0xA002BF83 \??\C:\WINNT\system32\win32k.sys 76 0xA005112A \??\C:\WINNT\system32\win32k.sys 77 0xA00BE7E4 \??\C:\WINNT\system32\win32k.sys 78 0xA00BE9D7 \??\C:\WINNT\system32\win32k.sys 79 0xA008A753 \??\C:\WINNT\system32\win32k.sys 7a 0xA011EA32 \??\C:\WINNT\system32\win32k.sys 7b 0xA009D1C7 \??\C:\WINNT\system32\win32k.sys 7c 0xA0001BCE \??\C:\WINNT\system32\win32k.sys 7d 0xA009AFBB \??\C:\WINNT\system32\win32k.sys 7e 0xA009AFC9 \??\C:\WINNT\system32\win32k.sys 7f 0xA004784C \??\C:\WINNT\system32\win32k.sys 80 0xA006F50B \??\C:\WINNT\system32\win32k.sys 81 0xA006E967 \??\C:\WINNT\system32\win32k.sys 82 0xA006EC6D \??\C:\WINNT\system32\win32k.sys 83 0xA004B483 \??\C:\WINNT\system32\win32k.sys 84 0xA00AFAFE \??\C:\WINNT\system32\win32k.sys 85 0xA012F5A6 \??\C:\WINNT\system32\win32k.sys 86 0xA012F409 \??\C:\WINNT\system32\win32k.sys 87 0xA003E887 \??\C:\WINNT\system32\win32k.sys 88 0xA006A99E \??\C:\WINNT\system32\win32k.sys 89 0xA004D1E9 \??\C:\WINNT\system32\win32k.sys 8a 0xA0045846 \??\C:\WINNT\system32\win32k.sys 8b 0xA013063C \??\C:\WINNT\system32\win32k.sys 8c 0xA002C5FE \??\C:\WINNT\system32\win32k.sys 8d 0xA002754A \??\C:\WINNT\system32\win32k.sys 8e 0xA006B82B \??\C:\WINNT\system32\win32k.sys 8f 0xA0055135 \??\C:\WINNT\system32\win32k.sys 90 0xA00A4872 \??\C:\WINNT\system32\win32k.sys 91 0xA011D548 \??\C:\WINNT\system32\win32k.sys 92 0xA0017998 \??\C:\WINNT\system32\win32k.sys 93 0xA0013C16 \??\C:\WINNT\system32\win32k.sys 94 0xA011FB03 \??\C:\WINNT\system32\win32k.sys 95 0xA010958E \??\C:\WINNT\system32\win32k.sys 96 0xA00B688E \??\C:\WINNT\system32\win32k.sys 97 0xA00717C5 \??\C:\WINNT\system32\win32k.sys 98 0xA0026505 \??\C:\WINNT\system32\win32k.sys 99 0xA0071F30 \??\C:\WINNT\system32\win32k.sys 9a 0xA00A6717 \??\C:\WINNT\system32\win32k.sys 9b 0xA00A3448 \??\C:\WINNT\system32\win32k.sys 9c 0xA0072381 \??\C:\WINNT\system32\win32k.sys 9d 0xA011DB5C \??\C:\WINNT\system32\win32k.sys 9e 0xA00291A3 \??\C:\WINNT\system32\win32k.sys 9f 0xA0070506 \??\C:\WINNT\system32\win32k.sys a0 0xA007D95E \??\C:\WINNT\system32\win32k.sys a1 0xA011ECD6 \??\C:\WINNT\system32\win32k.sys a2 0xA0130F14 \??\C:\WINNT\system32\win32k.sys a3 0xA0028C95 \??\C:\WINNT\system32\win32k.sys a4 0xA0077AE4 \??\C:\WINNT\system32\win32k.sys a5 0xA0077B0A \??\C:\WINNT\system32\win32k.sys a6 0xA00D64EF \??\C:\WINNT\system32\win32k.sys a7 0xA011EF23 \??\C:\WINNT\system32\win32k.sys a8 0xA0121025 \??\C:\WINNT\system32\win32k.sys a9 0xA0041AD8 \??\C:\WINNT\system32\win32k.sys aa 0xA00932EB \??\C:\WINNT\system32\win32k.sys ab 0xA0131CC0 \??\C:\WINNT\system32\win32k.sys ac 0xA012E6BD \??\C:\WINNT\system32\win32k.sys ad 0xA009DC8C \??\C:\WINNT\system32\win32k.sys ae 0xA011F494 \??\C:\WINNT\system32\win32k.sys af 0xA011FEDD \??\C:\WINNT\system32\win32k.sys b0 0xA011FD84 \??\C:\WINNT\system32\win32k.sys b1 0xA011EB52 \??\C:\WINNT\system32\win32k.sys b2 0xA00B9BD2 \??\C:\WINNT\system32\win32k.sys b3 0xA01057C6 \??\C:\WINNT\system32\win32k.sys b4 0xA011E98A \??\C:\WINNT\system32\win32k.sys b5 0xA0110FB5 \??\C:\WINNT\system32\win32k.sys b6 0xA0037922 \??\C:\WINNT\system32\win32k.sys b7 0xA0068781 \??\C:\WINNT\system32\win32k.sys b8 0xA004F5E9 \??\C:\WINNT\system32\win32k.sys b9 0xA0070B2A \??\C:\WINNT\system32\win32k.sys ba 0xA011D95F \??\C:\WINNT\system32\win32k.sys bb 0xA0080513 \??\C:\WINNT\system32\win32k.sys bc 0xA002755E \??\C:\WINNT\system32\win32k.sys bd 0xA00D4BCB \??\C:\WINNT\system32\win32k.sys be 0xA00B5F12 \??\C:\WINNT\system32\win32k.sys bf 0xA009C898 \??\C:\WINNT\system32\win32k.sys c0 0xA003E8A2 \??\C:\WINNT\system32\win32k.sys c1 0xA00D9C5F \??\C:\WINNT\system32\win32k.sys c2 0xA00A91E3 \??\C:\WINNT\system32\win32k.sys c3 0xA0131E9E \??\C:\WINNT\system32\win32k.sys c4 0xA001C464 \??\C:\WINNT\system32\win32k.sys c5 0xA012F6FF \??\C:\WINNT\system32\win32k.sys c6 0xA0071145 \??\C:\WINNT\system32\win32k.sys c7 0xA0037BC9 \??\C:\WINNT\system32\win32k.sys c8 0xA00940E7 \??\C:\WINNT\system32\win32k.sys c9 0xA00487D0 \??\C:\WINNT\system32\win32k.sys ca 0xA007CFC2 \??\C:\WINNT\system32\win32k.sys cb 0xA0079728 \??\C:\WINNT\system32\win32k.sys cc 0xA004C407 \??\C:\WINNT\system32\win32k.sys cd 0xA011F60B \??\C:\WINNT\system32\win32k.sys ce 0xA011F6E9 \??\C:\WINNT\system32\win32k.sys cf 0xA011FEFA \??\C:\WINNT\system32\win32k.sys d0 0xA007C94F \??\C:\WINNT\system32\win32k.sys d1 0xA0114441 \??\C:\WINNT\system32\win32k.sys d2 0xA0074EFC \??\C:\WINNT\system32\win32k.sys d3 0xA0121662 \??\C:\WINNT\system32\win32k.sys d4 0xA005BFE2 \??\C:\WINNT\system32\win32k.sys d5 0xA0000461 \??\C:\WINNT\system32\win32k.sys d6 0xA002752F \??\C:\WINNT\system32\win32k.sys d7 0xA0068120 \??\C:\WINNT\system32\win32k.sys d8 0xA003F12D \??\C:\WINNT\system32\win32k.sys d9 0xA011FC87 \??\C:\WINNT\system32\win32k.sys da 0xA004CD7A \??\C:\WINNT\system32\win32k.sys db 0xA009C05D \??\C:\WINNT\system32\win32k.sys dc 0xA004C773 \??\C:\WINNT\system32\win32k.sys dd 0xA0122DE3 \??\C:\WINNT\system32\win32k.sys de 0xA011EE9F \??\C:\WINNT\system32\win32k.sys df 0xA00519CF \??\C:\WINNT\system32\win32k.sys e0 0xA003E90B \??\C:\WINNT\system32\win32k.sys e1 0xA0091951 \??\C:\WINNT\system32\win32k.sys e2 0xA0077D2A \??\C:\WINNT\system32\win32k.sys e3 0xA008AAF1 \??\C:\WINNT\system32\win32k.sys e4 0xA011D77C \??\C:\WINNT\system32\win32k.sys e5 0xA0115B0C \??\C:\WINNT\system32\win32k.sys e6 0xA011E419 \??\C:\WINNT\system32\win32k.sys e7 0xA003FB5B \??\C:\WINNT\system32\win32k.sys e8 0xA011E538 \??\C:\WINNT\system32\win32k.sys e9 0xA011F08F \??\C:\WINNT\system32\win32k.sys ea 0xA0109A34 \??\C:\WINNT\system32\win32k.sys eb 0xA009A062 \??\C:\WINNT\system32\win32k.sys ec 0xA005BFF2 \??\C:\WINNT\system32\win32k.sys ed 0xA004046D \??\C:\WINNT\system32\win32k.sys ee 0xA011EFA7 \??\C:\WINNT\system32\win32k.sys ef 0xA006B1F5 \??\C:\WINNT\system32\win32k.sys f0 0xA011F2F0 \??\C:\WINNT\system32\win32k.sys f1 0xA011F47D \??\C:\WINNT\system32\win32k.sys f2 0xA00996C4 \??\C:\WINNT\system32\win32k.sys f3 0xA0123093 \??\C:\WINNT\system32\win32k.sys f4 0xA0077470 \??\C:\WINNT\system32\win32k.sys f5 0xA00D714E \??\C:\WINNT\system32\win32k.sys f6 0xA0077480 \??\C:\WINNT\system32\win32k.sys f7 0xA00522DA \??\C:\WINNT\system32\win32k.sys f8 0xA011F9AB \??\C:\WINNT\system32\win32k.sys f9 0xA001C93D \??\C:\WINNT\system32\win32k.sys fa 0xA011EE7F \??\C:\WINNT\system32\win32k.sys fb 0xA00517DF \??\C:\WINNT\system32\win32k.sys fc 0xA00774B8 \??\C:\WINNT\system32\win32k.sys fd 0xA011EE8F \??\C:\WINNT\system32\win32k.sys fe 0xA006AC98 \??\C:\WINNT\system32\win32k.sys ff 0xA011FA75 \??\C:\WINNT\system32\win32k.sys 100 0xA007E645 \??\C:\WINNT\system32\win32k.sys 101 0xA004BE05 \??\C:\WINNT\system32\win32k.sys 102 0xA011ED4D \??\C:\WINNT\system32\win32k.sys 103 0xA00508A6 \??\C:\WINNT\system32\win32k.sys 104 0xA01213BE \??\C:\WINNT\system32\win32k.sys 105 0xA00779DD \??\C:\WINNT\system32\win32k.sys 106 0xA0001FDD \??\C:\WINNT\system32\win32k.sys 107 0xA004C93D \??\C:\WINNT\system32\win32k.sys 108 0xA004C982 \??\C:\WINNT\system32\win32k.sys 109 0xA004CF06 \??\C:\WINNT\system32\win32k.sys 10a 0xA0123599 \??\C:\WINNT\system32\win32k.sys 10b 0xA004C474 \??\C:\WINNT\system32\win32k.sys 10c 0xA004C5FD \??\C:\WINNT\system32\win32k.sys 10d 0xA011F99F \??\C:\WINNT\system32\win32k.sys 10e 0xA011F993 \??\C:\WINNT\system32\win32k.sys 10f 0xA007797F \??\C:\WINNT\system32\win32k.sys 110 0xA00806F3 \??\C:\WINNT\system32\win32k.sys 111 0xA01330C1 \??\C:\WINNT\system32\win32k.sys 112 0xA011EF8C \??\C:\WINNT\system32\win32k.sys 113 0xA011EF33 \??\C:\WINNT\system32\win32k.sys 114 0xA01322A9 \??\C:\WINNT\system32\win32k.sys 115 0xA0053FAD \??\C:\WINNT\system32\win32k.sys 116 0xA004CE7D \??\C:\WINNT\system32\win32k.sys 117 0xA004C5AF \??\C:\WINNT\system32\win32k.sys 118 0xA0099A1F \??\C:\WINNT\system32\win32k.sys 119 0xA009BA39 \??\C:\WINNT\system32\win32k.sys 11a 0xA008B08D \??\C:\WINNT\system32\win32k.sys 11b 0xA0094A44 \??\C:\WINNT\system32\win32k.sys 11c 0xA00BEB07 \??\C:\WINNT\system32\win32k.sys 11d 0xA00AA173 \??\C:\WINNT\system32\win32k.sys 11e 0xA0133294 \??\C:\WINNT\system32\win32k.sys 11f 0xA003E999 \??\C:\WINNT\system32\win32k.sys 120 0xA0119E5C \??\C:\WINNT\system32\win32k.sys 121 0xA011FB8A \??\C:\WINNT\system32\win32k.sys 122 0xA011F1C4 \??\C:\WINNT\system32\win32k.sys 123 0xA011EF80 \??\C:\WINNT\system32\win32k.sys 124 0xA012324F \??\C:\WINNT\system32\win32k.sys 125 0xA011D5DF \??\C:\WINNT\system32\win32k.sys 126 0xA005D014 \??\C:\WINNT\system32\win32k.sys 127 0xA007ED1E \??\C:\WINNT\system32\win32k.sys 128 0xA00E3183 \??\C:\WINNT\system32\win32k.sys 129 0xA007E51C \??\C:\WINNT\system32\win32k.sys 12a 0xA0029892 \??\C:\WINNT\system32\win32k.sys 12b 0xA007DB09 \??\C:\WINNT\system32\win32k.sys 12c 0xA00E1971 \??\C:\WINNT\system32\win32k.sys 12d 0xA00E329F \??\C:\WINNT\system32\win32k.sys 12e 0xA003710F \??\C:\WINNT\system32\win32k.sys 12f 0xA0054168 \??\C:\WINNT\system32\win32k.sys 130 0xA00E16C4 \??\C:\WINNT\system32\win32k.sys 131 0xA007E6A1 \??\C:\WINNT\system32\win32k.sys 132 0xA0036980 \??\C:\WINNT\system32\win32k.sys 133 0xA0000CCD \??\C:\WINNT\system32\win32k.sys 134 0xA007988D \??\C:\WINNT\system32\win32k.sys 135 0xA0079D42 \??\C:\WINNT\system32\win32k.sys 136 0xA008AF79 \??\C:\WINNT\system32\win32k.sys 137 0xA004BE5F \??\C:\WINNT\system32\win32k.sys 138 0xA0015D95 \??\C:\WINNT\system32\win32k.sys 139 0xA0015DDD \??\C:\WINNT\system32\win32k.sys 13a 0xA007950D \??\C:\WINNT\system32\win32k.sys 13b 0xA009E0DD \??\C:\WINNT\system32\win32k.sys 13c 0xA00E1B81 \??\C:\WINNT\system32\win32k.sys 13d 0xA005E8F6 \??\C:\WINNT\system32\win32k.sys 13e 0xA00A9B79 \??\C:\WINNT\system32\win32k.sys 13f 0xA007039D \??\C:\WINNT\system32\win32k.sys 140 0xA00E055D \??\C:\WINNT\system32\win32k.sys 141 0xA0067C07 \??\C:\WINNT\system32\win32k.sys 142 0xA005DB2E \??\C:\WINNT\system32\win32k.sys 143 0xA005DB79 \??\C:\WINNT\system32\win32k.sys 144 0xA005B3B9 \??\C:\WINNT\system32\win32k.sys 145 0xA006901A \??\C:\WINNT\system32\win32k.sys 146 0xA0054963 \??\C:\WINNT\system32\win32k.sys 147 0xA003E955 \??\C:\WINNT\system32\win32k.sys 148 0xA0093ECC \??\C:\WINNT\system32\win32k.sys 149 0xA007B156 \??\C:\WINNT\system32\win32k.sys 14a 0xA0005EF5 \??\C:\WINNT\system32\win32k.sys 14b 0xA00E30FE \??\C:\WINNT\system32\win32k.sys 14c 0xA0068068 \??\C:\WINNT\system32\win32k.sys 14d 0xA003300A \??\C:\WINNT\system32\win32k.sys 14e 0xA00054F6 \??\C:\WINNT\system32\win32k.sys 14f 0xA00B22A1 \??\C:\WINNT\system32\win32k.sys 150 0xA005455A \??\C:\WINNT\system32\win32k.sys 151 0xA00B1448 \??\C:\WINNT\system32\win32k.sys 152 0xA006B3C3 \??\C:\WINNT\system32\win32k.sys 153 0xA007DB49 \??\C:\WINNT\system32\win32k.sys 154 0xA007D418 \??\C:\WINNT\system32\win32k.sys 155 0xA00A9D7E \??\C:\WINNT\system32\win32k.sys 156 0xA00349EC \??\C:\WINNT\system32\win32k.sys 157 0xA00E3145 \??\C:\WINNT\system32\win32k.sys 158 0xA008B13B \??\C:\WINNT\system32\win32k.sys 159 0xA0027A44 \??\C:\WINNT\system32\win32k.sys 15a 0xA00E38C9 \??\C:\WINNT\system32\win32k.sys 15b 0xA002A916 \??\C:\WINNT\system32\win32k.sys 15c 0xA00E1809 \??\C:\WINNT\system32\win32k.sys 15d 0xA00DF42C \??\C:\WINNT\system32\win32k.sys 15e 0xA00E0838 \??\C:\WINNT\system32\win32k.sys 15f 0xA00E0911 \??\C:\WINNT\system32\win32k.sys 160 0xA005DE69 \??\C:\WINNT\system32\win32k.sys 161 0xA0077BC7 \??\C:\WINNT\system32\win32k.sys 162 0xA00E1BD7 \??\C:\WINNT\system32\win32k.sys 163 0xA0067ED6 \??\C:\WINNT\system32\win32k.sys 164 0xA0062EB6 \??\C:\WINNT\system32\win32k.sys 165 0xA0093E54 \??\C:\WINNT\system32\win32k.sys 166 0xA006B371 \??\C:\WINNT\system32\win32k.sys 167 0xA00E09DE \??\C:\WINNT\system32\win32k.sys 168 0xA00299C6 \??\C:\WINNT\system32\win32k.sys 169 0xA00A8055 \??\C:\WINNT\system32\win32k.sys 16a 0xA00A96E4 \??\C:\WINNT\system32\win32k.sys 16b 0xA00A6382 \??\C:\WINNT\system32\win32k.sys 16c 0xA00DFB3C \??\C:\WINNT\system32\win32k.sys 16d 0xA006ADC0 \??\C:\WINNT\system32\win32k.sys 16e 0xA007EC89 \??\C:\WINNT\system32\win32k.sys 16f 0xA001E3C9 \??\C:\WINNT\system32\win32k.sys 170 0xA006C0E2 \??\C:\WINNT\system32\win32k.sys 171 0xA00E3BC3 \??\C:\WINNT\system32\win32k.sys 172 0xA00E028E \??\C:\WINNT\system32\win32k.sys 173 0xA00E0211 \??\C:\WINNT\system32\win32k.sys 174 0xA00E3676 \??\C:\WINNT\system32\win32k.sys 175 0xA00795EC \??\C:\WINNT\system32\win32k.sys 176 0xA00898AB \??\C:\WINNT\system32\win32k.sys 177 0xA00E1323 \??\C:\WINNT\system32\win32k.sys 178 0xA00347EE \??\C:\WINNT\system32\win32k.sys 179 0xA0077FD1 \??\C:\WINNT\system32\win32k.sys 17a 0xA0067F8B \??\C:\WINNT\system32\win32k.sys 17b 0xA0089EF2 \??\C:\WINNT\system32\win32k.sys 17c 0xA008B0F0 \??\C:\WINNT\system32\win32k.sys 17d 0xA007AF02 \??\C:\WINNT\system32\win32k.sys 17e 0xA00E0A24 \??\C:\WINNT\system32\win32k.sys 17f 0xA00E05EB \??\C:\WINNT\system32\win32k.sys 180 0xA00DFFAF \??\C:\WINNT\system32\win32k.sys 181 0xA0073A61 \??\C:\WINNT\system32\win32k.sys 182 0xA0064BB7 \??\C:\WINNT\system32\win32k.sys 183 0xA007AE54 \??\C:\WINNT\system32\win32k.sys 184 0xA007ED93 \??\C:\WINNT\system32\win32k.sys 185 0xA00E0089 \??\C:\WINNT\system32\win32k.sys 186 0xA0018D94 \??\C:\WINNT\system32\win32k.sys 187 0xA007EE45 \??\C:\WINNT\system32\win32k.sys 188 0xA008AEF2 \??\C:\WINNT\system32\win32k.sys 189 0xA0028605 \??\C:\WINNT\system32\win32k.sys 18a 0xA00B8F27 \??\C:\WINNT\system32\win32k.sys 18b 0xA00DFE1F \??\C:\WINNT\system32\win32k.sys 18c 0xA009234F \??\C:\WINNT\system32\win32k.sys 18d 0xA0077C92 \??\C:\WINNT\system32\win32k.sys 18e 0xA00E3533 \??\C:\WINNT\system32\win32k.sys 18f 0xA00E33B4 \??\C:\WINNT\system32\win32k.sys 190 0xA00DFBE1 \??\C:\WINNT\system32\win32k.sys 191 0xA006AF30 \??\C:\WINNT\system32\win32k.sys 192 0xA00B0805 \??\C:\WINNT\system32\win32k.sys 193 0xA006CFB9 \??\C:\WINNT\system32\win32k.sys 194 0xA004B5F8 \??\C:\WINNT\system32\win32k.sys 195 0xA0078F7D \??\C:\WINNT\system32\win32k.sys 196 0xA00E005F \??\C:\WINNT\system32\win32k.sys 197 0xA00E03B7 \??\C:\WINNT\system32\win32k.sys 198 0xA00E0729 \??\C:\WINNT\system32\win32k.sys 199 0xA00AFF64 \??\C:\WINNT\system32\win32k.sys 19a 0xA001557C \??\C:\WINNT\system32\win32k.sys 19b 0xA00E0F5A \??\C:\WINNT\system32\win32k.sys 19c 0xA005B042 \??\C:\WINNT\system32\win32k.sys 19d 0xA003E974 \??\C:\WINNT\system32\win32k.sys 19e 0xA00B121A \??\C:\WINNT\system32\win32k.sys 19f 0xA005AD37 \??\C:\WINNT\system32\win32k.sys 1a0 0xA00E015E \??\C:\WINNT\system32\win32k.sys 1a1 0xA003A283 \??\C:\WINNT\system32\win32k.sys 1a2 0xA005AC7E \??\C:\WINNT\system32\win32k.sys 1a3 0xA0028D97 \??\C:\WINNT\system32\win32k.sys 1a4 0xA00DFEE0 \??\C:\WINNT\system32\win32k.sys 1a5 0xA003812E \??\C:\WINNT\system32\win32k.sys 1a6 0xA00401A8 \??\C:\WINNT\system32\win32k.sys 1a7 0xA00795BA \??\C:\WINNT\system32\win32k.sys 1a8 0xA007E0FE \??\C:\WINNT\system32\win32k.sys 1a9 0xA00D6446 \??\C:\WINNT\system32\win32k.sys 1aa 0xA00DF067 \??\C:\WINNT\system32\win32k.sys 1ab 0xA0079439 \??\C:\WINNT\system32\win32k.sys 1ac 0xA004B2C9 \??\C:\WINNT\system32\win32k.sys 1ad 0xA00E198D \??\C:\WINNT\system32\win32k.sys 1ae 0xA000F37B \??\C:\WINNT\system32\win32k.sys 1af 0xA000C517 \??\C:\WINNT\system32\win32k.sys 1b0 0xA00B612C \??\C:\WINNT\system32\win32k.sys 1b1 0xA00B8FB8 \??\C:\WINNT\system32\win32k.sys 1b2 0xA00296AD \??\C:\WINNT\system32\win32k.sys 1b3 0xA006A94B \??\C:\WINNT\system32\win32k.sys 1b4 0xA007AF50 \??\C:\WINNT\system32\win32k.sys 1b5 0xA001966F \??\C:\WINNT\system32\win32k.sys 1b6 0xA00B94A9 \??\C:\WINNT\system32\win32k.sys 1b7 0xA00008F1 \??\C:\WINNT\system32\win32k.sys 1b8 0xA00AA142 \??\C:\WINNT\system32\win32k.sys 1b9 0xA00DF336 \??\C:\WINNT\system32\win32k.sys 1ba 0xA007BF9B \??\C:\WINNT\system32\win32k.sys 1bb 0xA00E1298 \??\C:\WINNT\system32\win32k.sys 1bc 0xA0018B5E \??\C:\WINNT\system32\win32k.sys 1bd 0xA006965B \??\C:\WINNT\system32\win32k.sys 1be 0xA00E0B4A \??\C:\WINNT\system32\win32k.sys 1bf 0xA00E0A90 \??\C:\WINNT\system32\win32k.sys 1c0 0xA007E718 \??\C:\WINNT\system32\win32k.sys 1c1 0xA007D84C \??\C:\WINNT\system32\win32k.sys 1c2 0xA00E386B \??\C:\WINNT\system32\win32k.sys 1c3 0xA005ACFA \??\C:\WINNT\system32\win32k.sys 1c4 0xA00DFDC8 \??\C:\WINNT\system32\win32k.sys 1c5 0xA0067D47 \??\C:\WINNT\system32\win32k.sys 1c6 0xA0053CF8 \??\C:\WINNT\system32\win32k.sys 1c7 0xA000098D \??\C:\WINNT\system32\win32k.sys 1c8 0xA005424A \??\C:\WINNT\system32\win32k.sys 1c9 0xA005D443 \??\C:\WINNT\system32\win32k.sys 1ca 0xA0018AA8 \??\C:\WINNT\system32\win32k.sys 1cb 0xA0015799 \??\C:\WINNT\system32\win32k.sys 1cc 0xA001B951 \??\C:\WINNT\system32\win32k.sys 1cd 0xA005C576 \??\C:\WINNT\system32\win32k.sys 1ce 0xA00E13D3 \??\C:\WINNT\system32\win32k.sys 1cf 0xA00E3224 \??\C:\WINNT\system32\win32k.sys 1d0 0xA00E185C \??\C:\WINNT\system32\win32k.sys 1d1 0xA00E39AA \??\C:\WINNT\system32\win32k.sys 1d2 0xA002C7D3 \??\C:\WINNT\system32\win32k.sys 1d3 0xA00E0258 \??\C:\WINNT\system32\win32k.sys 1d4 0xA00790F1 \??\C:\WINNT\system32\win32k.sys 1d5 0xA0059D3F \??\C:\WINNT\system32\win32k.sys 1d6 0xA0000FE4 \??\C:\WINNT\system32\win32k.sys 1d7 0xA00DFD23 \??\C:\WINNT\system32\win32k.sys 1d8 0xA002B66A \??\C:\WINNT\system32\win32k.sys 1d9 0xA008B00E \??\C:\WINNT\system32\win32k.sys 1da 0xA007A5F8 \??\C:\WINNT\system32\win32k.sys 1db 0xA005D986 \??\C:\WINNT\system32\win32k.sys 1dc 0xA00B6495 \??\C:\WINNT\system32\win32k.sys 1dd 0xA00A9F51 \??\C:\WINNT\system32\win32k.sys 1de 0xA00167EC \??\C:\WINNT\system32\win32k.sys 1df 0xA0067459 \??\C:\WINNT\system32\win32k.sys 1e0 0xA007658B \??\C:\WINNT\system32\win32k.sys 1e1 0xA006B026 \??\C:\WINNT\system32\win32k.sys 1e2 0xA0091E24 \??\C:\WINNT\system32\win32k.sys 1e3 0xA00781AC \??\C:\WINNT\system32\win32k.sys 1e4 0xA001B8F0 \??\C:\WINNT\system32\win32k.sys 1e5 0xA00E3610 \??\C:\WINNT\system32\win32k.sys 1e6 0xA007875B \??\C:\WINNT\system32\win32k.sys 1e7 0xA0070CBD \??\C:\WINNT\system32\win32k.sys 1e8 0xA00E0B8F \??\C:\WINNT\system32\win32k.sys 1e9 0xA0069092 \??\C:\WINNT\system32\win32k.sys 1ea 0xA005487C \??\C:\WINNT\system32\win32k.sys 1eb 0xA005CFCF \??\C:\WINNT\system32\win32k.sys 1ec 0xA0028AAB \??\C:\WINNT\system32\win32k.sys 1ed 0xA00E115D \??\C:\WINNT\system32\win32k.sys 1ee 0xA0092078 \??\C:\WINNT\system32\win32k.sys 1ef 0xA00E079A \??\C:\WINNT\system32\win32k.sys 1f0 0xA00796A1 \??\C:\WINNT\system32\win32k.sys 1f1 0xA00B93A5 \??\C:\WINNT\system32\win32k.sys 1f2 0xA00E3482 \??\C:\WINNT\system32\win32k.sys 1f3 0xA00E36F6 \??\C:\WINNT\system32\win32k.sys 1f4 0xA005B621 \??\C:\WINNT\system32\win32k.sys 1f5 0xA005CF92 \??\C:\WINNT\system32\win32k.sys 1f6 0xA00E048C \??\C:\WINNT\system32\win32k.sys 1f7 0xA006CEC0 \??\C:\WINNT\system32\win32k.sys 1f8 0xA0006E5F \??\C:\WINNT\system32\win32k.sys 1f9 0xA00695B7 \??\C:\WINNT\system32\win32k.sys 1fa 0xA00AA0CC \??\C:\WINNT\system32\win32k.sys 1fb 0xA00AFD5C \??\C:\WINNT\system32\win32k.sys 1fc 0xA00E080E \??\C:\WINNT\system32\win32k.sys 1fd 0xA00DF0A9 \??\C:\WINNT\system32\win32k.sys 1fe 0xA007DE1D \??\C:\WINNT\system32\win32k.sys 1ff 0xA0053CDA \??\C:\WINNT\system32\win32k.sys 200 0xA007A571 \??\C:\WINNT\system32\win32k.sys 201 0xA00E0780 \??\C:\WINNT\system32\win32k.sys 202 0xA0016F12 \??\C:\WINNT\system32\win32k.sys 203 0xA000102F \??\C:\WINNT\system32\win32k.sys 204 0xA00E0BC2 \??\C:\WINNT\system32\win32k.sys 205 0xA00E110D \??\C:\WINNT\system32\win32k.sys 206 0xA006E779 \??\C:\WINNT\system32\win32k.sys 207 0xA00B08AB \??\C:\WINNT\system32\win32k.sys 208 0xA0053C7B \??\C:\WINNT\system32\win32k.sys 209 0xA00E37F1 \??\C:\WINNT\system32\win32k.sys 20a 0xA007EC20 \??\C:\WINNT\system32\win32k.sys 20b 0xA0018C55 \??\C:\WINNT\system32\win32k.sys 20c 0xA0079B77 \??\C:\WINNT\system32\win32k.sys 20d 0xA00382DE \??\C:\WINNT\system32\win32k.sys 20e 0xA004821D \??\C:\WINNT\system32\win32k.sys 20f 0xA002EAB1 \??\C:\WINNT\system32\win32k.sys 210 0xA0094217 \??\C:\WINNT\system32\win32k.sys 211 0xA0000577 \??\C:\WINNT\system32\win32k.sys 212 0xA003B694 \??\C:\WINNT\system32\win32k.sys 213 0xA0004DD8 \??\C:\WINNT\system32\win32k.sys 214 0xA0070C8A \??\C:\WINNT\system32\win32k.sys 215 0xA00DFD4D \??\C:\WINNT\system32\win32k.sys 216 0xA007946B \??\C:\WINNT\system32\win32k.sys 217 0xA006BF1A \??\C:\WINNT\system32\win32k.sys 218 0xA003764A \??\C:\WINNT\system32\win32k.sys 219 0xA005D8E1 \??\C:\WINNT\system32\win32k.sys 21a 0xA00E1420 \??\C:\WINNT\system32\win32k.sys 21b 0xA0000A36 \??\C:\WINNT\system32\win32k.sys 21c 0xA002280F \??\C:\WINNT\system32\win32k.sys 21d 0xA00B6AFA \??\C:\WINNT\system32\win32k.sys 21e 0xA006E7F2 \??\C:\WINNT\system32\win32k.sys 21f 0xA0023155 \??\C:\WINNT\system32\win32k.sys 220 0xA0066D64 \??\C:\WINNT\system32\win32k.sys 221 0xA0061046 \??\C:\WINNT\system32\win32k.sys 222 0xA00E0DF8 \??\C:\WINNT\system32\win32k.sys 223 0xA0080965 \??\C:\WINNT\system32\win32k.sys 224 0xA007B708 \??\C:\WINNT\system32\win32k.sys 225 0xA003B994 \??\C:\WINNT\system32\win32k.sys 226 0xA00DFD9C \??\C:\WINNT\system32\win32k.sys 227 0xA00E17E5 \??\C:\WINNT\system32\win32k.sys 228 0xA000087E \??\C:\WINNT\system32\win32k.sys 229 0xA005E5B8 \??\C:\WINNT\system32\win32k.sys 22a 0xA00E0EFC \??\C:\WINNT\system32\win32k.sys 22b 0xA00E31DE \??\C:\WINNT\system32\win32k.sys 22c 0xA00DFA9D \??\C:\WINNT\system32\win32k.sys 22d 0xA00A45B1 \??\C:\WINNT\system32\win32k.sys 22e 0xA00E3D00 \??\C:\WINNT\system32\win32k.sys 22f 0xA0003609 \??\C:\WINNT\system32\win32k.sys 230 0xA00E1462 \??\C:\WINNT\system32\win32k.sys 231 0xA00E1446 \??\C:\WINNT\system32\win32k.sys 232 0xA0089D91 \??\C:\WINNT\system32\win32k.sys 233 0xA007B9D9 \??\C:\WINNT\system32\win32k.sys 234 0xA0060573 \??\C:\WINNT\system32\win32k.sys 235 0xA00A9747 \??\C:\WINNT\system32\win32k.sys 236 0xA0018B39 \??\C:\WINNT\system32\win32k.sys 237 0xA00DF0A4 \??\C:\WINNT\system32\win32k.sys 238 0xA002CAD8 \??\C:\WINNT\system32\win32k.sys 239 0xA00B6ACA \??\C:\WINNT\system32\win32k.sys 23a 0xA00DEF09 \??\C:\WINNT\system32\win32k.sys 23b 0xA00DEF4F \??\C:\WINNT\system32\win32k.sys 23c 0xA00DEF98 \??\C:\WINNT\system32\win32k.sys 23d 0xA00DEFE8 \??\C:\WINNT\system32\win32k.sys 23e 0xA00DF021 \??\C:\WINNT\system32\win32k.sys 23f 0xA009B9D9 \??\C:\WINNT\system32\win32k.sys 240 0xA00AA3EE \??\C:\WINNT\system32\win32k.sys 241 0xA009B593 \??\C:\WINNT\system32\win32k.sys 242 0xA0135959 \??\C:\WINNT\system32\win32k.sys 243 0xA00436AD \??\C:\WINNT\system32\win32k.sys 244 0xA00457D5 \??\C:\WINNT\system32\win32k.sys 245 0xA013365D \??\C:\WINNT\system32\win32k.sys 246 0xA004100E \??\C:\WINNT\system32\win32k.sys 247 0xA009A713 \??\C:\WINNT\system32\win32k.sys 248 0xA013520E \??\C:\WINNT\system32\win32k.sys 249 0xA00AA49B \??\C:\WINNT\system32\win32k.sys 24a 0xA00AA39B \??\C:\WINNT\system32\win32k.sys 24b 0xA00AB04E \??\C:\WINNT\system32\win32k.sys 24c 0xA00B4691 \??\C:\WINNT\system32\win32k.sys 24d 0xA0133E02 \??\C:\WINNT\system32\win32k.sys 24e 0xA00BE93C \??\C:\WINNT\system32\win32k.sys 24f 0xA00BDF2A \??\C:\WINNT\system32\win32k.sys 250 0xA0134458 \??\C:\WINNT\system32\win32k.sys 251 0xA00BD5E7 \??\C:\WINNT\system32\win32k.sys 252 0xA01346EF \??\C:\WINNT\system32\win32k.sys 253 0xA0134876 \??\C:\WINNT\system32\win32k.sys 254 0xA0134A04 \??\C:\WINNT\system32\win32k.sys 255 0xA0134BFB \??\C:\WINNT\system32\win32k.sys 256 0xA0134E64 \??\C:\WINNT\system32\win32k.sys 257 0xA00AAE3B \??\C:\WINNT\system32\win32k.sys 258 0xA0133A74 \??\C:\WINNT\system32\win32k.sys 259 0xA0135C86 \??\C:\WINNT\system32\win32k.sys 25a 0xA0135D21 \??\C:\WINNT\system32\win32k.sys 25b 0xA0135C4F \??\C:\WINNT\system32\win32k.sys 25c 0xA01353B2 \??\C:\WINNT\system32\win32k.sys 25d 0xA013536E \??\C:\WINNT\system32\win32k.sys 25e 0xA01352EA \??\C:\WINNT\system32\win32k.sys 25f 0xA0135310 \??\C:\WINNT\system32\win32k.sys 260 0xA0135332 \??\C:\WINNT\system32\win32k.sys 261 0xA013534C \??\C:\WINNT\system32\win32k.sys 262 0xA01354C7 \??\C:\WINNT\system32\win32k.sys 263 0xA0135442 \??\C:\WINNT\system32\win32k.sys 264 0xA0135486 \??\C:\WINNT\system32\win32k.sys 265 0xA004C56A \??\C:\WINNT\system32\win32k.sys 266 0xA009AD10 \??\C:\WINNT\system32\win32k.sys 267 0xA009A930 \??\C:\WINNT\system32\win32k.sys 268 0xA00AA83C \??\C:\WINNT\system32\win32k.sys 269 0xA009A9E2 \??\C:\WINNT\system32\win32k.sys 26a 0xA00AA8A7 \??\C:\WINNT\system32\win32k.sys 26b 0xA009A627 \??\C:\WINNT\system32\win32k.sys 26c 0xA0135682 \??\C:\WINNT\system32\win32k.sys 26d 0xA013577D \??\C:\WINNT\system32\win32k.sys 26e 0xA0135B73 \??\C:\WINNT\system32\win32k.sys 26f 0xA01355D6 \??\C:\WINNT\system32\win32k.sys 270 0xA01358C5 \??\C:\WINNT\system32\win32k.sys 271 0xA009A774 \??\C:\WINNT\system32\win32k.sys 272 0xA00AA534 \??\C:\WINNT\system32\win32k.sys 273 0xA009A78A \??\C:\WINNT\system32\win32k.sys 274 0xA01358FE \??\C:\WINNT\system32\win32k.sys 275 0xA004F92E \??\C:\WINNT\system32\win32k.sys 276 0xA004F9DB \??\C:\WINNT\system32\win32k.sys 277 0xA004F9AF \??\C:\WINNT\system32\win32k.sys 278 0xA01359E0 \??\C:\WINNT\system32\win32k.sys 279 0xA0135A87 \??\C:\WINNT\system32\win32k.sys 27a 0xA0135935 \??\C:\WINNT\system32\win32k.sys 27b 0xA0135D60 \??\C:\WINNT\system32\win32k.sys 27c 0xA0135DC3 \??\C:\WINNT\system32\win32k.sys 27d 0xA0135E52 \??\C:\WINNT\system32\win32k.sys 27e 0xA01155D8 \??\C:\WINNT\system32\win32k.sys PspCidTable: 0x8046B360(46b360) 1. TABLE: 0xFCE250A8(14420a8): Table: 0xE1004000 QuotaProcess: ProcessId: 0 HandleCount: 278 CapturedHandleCount: 279 TableLevel: 2 StrictFIFO: No OBJECT: 0xFCE009E0(141d9e0) Type: 6 Thread Object Header: 0xFCE009C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000004 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCE00C60(141dc60) Type: 5 Process Object Header: 0xFCE00C48 GrantedAccess: 0 PointerCount: 44 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: System OBJECT: 0xFCE00280(141d280) Type: 6 Thread Object Header: 0xFCE00268 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000000C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF020(141c020) Type: 6 Thread Object Header: 0xFCDFF008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000010 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFFDA0(141cda0) Type: 6 Thread Object Header: 0xFCDFFD88 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000014 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFFB20(141cb20) Type: 6 Thread Object Header: 0xFCDFFB08 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000018 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF8A0(141c8a0) Type: 6 Thread Object Header: 0xFCDFF888 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000001C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF620(141c620) Type: 6 Thread Object Header: 0xFCDFF608 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000020 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF3A0(141c3a0) Type: 6 Thread Object Header: 0xFCDFF388 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000024 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFE020(141b020) Type: 6 Thread Object Header: 0xFCDFE008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000028 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFEDA0(141bda0) Type: 6 Thread Object Header: 0xFCDFED88 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000002C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFEB20(141bb20) Type: 6 Thread Object Header: 0xFCDFEB08 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000030 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFD1E0(141a1e0) Type: 6 Thread Object Header: 0xFCDFD1C8 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000034 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFC020(1419020) Type: 6 Thread Object Header: 0xFCDFC008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000038 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFCDA0(1419da0) Type: 6 Thread Object Header: 0xFCDFCD88 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000003C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFCB20(1419b20) Type: 6 Thread Object Header: 0xFCDFCB08 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000040 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFC2E0(14192e0) Type: 6 Thread Object Header: 0xFCDFC2C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000044 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDF8020(1415020) Type: 6 Thread Object Header: 0xFCDF8008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000048 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDF3DA0(1410da0) Type: 6 Thread Object Header: 0xFCDF3D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000004C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD30BC0(134dbc0) Type: 6 Thread Object Header: 0xFCD30BA8 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000050 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD2D560(134a560) Type: 6 Thread Object Header: 0xFCD2D548 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000054 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDA5020(13c2020) Type: 6 Thread Object Header: 0xFCDA5008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000058 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDB1020(13ce020) Type: 6 Thread Object Header: 0xFCDB1008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000005C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCCC4980(12e1980) Type: 6 Thread Object Header: 0xFCCC4968 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000060 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCCC4700(12e1700) Type: 6 Thread Object Header: 0xFCCC46E8 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000064 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD995A0(13b65a0) Type: 6 Thread Object Header: 0xFCD99588 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000068 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD99320(13b6320) Type: 6 Thread Object Header: 0xFCD99308 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000006C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD98C40(13b5c40) Type: 6 Thread Object Header: 0xFCD98C28 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000070 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD8D020(13aa020) Type: 6 Thread Object Header: 0xFCD8D008 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000074 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD8D420(13aa420) Type: 6 Thread Object Header: 0xFCD8D408 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000078 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD67B20(1384b20) Type: 6 Thread Object Header: 0xFCD67B08 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000007C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD67DA0(1384da0) Type: 6 Thread Object Header: 0xFCD67D88 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000080 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC84020(12a1020) Type: 6 Thread Object Header: 0xFCC84008 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000084 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC84DA0(12a1da0) Type: 6 Thread Object Header: 0xFCC84D88 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000088 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCA363A0(10533a0) Type: 6 Thread Object Header: 0xFCA36388 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.0000008C ThreadsProcess: 0xFCA36620 OBJECT: 0xFCD64020(1381020) Type: 6 Thread Object Header: 0xFCD64008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000090 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD64AE0(1381ae0) Type: 6 Thread Object Header: 0xFCD64AC8 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.00000094 ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCD64D60(1381d60) Type: 5 Process Object Header: 0xFCD64D48 GrantedAccess: 0 PointerCount: 12 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: smss.exe OBJECT: 0xFCD64800(1381800) Type: 6 Thread Object Header: 0xFCD647E8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.0000009C ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCD64560(1381560) Type: 6 Thread Object Header: 0xFCD64548 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000A0 ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCD5C380(1379380) Type: 6 Thread Object Header: 0xFCD5C368 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000A4 ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCD5C020(1379020) Type: 6 Thread Object Header: 0xFCD5C008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000A8 ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCC62020(127f020) Type: 6 Thread Object Header: 0xFCC62008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000AC ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCA36620(1053620) Type: 5 Process Object Header: 0xFCA36608 GrantedAccess: 0 PointerCount: 217 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: winlogon.exe OBJECT: 0xFCC62B00(127fb00) Type: 5 Process Object Header: 0xFCC62AE8 GrantedAccess: 0 PointerCount: 141 HandleCount: 3 SecurityDescriptor: 0xE1D39478(689e478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x20c79;;;SY) ImageFileName: csrss.exe OBJECT: 0xFCC5A500(1277500) Type: 6 Thread Object Header: 0xFCC5A4E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000B8 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA371A0(10541a0) Type: 6 Thread Object Header: 0xFCA37188 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000BC ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA36CA0(1053ca0) Type: 6 Thread Object Header: 0xFCA36C88 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C0 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA36960(1053960) Type: 6 Thread Object Header: 0xFCA36948 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C4 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA33D60(1050d60) Type: 6 Thread Object Header: 0xFCA33D48 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C8 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA2E620(104b620) Type: 6 Thread Object Header: 0xFCA2E608 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000CC ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA2D020(104a020) Type: 6 Thread Object Header: 0xFCA2D008 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000D0 ThreadsProcess: 0xFCC62B00 OBJECT: 0x82000000 OBJECT: 0xFCA2C620(1049620) Type: 6 Thread Object Header: 0xFCA2C608 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000D8 ThreadsProcess: 0xFCA36620 OBJECT: 0xFCA2B020(1048020) Type: 6 Thread Object Header: 0xFCA2B008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000DC ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1D9020(1ee9020) Type: 6 Thread Object Header: 0xFF1D9008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000E0 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFCA2BBC0(1048bc0) Type: 5 Process Object Header: 0xFCA2BBA8 GrantedAccess: 0 PointerCount: 261 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xFCA2B560(1048560) Type: 6 Thread Object Header: 0xFCA2B548 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000E8 ThreadsProcess: 0xFCA36620 OBJECT: 0x82000000 OBJECT: 0xFCA2A500(1047500) Type: 5 Process Object Header: 0xFCA2A4E8 GrantedAccess: 0 PointerCount: 126 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xFCA27480(1044480) Type: 6 Thread Object Header: 0xFCA27468 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000F4 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA25B80(1042b80) Type: 6 Thread Object Header: 0xFCA25B68 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000F8 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFCA25500(1042500) Type: 6 Thread Object Header: 0xFCA254E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000000FC ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF28F020(79f0020) Type: 6 Thread Object Header: 0xFF28F008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000100 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF28F620(79f0620) Type: 6 Thread Object Header: 0xFF28F608 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000104 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF28E020(7b2d020) Type: 6 Thread Object Header: 0xFF28E008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000108 ThreadsProcess: 0xFCA36620 OBJECT: 0x82000000 OBJECT: 0xFF28D020(ff6020) Type: 6 Thread Object Header: 0xFF28D008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000110 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF28DBA0(ff6ba0) Type: 6 Thread Object Header: 0xFF28DB88 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000114 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF28A1E0(fc41e0) Type: 6 Thread Object Header: 0xFF28A1C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000118 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF143C00(3dc8c00) Type: 6 Thread Object Header: 0xFF143BE8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.0000011C ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF288020(8ad020) Type: 6 Thread Object Header: 0xFF288008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000120 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF1DB4A0(1dae4a0) Type: 6 Thread Object Header: 0xFF1DB488 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000124 ThreadsProcess: 0xFF277520 OBJECT: 0xFF288600(8ad600) Type: 6 Thread Object Header: 0xFF2885E8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.0000012C ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF1CB020(2d34020) Type: 5 Process Object Header: 0xFF1CB008 GrantedAccess: 0 PointerCount: 89 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: helix.exe OBJECT: 0xFF287AC0(945ac0) Type: 6 Thread Object Header: 0xFF287AA8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000134 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF286980(8aa980) Type: 6 Thread Object Header: 0xFF286968 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000138 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF285DA0(92eda0) Type: 6 Thread Object Header: 0xFF285D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000013C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF284DA0(a93da0) Type: 6 Thread Object Header: 0xFF284D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000140 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF12E3A0(6643a0) Type: 6 Thread Object Header: 0xFF12E388 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000144 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF148900(26c9900) Type: 6 Thread Object Header: 0xFF1488E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000148 ThreadsProcess: 0xFF277520 OBJECT: 0xFF284520(a93520) Type: 6 Thread Object Header: 0xFF284508 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000014C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF284260(a93260) Type: 6 Thread Object Header: 0xFF284248 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000150 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF18C4A0(3a594a0) Type: 6 Thread Object Header: 0xFF18C488 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002D0.00000154 ThreadsProcess: 0xFF1FD720 OBJECT: 0xFF282940(9de940) Type: 6 Thread Object Header: 0xFF282928 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000158 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27FDA0(a06da0) Type: 6 Thread Object Header: 0xFF27FD88 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000015C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0x82000000 OBJECT: 0xFF1DB860(1dae860) Type: 6 Thread Object Header: 0xFF1DB848 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000164 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF280D20(ae5d20) Type: 6 Thread Object Header: 0xFF280D08 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000168 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27F020(a06020) Type: 6 Thread Object Header: 0xFF27F008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000016C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27E020(aef020) Type: 6 Thread Object Header: 0xFF27E008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000170 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27EDA0(aefda0) Type: 6 Thread Object Header: 0xFF27ED88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000174 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27B660(eb3660) Type: 6 Thread Object Header: 0xFF27B648 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000178 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27A460(cd9460) Type: 6 Thread Object Header: 0xFF27A448 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000017C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF278DA0(dfada0) Type: 6 Thread Object Header: 0xFF278D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000180 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2782E0(dfa2e0) Type: 6 Thread Object Header: 0xFF2782C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000184 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF278760(dfa760) Type: 6 Thread Object Header: 0xFF278748 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000188 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF12A8A0(49328a0) Type: 6 Thread Object Header: 0xFF12A888 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.0000018C ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF276020(dcd020) Type: 6 Thread Object Header: 0xFF276008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000190 ThreadsProcess: 0xFF277520 OBJECT: 0xFF277520(dd0520) Type: 5 Process Object Header: 0xFF277508 GrantedAccess: 0 PointerCount: 120 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF276A60(dcda60) Type: 6 Thread Object Header: 0xFF276A48 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000198 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2767A0(dcd7a0) Type: 6 Thread Object Header: 0xFF276788 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000019C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2757C0(dbd7c0) Type: 6 Thread Object Header: 0xFF2757A8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000001A0 ThreadsProcess: 0xFF277520 OBJECT: 0xFF273180(ec5180) Type: 6 Thread Object Header: 0xFF273168 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000001A4 ThreadsProcess: 0xFF277520 OBJECT: 0xFF26F020(f74020) Type: 6 Thread Object Header: 0xFF26F008 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000001A8 ThreadsProcess: 0xFF277520 OBJECT: 0xFF26ED80(f7ed80) Type: 6 Thread Object Header: 0xFF26ED68 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001AC ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF2748A0(e3e8a0) Type: 5 Process Object Header: 0xFF274888 GrantedAccess: 0 PointerCount: 48 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: spoolsv.exe OBJECT: 0xFF26DC40(f2cc40) Type: 6 Thread Object Header: 0xFF26DC28 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001B4 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF26D4A0(f2c4a0) Type: 6 Thread Object Header: 0xFF26D488 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001B8 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF26CDA0(fadda0) Type: 6 Thread Object Header: 0xFF26CD88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001BC ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF26C460(fad460) Type: 6 Thread Object Header: 0xFF26C448 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001C4 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF269860(2e5860) Type: 6 Thread Object Header: 0xFF269848 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.000001C8 ThreadsProcess: 0xFF269BA0 OBJECT: 0xFF269BA0(2e5ba0) Type: 5 Process Object Header: 0xFF269B88 GrantedAccess: 0 PointerCount: 21 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avsynmgr.exe OBJECT: 0xFF267020(f86020) Type: 6 Thread Object Header: 0xFF267008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.000001D0 ThreadsProcess: 0xFF269BA0 OBJECT: 0xFF267600(f86600) Type: 6 Thread Object Header: 0xFF2675E8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D8.000001D4 ThreadsProcess: 0xFF267D60 OBJECT: 0xFF267D60(f86d60) Type: 5 Process Object Header: 0xFF267D48 GrantedAccess: 0 PointerCount: 15 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: dfrws2005.exe OBJECT: 0xFF25F3C0(1b163c0) Type: 6 Thread Object Header: 0xFF25F3A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D8.000001DC ThreadsProcess: 0xFF267D60 OBJECT: 0x82000000 OBJECT: 0xFF25E980(1d8980) Type: 6 Thread Object Header: 0xFF25E968 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001E4 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF25DB80(18ffb80) Type: 6 Thread Object Header: 0xFF25DB68 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000001E8 ThreadsProcess: 0xFF277960 OBJECT: 0xFF277960(dd0960) Type: 5 Process Object Header: 0xFF277948 GrantedAccess: 0 PointerCount: 122 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0x82000000 OBJECT: 0xFF25ADA0(2272da0) Type: 6 Thread Object Header: 0xFF25AD88 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001F8.000001F4 ThreadsProcess: 0xFF25A020 OBJECT: 0xFF25A020(2272020) Type: 5 Process Object Header: 0xFF25A008 GrantedAccess: 0 PointerCount: 68 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: nc.exe OBJECT: 0xFF259C40(26f8c40) Type: 6 Thread Object Header: 0xFF259C28 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000001FC ThreadsProcess: 0xFF277960 OBJECT: 0xFF255020(23a6020) Type: 6 Thread Object Header: 0xFF255008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001F8.00000200 ThreadsProcess: 0xFF25A020 OBJECT: 0x82000000 OBJECT: 0xFF2480C0(4b880c0) Type: 6 Thread Object Header: 0xFF2480A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000208 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF24F020(7ac020) Type: 6 Thread Object Header: 0xFF24F008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.0000020C ThreadsProcess: 0xFCC62B00 OBJECT: 0xFF217580(53ca580) Type: 6 Thread Object Header: 0xFF217568 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000210 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF250020(7c7020) Type: 6 Thread Object Header: 0xFF250008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000214 ThreadsProcess: 0xFF277960 OBJECT: 0xFF247760(4bc8760) Type: 6 Thread Object Header: 0xFF247748 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000218 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF228560(4f13560) Type: 6 Thread Object Header: 0xFF228548 GrantedAccess: 0 PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000021C ThreadsProcess: 0xFF277960 OBJECT: 0xFF245020(4c75020) Type: 6 Thread Object Header: 0xFF245008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000224.00000220 ThreadsProcess: 0xFF2461E0 OBJECT: 0xFF2461E0(4be51e0) Type: 5 Process Object Header: 0xFF2461C8 GrantedAccess: 0 PointerCount: 82 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: UMGR32.EXE OBJECT: 0xFF2433E0(55b33e0) Type: 6 Thread Object Header: 0xFF2433C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000224.00000228 ThreadsProcess: 0xFF2461E0 OBJECT: 0xFF241DA0(54c1da0) Type: 6 Thread Object Header: 0xFF241D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000230.0000022C ThreadsProcess: 0xFF241020 OBJECT: 0xFF241020(54c1020) Type: 5 Process Object Header: 0xFF241008 GrantedAccess: 0 PointerCount: 12 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: regsvc.exe OBJECT: 0xFF23D020(56b1020) Type: 6 Thread Object Header: 0xFF23D008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000234 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF237C20(646cc20) Type: 6 Thread Object Header: 0xFF237C08 GrantedAccess: 0 PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000238 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF247020(4bc8020) Type: 6 Thread Object Header: 0xFF247008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000230.0000023C ThreadsProcess: 0xFF241020 OBJECT: 0xFF23ED60(560ad60) Type: 5 Process Object Header: 0xFF23ED48 GrantedAccess: 0 PointerCount: 98 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: MSTask.exe OBJECT: 0xFF12E8A0(6648a0) Type: 6 Thread Object Header: 0xFF12E888 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000244 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF2398C0(65e28c0) Type: 6 Thread Object Header: 0xFF2398A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.00000248 ThreadsProcess: 0xFF269BA0 OBJECT: 0xFF238AC0(64a8ac0) Type: 6 Thread Object Header: 0xFF238AA8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.0000024C ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF2375E0(646c5e0) Type: 6 Thread Object Header: 0xFF2375C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000250 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF23E640(560a640) Type: 6 Thread Object Header: 0xFF23E628 GrantedAccess: 0 PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000254 ThreadsProcess: 0xFF277960 OBJECT: 0xFF234C40(28a2c40) Type: 6 Thread Object Header: 0xFF234C28 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000258 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF232540(6c11540) Type: 6 Thread Object Header: 0xFF232528 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000025C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF232A60(6c11a60) Type: 6 Thread Object Header: 0xFF232A48 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000260 ThreadsProcess: 0xFF277960 OBJECT: 0xFF232200(6c11200) Type: 6 Thread Object Header: 0xFF2321E8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000224.00000264 ThreadsProcess: 0xFF2461E0 OBJECT: 0xFF2307C0(7da7c0) Type: 6 Thread Object Header: 0xFF2307A8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000268 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF22CCA0(b6eca0) Type: 6 Thread Object Header: 0xFF22CC88 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.0000026C ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF22C220(b6e220) Type: 6 Thread Object Header: 0xFF22C208 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000270 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF22ADA0(4f61da0) Type: 6 Thread Object Header: 0xFF22AD88 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000274 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF192DA0(3992da0) Type: 6 Thread Object Header: 0xFF192D88 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000278 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF12E620(664620) Type: 6 Thread Object Header: 0xFF12E608 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.0000027C ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF161BC0(57f2bc0) Type: 6 Thread Object Header: 0xFF161BA8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000280 ThreadsProcess: 0xFF277520 OBJECT: 0xFF2271C0(4ff51c0) Type: 6 Thread Object Header: 0xFF2271A8 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000284 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF2269C0(7789c0) Type: 6 Thread Object Header: 0xFF2269A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000028C.00000288 ThreadsProcess: 0xFF226C80 OBJECT: 0xFF226C80(778c80) Type: 5 Process Object Header: 0xFF226C68 GrantedAccess: 0 PointerCount: 22 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: VsStat.exe OBJECT: 0xFF24D420(766420) Type: 6 Thread Object Header: 0xFF24D408 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000290 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF221260(47bc260) Type: 6 Thread Object Header: 0xFF221248 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000294 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF233D60(6b8ad60) Type: 6 Thread Object Header: 0xFF233D48 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000298 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF21DB80(6623b80) Type: 6 Thread Object Header: 0xFF21DB68 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000029C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF21D900(6623900) Type: 6 Thread Object Header: 0xFF21D8E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000002A0 ThreadsProcess: 0xFCA2A500 OBJECT: 0x82000000 OBJECT: 0xFF21B020(4ec9020) Type: 6 Thread Object Header: 0xFF21B008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002A8 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF228020(4f13020) Type: 6 Thread Object Header: 0xFF228008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002AC ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF219800(4571800) Type: 6 Thread Object Header: 0xFF2197E8 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002B0 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1ED6E0(48ca6e0) Type: 6 Thread Object Header: 0xFF1ED6C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002B4 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2194E0(45714e0) Type: 6 Thread Object Header: 0xFF2194C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000028C.000002B8 ThreadsProcess: 0xFF226C80 OBJECT: 0xFF1AC4E0(33384e0) Type: 6 Thread Object Header: 0xFF1AC4C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.000002BC ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF20C020(4ece020) Type: 6 Thread Object Header: 0xFF20C008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002C4.000002C0 ThreadsProcess: 0xFF20D520 OBJECT: 0xFF20D520(477e520) Type: 5 Process Object Header: 0xFF20D508 GrantedAccess: 0 PointerCount: 18 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avconsol.exe OBJECT: 0xFF134020(58c7020) Type: 6 Thread Object Header: 0xFF134008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.000002C8 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF1FC020(198a020) Type: 6 Thread Object Header: 0xFF1FC008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002D0.000002CC ThreadsProcess: 0xFF1FD720 OBJECT: 0xFF1FD720(4859720) Type: 5 Process Object Header: 0xFF1FD708 GrantedAccess: 0 PointerCount: 54 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: WinMgmt.exe OBJECT: 0xFF1906A0(3a076a0) Type: 5 Process Object Header: 0xFF190688 GrantedAccess: 0 PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd2k.exe OBJECT: 0xFF1EC8A0(4eb98a0) Type: 6 Thread Object Header: 0xFF1EC888 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002D0.000002E8 ThreadsProcess: 0xFF1FD720 OBJECT: 0xFF1FD020(4859020) Type: 6 Thread Object Header: 0xFF1FD008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002EC ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1E8560(1c6e560) Type: 6 Thread Object Header: 0xFF1E8548 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002F4 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1E33E0(4a4a3e0) Type: 6 Thread Object Header: 0xFF1E33C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002F8 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1DC980(1da7980) Type: 6 Thread Object Header: 0xFF1DC968 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002FC ThreadsProcess: 0xFCA36620 OBJECT: 0xFF111DA0(35d6da0) Type: 6 Thread Object Header: 0xFF111D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000300 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF1AF180(30bd180) Type: 6 Thread Object Header: 0xFF1AF168 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000304 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF211020(4c85020) Type: 6 Thread Object Header: 0xFF211008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.00000308 ThreadsProcess: 0xFF269BA0 OBJECT: 0xFF1D5660(2220660) Type: 6 Thread Object Header: 0xFF1D5648 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002C4.0000030C ThreadsProcess: 0xFF20D520 OBJECT: 0xFF1D52C0(22202c0) Type: 6 Thread Object Header: 0xFF1D52A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000310 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1EF360(4c48360) Type: 6 Thread Object Header: 0xFF1EF348 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000314 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1D3740(2317740) Type: 6 Thread Object Header: 0xFF1D3728 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000318 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1D08A0(22ff8a0) Type: 6 Thread Object Header: 0xFF1D0888 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.0000031C ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1D0620(22ff620) Type: 6 Thread Object Header: 0xFF1D0608 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000000B0.00000320 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1CF020(22fe020) Type: 6 Thread Object Header: 0xFF1CF008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000324 ThreadsProcess: 0xFF277960 OBJECT: 0xFF1CE3C0(27043c0) Type: 6 Thread Object Header: 0xFF1CE3A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.0000032C ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1CE840(2704840) Type: 6 Thread Object Header: 0xFF1CE828 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000338 ThreadsProcess: 0xFF277960 OBJECT: 0xFF1CD020(4703020) Type: 6 Thread Object Header: 0xFF1CD008 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000033C ThreadsProcess: 0xFF277960 OBJECT: 0xFF1CD780(4703780) Type: 6 Thread Object Header: 0xFF1CD768 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000344 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1CDA00(4703a00) Type: 5 Process Object Header: 0xFF1CD9E8 GrantedAccess: 0 PointerCount: 152 HandleCount: 5 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Explorer.Exe OBJECT: 0xFF1392E0(1bc62e0) Type: 6 Thread Object Header: 0xFF1392C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000034C ThreadsProcess: 0xFF277960 OBJECT: 0xFF1898A0(3a7d8a0) Type: 6 Thread Object Header: 0xFF189888 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000398.00000350 ThreadsProcess: 0xFF1A12E0 OBJECT: 0xFF18ADA0(3a7eda0) Type: 6 Thread Object Header: 0xFF18AD88 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000354 ThreadsProcess: 0xFF277520 OBJECT: 0xFF1B2160(2d3d160) Type: 6 Thread Object Header: 0xFF1B2148 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000358 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1B16A0(2ff56a0) Type: 6 Thread Object Header: 0xFF1B1688 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.0000035C ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1AB660(3354660) Type: 6 Thread Object Header: 0xFF1AB648 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000360 ThreadsProcess: 0xFF277960 OBJECT: 0xFF174800(5a45800) Object Header: 0xFF1747E8 GrantedAccess: 0 PointerCount: 0 HandleCount: 0 OBJECT: 0xFF1A8020(3492020) Type: 6 Thread Object Header: 0xFF1A8008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000368 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF131640(917640) Type: 6 Thread Object Header: 0xFF131628 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.0000036C ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF13E2E0(21602e0) Type: 6 Thread Object Header: 0xFF13E2C8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000370 ThreadsProcess: 0xFF1CDA00 OBJECT: 0x82000000 OBJECT: 0xFF19CD60(381cd60) Type: 5 Process Object Header: 0xFF19CD48 GrantedAccess: 0 PointerCount: 17 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: DragDrop.exe OBJECT: 0xFF1A4860(3588860) Type: 6 Thread Object Header: 0xFF1A4848 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000037C.00000380 ThreadsProcess: 0xFF19CD60 OBJECT: 0xFF1A2900(364e900) Type: 6 Thread Object Header: 0xFF1A28E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000384 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1A2140(364e140) Type: 6 Thread Object Header: 0xFF1A2128 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000388 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1A0740(37c0740) Type: 6 Thread Object Header: 0xFF1A0728 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.0000038C ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1A04C0(37c04c0) Type: 6 Thread Object Header: 0xFF1A04A8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000390 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF19F020(37d0020) Type: 6 Thread Object Header: 0xFF19F008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000398.00000394 ThreadsProcess: 0xFF1A12E0 OBJECT: 0xFF1A12E0(36ee2e0) Type: 5 Process Object Header: 0xFF1A12C8 GrantedAccess: 0 PointerCount: 38 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Apoint.exe OBJECT: 0xFF19F3E0(37d03e0) Type: 6 Thread Object Header: 0xFF19F3C8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000039C ThreadsProcess: 0xFF277960 OBJECT: 0xFF19B4C0(384a4c0) Type: 6 Thread Object Header: 0xFF19B4A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000003A0 ThreadsProcess: 0xFF277960 OBJECT: 0xFF1ED9E0(48ca9e0) Type: 6 Thread Object Header: 0xFF1ED9C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000041C.000003A4 ThreadsProcess: 0xFF19C020 OBJECT: 0xFF175520(37ef520) Type: 6 Thread Object Header: 0xFF175508 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000003A8 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF22A020(4f61020) Type: 6 Thread Object Header: 0xFF22A008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000004A4.000003AC ThreadsProcess: 0xFF151B40 OBJECT: 0xFF189C60(3a7dc60) Type: 6 Thread Object Header: 0xFF189C48 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.000003B4 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF194020(38cf020) Type: 6 Thread Object Header: 0xFF194008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003BC.000003B8 ThreadsProcess: 0xFF1952C0 OBJECT: 0xFF1952C0(38eb2c0) Type: 5 Process Object Header: 0xFF1952A8 GrantedAccess: 0 PointerCount: 13 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: HKserv.exe OBJECT: 0xFF194840(38cf840) Type: 6 Thread Object Header: 0xFF194828 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000003C0 ThreadsProcess: 0xFF277960 OBJECT: 0xFF18D880(3a3f880) Type: 6 Thread Object Header: 0xFF18D868 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C8.000003C4 ThreadsProcess: 0xFF192780 OBJECT: 0xFF192780(3992780) Type: 5 Process Object Header: 0xFF192768 GrantedAccess: 0 PointerCount: 58 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: JogServ2.exe OBJECT: 0xFF1DA020(1f40020) Type: 6 Thread Object Header: 0xFF1DA008 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000002D8.000003CC ThreadsProcess: 0xFF1906A0 OBJECT: 0xFF1A5960(3524960) Type: 6 Thread Object Header: 0xFF1A5948 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.000003D0 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF147320(2ce4320) Type: 6 Thread Object Header: 0xFF147308 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000003D8 ThreadsProcess: 0xFF277520 OBJECT: 0xFF188DA0(3c42da0) Type: 6 Thread Object Header: 0xFF188D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003E0.000003DC ThreadsProcess: 0xFF188020 OBJECT: 0xFF188020(3c42020) Type: 5 Process Object Header: 0xFF188008 GrantedAccess: 0 PointerCount: 10 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: alogserv.exe OBJECT: 0xFF15FC60(54efc60) Type: 6 Thread Object Header: 0xFF15FC48 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.000003E4 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF185020(3e21020) Type: 6 Thread Object Header: 0xFF185008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003FC.000003E8 ThreadsProcess: 0xFF1827E0 OBJECT: 0xFF183020(3ec4020) Type: 6 Thread Object Header: 0xFF183008 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.000003F0 ThreadsProcess: 0xFF184100 OBJECT: 0xFF184100(3e2f100) Type: 5 Process Object Header: 0xFF1840E8 GrantedAccess: 0 PointerCount: 100 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: tgcmd.exe OBJECT: 0xFF1824E0(3f5b4e0) Type: 6 Thread Object Header: 0xFF1824C8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003FC.000003F8 ThreadsProcess: 0xFF1827E0 OBJECT: 0xFF1827E0(3f5b7e0) Type: 5 Process Object Header: 0xFF1827C8 GrantedAccess: 0 PointerCount: 12 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Apntex.exe OBJECT: 0xFF159520(4882520) Type: 6 Thread Object Header: 0xFF159508 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C8.00000400 ThreadsProcess: 0xFF192780 OBJECT: 0xFF1817C0(40607c0) Type: 6 Thread Object Header: 0xFF1817A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.00000404 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFF180BE0(98dbe0) Type: 6 Thread Object Header: 0xFF180BC8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003E0.00000408 ThreadsProcess: 0xFF188020 OBJECT: 0xFF138020(1de6020) Type: 6 Thread Object Header: 0xFF138008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000040C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF17AA40(43d4a40) Type: 6 Thread Object Header: 0xFF17AA28 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003BC.00000410 ThreadsProcess: 0xFF1952C0 OBJECT: 0x82000000 OBJECT: 0xFF13E020(2160020) Type: 6 Thread Object Header: 0xFF13E008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000418 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF19C020(381c020) Type: 5 Process Object Header: 0xFF19C008 GrantedAccess: 0 PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd2k.exe OBJECT: 0xFF1738A0(25c58a0) Type: 6 Thread Object Header: 0xFF173888 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000420 ThreadsProcess: 0xFF184100 OBJECT: 0xFF177740(5901740) Type: 6 Thread Object Header: 0xFF177728 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000424 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF177AC0(5901ac0) Type: 5 Process Object Header: 0xFF177AA8 GrantedAccess: 0 PointerCount: 61 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: PcfMgr.exe OBJECT: 0xFF16FC20(4591c20) Type: 6 Thread Object Header: 0xFF16FC08 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000042C ThreadsProcess: 0xFF184100 OBJECT: 0xFF16F960(4591960) Type: 6 Thread Object Header: 0xFF16F948 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000430 ThreadsProcess: 0xFF184100 OBJECT: 0xFF16F6A0(45916a0) Type: 6 Thread Object Header: 0xFF16F688 GrantedAccess: 0 PointerCount: 7 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000434 ThreadsProcess: 0xFF184100 OBJECT: 0xFF16F320(4591320) Type: 6 Thread Object Header: 0xFF16F308 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000438 ThreadsProcess: 0xFF184100 OBJECT: 0xFF151620(1e44620) Type: 6 Thread Object Header: 0xFF151608 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.0000043C ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF16A160(51c8160) Type: 6 Thread Object Header: 0xFF16A148 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000444 ThreadsProcess: 0xFF184100 OBJECT: 0xFF148020(26c9020) Type: 6 Thread Object Header: 0xFF148008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.0000044C ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF14D020(1fdf020) Type: 6 Thread Object Header: 0xFF14D008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000454 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF145560(27a2560) Type: 6 Thread Object Header: 0xFF145548 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.0000045C ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1518A0(1e448a0) Type: 6 Thread Object Header: 0xFF151888 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.00000460 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF13A800(38ad800) Type: 6 Thread Object Header: 0xFF13A7E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000464 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF149BA0(54caba0) Type: 6 Thread Object Header: 0xFF149B88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003BC.00000478 ThreadsProcess: 0xFF1952C0 OBJECT: 0xFF148DA0(26c9da0) Type: 6 Thread Object Header: 0xFF148D88 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.0000047C ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF147B40(2ce4b40) Type: 6 Thread Object Header: 0xFF147B28 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.00000488 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF12ADA0(4932da0) Type: 6 Thread Object Header: 0xFF12AD88 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000048C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF13F020(2061020) Type: 6 Thread Object Header: 0xFF13F008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000490 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF12AB20(4932b20) Type: 6 Thread Object Header: 0xFF12AB08 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000498 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF140AA0(3442aa0) Type: 6 Thread Object Header: 0xFF140A88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000049C ThreadsProcess: 0xFF277960 OBJECT: 0x82000000 OBJECT: 0xFF151B40(1e44b40) Type: 5 Process Object Header: 0xFF151B28 GrantedAccess: 0 PointerCount: 10 HandleCount: 3 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: dd.exe OBJECT: 0xFF139B20(1bc6b20) Type: 6 Thread Object Header: 0xFF139B08 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000004A8 ThreadsProcess: 0xFF277960 OBJECT: 0x82000000 OBJECT: 0xFF139020(1bc6020) Type: 6 Thread Object Header: 0xFF139008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C8.000004CC ThreadsProcess: 0xFF192780 OBJECT: 0x82000000 OBJECT: 0xFF2087A0(6b927a0) Type: 6 Thread Object Header: 0xFF208788 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000004D4 ThreadsProcess: 0xFF277960 OBJECT: 0xFF131380(917380) Type: 6 Thread Object Header: 0xFF131368 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000004E4 ThreadsProcess: 0xFF277960 OBJECT: 0xFF111020(35d6020) Type: 6 Thread Object Header: 0xFF111008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.000004EC ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF111B20(35d6b20) Type: 6 Thread Object Header: 0xFF111B08 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.000004F0 ThreadsProcess: 0xFF1CB020 Processes and threads: 279 HandleTableListHead: 0x8046BC20(46bc20) 1. TABLE: 0xFCE256E8(14426e8): Table: 0xE1002000 QuotaProcess: ProcessId: 8 HandleCount: 143 CapturedHandleCount: 143 TableLevel: 2 StrictFIFO: No OBJECT: 0xFCE00C60(141dc60) Type: 5 Process Object Header: 0xFCE00C48 GrantedAccess: 1f0fff PointerCount: 44 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: System OBJECT: 0xFCDFC2E0(14192e0) Type: 6 Thread Object Header: 0xFCDFC2C8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000044 ThreadsProcess: 0xFCE00C60 OBJECT: 0xE10087F0(15d97f0) Type: 18 Key Object Header: 0xE10087D8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 Directory: 0xFCE00850 Name: REGISTRY SecurityDescriptor: (null) Path: REGISTRY\ OBJECT: 0xE12A1480(18a8480) Type: 18 Key Object Header: 0xE12A1468 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\ OBJECT: 0xE12A55A0(18c85a0) Type: 18 Key Object Header: 0xE12A5588 GrantedAccess: 2001f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\Setup\ OBJECT: 0xE1008180(15d9180) Type: 18 Key Object Header: 0xE1008168 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\CurrentDockInfo\ OBJECT: 0xE1008100(15d9100) Type: 18 Key Object Header: 0xE10080E8 GrantedAccess: 20 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\Current\ OBJECT: 0xE12A53E0(18c83e0) Type: 18 Key Object Header: 0xE12A53C8 GrantedAccess: 2001f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ProductOptions\ OBJECT: 0xFCDF8A10(1415a10) Type: 8 Event Object Header: 0xFCDF89F8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCDFD730 Name: TRKWKS_EVENT SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE12A51C0(18c81c0) Type: 18 Key Object Header: 0xE12A51A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\ OBJECT: 0xE12F5560(1a40560) Type: 18 Key Object Header: 0xE12F5548 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\*PNP0501\1_0_17_0_0_0\LogConf\ OBJECT: 0xFCD2D370(134a370) Type: 2 Directory Object Header: 0xFCD2D358 GrantedAccess: f000f PointerCount: 3 HandleCount: 1 Directory: 0xFCDFD570 Name: Sbp2 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Sbp2 OBJECT: 0xFCDF3DA0(1410da0) Type: 6 Thread Object Header: 0xFCDF3D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000004C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD995A0(13b65a0) Type: 6 Thread Object Header: 0xFCD99588 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000068 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD2D560(134a560) Type: 6 Thread Object Header: 0xFCD2D548 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000054 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCE02410(141f410) Type: 8 Event Object Header: 0xFCE023F8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCD59990 Name: VxKernel2VoldEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFCDA6E50(13c3e50) Type: 2 Directory Object Header: 0xFCDA6E38 GrantedAccess: f000f PointerCount: 8 HandleCount: 1 Directory: 0xFCDFD570 Name: Harddisk0 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Harddisk0 OBJECT: 0xE134F580(1af6580) Type: 18 Key Object Header: 0xE134F568 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\HARDWARE\DEVICEMAP\Scsi\ OBJECT: 0xFCD513D0(136e3d0) Type: 2 Directory Object Header: 0xFCD513B8 GrantedAccess: f000f PointerCount: 3 HandleCount: 1 Directory: 0xFCDFD570 Name: WinDfs SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\WinDfs OBJECT: 0xFCD99320(13b6320) Type: 6 Thread Object Header: 0xFCD99308 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000006C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDB1020(13ce020) Type: 6 Thread Object Header: 0xFCDB1008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000005C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD98C40(13b5c40) Type: 6 Thread Object Header: 0xFCD98C28 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000070 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCCCF790(12ec790) Type: 2 Directory Object Header: 0xFCCCF778 GrantedAccess: f000f PointerCount: 6 HandleCount: 1 Directory: 0xFCDFD570 Name: Harddisk1 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Harddisk1 OBJECT: 0xFCD93170(13b0170) Type: 2 Directory Object Header: 0xFCD93158 GrantedAccess: f000f PointerCount: 6 HandleCount: 1 Directory: 0xFCDFD570 Name: Harddisk2 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Harddisk2 OBJECT: 0xE1EA27F0(50647f0) Type: 19 Port Object Header: 0xE1EA27D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000020 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE12E42A0(197d2a0) Type: 18 Key Object Header: 0xE12E4288 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\cdrom\ OBJECT: 0xE12A5B30(18c8b30) Type: 17 Section Object Header: 0xE12A5B18 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1EF8008(5249008) BasedAddress: 0x00000080 SizeOfSegment: 0x100000 OBJECT: 0xE1EF5250(558250) Type: 4 Token Object Header: 0xE1EF5238 GrantedAccess: f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-7 Attributes: Mandatory Default Enabled AuthenticationID: {0,98c6} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: NtLmSsp {0,0} TokenFlags: 0x1 Token ID: {0,98ca} ParentToken ID: {0,0} Modified ID: {0,98c9} SessionID: 0 TokenInUse: No Groups: 1 S-1-0-0 Attributes: 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-2 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-0-0 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled OBJECT: 0xFF24C988(4605988) Type: 26 File Object Header: 0xFF24C970 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ OBJECT: 0xFF173D68(25c5d68) Type: 26 File Object Header: 0xFF173D50 GrantedAccess: 3 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF24C088(4605088) Type: 26 File Object Header: 0xFF24C070 GrantedAccess: 20 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: LanmanRedirector OBJECT: 0xFF189808(3a7d808) Type: 26 File Object Header: 0xFF1897F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NTPNP_PCI0008\Topology OBJECT: 0xE12DEFE0(196ffe0) Type: 18 Key Object Header: 0xE12DEFC8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\i8042prt\ OBJECT: 0xE12DC080(1966080) Type: 18 Key Object Header: 0xE12DC068 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mouclass\ OBJECT: 0xE12DC240(1966240) Type: 18 Key Object Header: 0xE12DC228 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\kbdclass\ OBJECT: 0xFF24C228(4605228) Type: 26 File Object Header: 0xFF24C210 GrantedAccess: 120116 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Mup OBJECT: 0xFCD6C668(1389668) Type: 26 File Object Header: 0xFCD6C650 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFCD6E128 (138b128) Unknown1: 0x004F0073 (1) Unknown2: 0x740070 OBJECT: 0xFCC8DD88(12aad88) Type: 26 File Object Header: 0xFCC8DD70 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFCC8DD28 (12aad28) Address Object: 0xFCC8DB68 (12aab68) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF20A808:FF1496A8} OBJECT: 0xFCC5B8C8(12788c8) Type: 26 File Object Header: 0xFCC5B8B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF137448 (3f2a448) Address Object: 0xFF136008 (3629008) Local Address: 0x0:304 0.0.0.0:1027 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFCC8E3E8(12ab3e8) Type: 26 File Object Header: 0xFCC8E3D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFCC8DFC8 (12aafc8) Address Object: 0xFCC8DE08 (12aae08) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFCC8C848(12a9848) Type: 26 File Object Header: 0xFCC8C830 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFCC8E308 (12ab308) Unknown1: 0x004F0073 (1) Unknown2: 0x740070 OBJECT: 0xFCD8D420(13aa420) Type: 6 Thread Object Header: 0xFCD8D408 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000078 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC91688(12ae688) Type: 26 File Object Header: 0xFCC91670 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Gpc OBJECT: 0xFCC8E4A8(12ab4a8) Type: 26 File Object Header: 0xFCC8E490 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFCD8B408 (13a8408) Unknown1: 0x00530073 (1) Unknown2: 0x62006d OBJECT: 0xE1352A70(1b35a70) Type: 19 Port Object Header: 0xE1352A58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000090 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1372750(27f3750) Type: 19 Port Object Header: 0xE1372738 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000090 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE12DC1A0(19661a0) Type: 18 Key Object Header: 0xE12DC188 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Parport\ OBJECT: 0xE12DB300(1965300) Type: 18 Key Object Header: 0xE12DB2E8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Serial\ OBJECT: 0xFCD61EA8(137eea8) Type: 26 File Object Header: 0xFCD61E90 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\pagefile.sys OBJECT: 0xE130EE20(1a37e20) Type: 19 Port Object Header: 0xE130EE08 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 1 Directory: 0xFCE00850 Name: SeRmCommandPort SecurityDescriptor: 0xE131B438(1a3b438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 00000008.00000004 ClientThread: 0x00000000 ServerProcess: 0xFCE00C60 OBJECT: 0xFCD67A10(1384a10) Type: 8 Event Object Header: 0xFCD679F8 GrantedAccess: 100003 PointerCount: 5 HandleCount: 2 Directory: 0xFCE00850 Name: LanmanServerAnnounceEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFCA2A500(1047500) Type: 5 Process Object Header: 0xFCA2A4E8 GrantedAccess: 28 PointerCount: 126 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xFF1A58C8(35248c8) Type: 26 File Object Header: 0xFF1A58B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\CSC\00000001 OBJECT: 0xFF1D6868(202e868) Type: 26 File Object Header: 0xFF1D6850 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000005\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFCD1A408(1337408) Type: 26 File Object Header: 0xFCD1A3F0 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: NTPNP_PCI0008\Wave OBJECT: 0xFF1D6368(202e368) Type: 26 File Object Header: 0xFF1D6350 GrantedAccess: 12019f PointerCount: 5 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000005\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFCDBEA28(13dba28) Type: 26 File Object Header: 0xFCDBEA10 GrantedAccess: 120116 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: NTPNP_PCI0008{146F1A80-4791-11D0-A5D6-28DB04C10000}\ f‡ÎbÏ¥Ö(ÛÁ OBJECT: 0xFF1D7F48(1eebf48) Type: 26 File Object Header: 0xFF1D7F30 GrantedAccess: 120116 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000005{146F1A80-4791-11D0-A5D6-28DB04C10000}\ f‡ÎbÏ¥Ö(ÛÁ OBJECT: 0xFCA33B88(1050b88) Type: 26 File Object Header: 0xFCA33B70 GrantedAccess: 120116 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000005{146F1A80-4791-11D0-A5D6-28DB04C10000}\ f‡ÎbÏ¥Ö(ÛÁ OBJECT: 0xFF190BC8(3a07bc8) Type: 26 File Object Header: 0xFF190BB0 GrantedAccess: 120116 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000005{146F1A80-4791-11D0-A5D6-28DB04C10000}\ f‡ÎbÏ¥Ö(ÛÁ OBJECT: 0xE205A030(3a49030) Type: 19 Port Object Header: 0xE205A018 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000024 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF161368(57f2368) Type: 26 File Object Header: 0xFF161350 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF248828 (4b88828) Unknown1: 0x00005453 (1) Unknown2: 0x5 Address Object: 0xFF157268 (4054268) Local Address: 0x200a8c0:8a00 192.168.0.2:138 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF16BB28(45e6b28) Type: 26 File Object Header: 0xFF16BB10 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF2102C8 (658e2c8) Unknown1: 0x00005453 (1) Unknown2: 0x5 Address Object: 0xFF160E48 (708e48) Local Address: 0x200a8c0:8900 192.168.0.2:137 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF2596E8(26f86e8) Type: 26 File Object Header: 0xFF2596D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFCDBFDC8 (13dcdc8) Unknown1: 0x00005453 (1) Unknown2: 0x5 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF26CC48(fadc48) Type: 26 File Object Header: 0xFF26CC30 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF2064A8 (515e4a8) ConnectionHandle: 0x1D00001C Connection Object: 0xFCC5C808 (1279808) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x1d AfdEndpoint: 0xFCE18B48 (1435b48) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x1D00001C Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF161E48(57f2e48) Type: 26 File Object Header: 0xFF161E30 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF20B788 (538c788) ConnectionHandle: 0x1E00001D Connection Object: 0xFF164488 (4873488) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x1e AfdEndpoint: 0xFF15AD08 (23a8d08) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x1E00001D Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF183508(3ec4508) Type: 26 File Object Header: 0xFF1834F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1EDC88 (48cac88) ConnectionHandle: 0x1F00001E Connection Object: 0xFF165A48 (4d87a48) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x1f AfdEndpoint: 0xFF25CB48 (1982b48) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x1F00001E Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCA30728(104d728) Type: 26 File Object Header: 0xFCA30710 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF166E08 (7c66e08) ConnectionHandle: 0x2000001F Connection Object: 0xFF1EDEE8 (48caee8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x20 AfdEndpoint: 0xFF155448 (53cf448) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x2000001F Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1E6908(507f908) Type: 26 File Object Header: 0xFF1E68F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF19D0C8 (37bd0c8) ConnectionHandle: 0x21000020 Connection Object: 0xFF166388 (7c66388) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x21 AfdEndpoint: 0xFF2496A8 (468f6a8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x21000020 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1624E8(51d34e8) Type: 26 File Object Header: 0xFF1624D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22B528 (4e36528) ConnectionHandle: 0x22000021 Connection Object: 0xFF23A888 (6400888) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x22 AfdEndpoint: 0xFF2491E8 (468f1e8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x22000021 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF2819E8(9f99e8) Type: 26 File Object Header: 0xFF2819D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF2008E8 (4dd88e8) ConnectionHandle: 0x23000022 Connection Object: 0xFF17C808 (4292808) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x23 AfdEndpoint: 0xFF1543C8 (4fcb3c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x23000022 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF23A7E8(64007e8) Type: 26 File Object Header: 0xFF23A7D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF20BBC8 (538cbc8) ConnectionHandle: 0x24000023 Connection Object: 0xFF170C08 (1a9dc08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x24 AfdEndpoint: 0xFF230E48 (7dae48) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x24000023 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF248888(4b88888) Type: 26 File Object Header: 0xFF248870 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16A728 (51c8728) ConnectionHandle: 0x25000024 Connection Object: 0xFF16B908 (45e6908) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x25 AfdEndpoint: 0xFF1EF8E8 (4c488e8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x25000024 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF16C968(497a968) Type: 26 File Object Header: 0xFF16C950 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF20BB88 (538cb88) ConnectionHandle: 0x26000025 Connection Object: 0xFF165D08 (4d87d08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x26 AfdEndpoint: 0xFCDC7F28 (13e4f28) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x26000025 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1884A8(3c424a8) Type: 26 File Object Header: 0xFF188490 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF165E08 (4d87e08) ConnectionHandle: 0x27000026 Connection Object: 0xFF162748 (51d3748) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x27 AfdEndpoint: 0xFF23A5C8 (64005c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x27000026 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF16CC08(497ac08) Type: 26 File Object Header: 0xFF16CBF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF206848 (515e848) ConnectionHandle: 0x28000027 Connection Object: 0xFF1EEC88 (1cc0c88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x28 AfdEndpoint: 0xFF14D5C8 (1fdf5c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x28000027 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF259388(26f8388) Type: 26 File Object Header: 0xFF259370 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF19D088 (37bd088) ConnectionHandle: 0x29000028 Connection Object: 0xFF1F2C68 (1d41c68) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x29 AfdEndpoint: 0xFF1EA108 (17d108) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x29000028 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF26B768(250768) Type: 26 File Object Header: 0xFF26B750 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF2346C8 (28a26c8) ConnectionHandle: 0x2A000029 Connection Object: 0xFF1D61C8 (202e1c8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x2a AfdEndpoint: 0xFCCC75E8 (12e45e8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x2A000029 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF15D4E8(57304e8) Type: 26 File Object Header: 0xFF15D4D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF20BAC8 (538cac8) ConnectionHandle: 0x2B00002A Connection Object: 0xFF2017E8 (4f557e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x2b AfdEndpoint: 0xFF1888C8 (3c428c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x2B00002A Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF182028(3f5b028) Type: 26 File Object Header: 0xFF182010 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF25ECC8 (1d8cc8) ConnectionHandle: 0x2C00002B Connection Object: 0xFF18E868 (3ac0868) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x2c AfdEndpoint: 0xFF240948 (63f3948) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x2C00002B Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF174368(5a45368) Type: 26 File Object Header: 0xFF174350 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF24F628 (7ac628) ConnectionHandle: 0x2D00002C Connection Object: 0xFCD6DCC8 (138acc8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x2d AfdEndpoint: 0xFF1CA908 (2d33908) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x2D00002C Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCC63868(1280868) Type: 26 File Object Header: 0xFCC63850 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF25EE48 (1d8e48) ConnectionHandle: 0x2E00002D Connection Object: 0xFF193488 (38e6488) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x2e AfdEndpoint: 0xFF17E748 (40d9748) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x2E00002D Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCA32E28(104fe28) Type: 26 File Object Header: 0xFCA32E10 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF251368 (4793368) ConnectionHandle: 0x2F00002E Connection Object: 0xFF159008 (4882008) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x2f AfdEndpoint: 0xFF140F88 (3442f88) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x2F00002E Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCA2ED08(104bd08) Type: 26 File Object Header: 0xFCA2ECF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF2512C8 (47932c8) ConnectionHandle: 0x3000002F Connection Object: 0xFF1832A8 (3ec42a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x30 AfdEndpoint: 0xFF1A02C8 (37c02c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x3000002F Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCC60E68(127de68) Type: 26 File Object Header: 0xFCC60E50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF251D08 (4793d08) ConnectionHandle: 0x31000030 Connection Object: 0xFF15E008 (6430008) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x31 AfdEndpoint: 0xFF152F88 (21cef88) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x31000030 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCA321E8(104f1e8) Type: 26 File Object Header: 0xFCA321D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF251C68 (4793c68) ConnectionHandle: 0x32000031 Connection Object: 0xFF253788 (651788) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x32 AfdEndpoint: 0xFF18AD08 (3a7ed08) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x32000031 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF14D3E8(1fdf3e8) Type: 26 File Object Header: 0xFF14D3D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF251BC8 (4793bc8) ConnectionHandle: 0x33000032 Connection Object: 0xFF191D48 (39b1d48) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x33 AfdEndpoint: 0xFF1A3868 (362e868) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x33000032 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF131E68(917e68) Type: 26 File Object Header: 0xFF131E50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF275288 (dbd288) ConnectionHandle: 0x34000033 Connection Object: 0xFF1874E8 (3c414e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x34 AfdEndpoint: 0xFF195D68 (38ebd68) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x34000033 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF140D88(3442d88) Type: 26 File Object Header: 0xFF140D70 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1A35A8 (362e5a8) ConnectionHandle: 0x35000034 Connection Object: 0xFF187C68 (3c41c68) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x35 AfdEndpoint: 0xFF270D88 (fb0d88) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x35000034 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF18E728(3ac0728) Type: 26 File Object Header: 0xFF18E710 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1325E8 (66785e8) ConnectionHandle: 0x36000035 Connection Object: 0xFF193C08 (38e6c08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x36 AfdEndpoint: 0xFCDBE888 (13db888) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x36000035 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF244EA8(51e5ea8) Type: 26 File Object Header: 0xFF244E90 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF132568 (6678568) ConnectionHandle: 0x37000036 Connection Object: 0xFF23A9E8 (64009e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x37 AfdEndpoint: 0xFF187F48 (3c41f48) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x37000036 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF15D5A8(57305a8) Type: 26 File Object Header: 0xFF15D590 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1324E8 (66784e8) ConnectionHandle: 0x38000037 Connection Object: 0xFF199EE8 (381bee8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x38 AfdEndpoint: 0xFF1AA768 (33a8768) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x38000037 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF23B368(5686368) Type: 26 File Object Header: 0xFF23B350 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1323E8 (66783e8) ConnectionHandle: 0x39000038 Connection Object: 0xFF16A008 (51c8008) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x39 AfdEndpoint: 0xFF13C588 (217f588) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x39000038 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF22B788(4e36788) Type: 26 File Object Header: 0xFF22B770 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF132628 (6678628) ConnectionHandle: 0x3A000039 Connection Object: 0xFF16A428 (51c8428) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x3a AfdEndpoint: 0xFF16C2E8 (497a2e8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x3A000039 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF183608(3ec4608) Type: 26 File Object Header: 0xFF1835F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1324A8 (66784a8) ConnectionHandle: 0x3B00003A Connection Object: 0xFF27F548 (a06548) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x3b AfdEndpoint: 0xFF168A48 (53dba48) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x3B00003A Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1A6EA8(3506ea8) Type: 26 File Object Header: 0xFF1A6E90 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF14B1C8 (2fcb1c8) ConnectionHandle: 0x3C00003B Connection Object: 0xFF163548 (5047548) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x3c AfdEndpoint: 0xFF1CB9E8 (2d349e8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x3C00003B Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF218508(4b15508) Type: 26 File Object Header: 0xFF2184F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF147DA8 (2ce4da8) ConnectionHandle: 0x3D00003C Connection Object: 0xFF178C88 (33d1c88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x3d AfdEndpoint: 0xFF14ADA8 (2e68da8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x3D00003C Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF17BB08(4321b08) Type: 26 File Object Header: 0xFF17BAF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1A2868 (364e868) ConnectionHandle: 0x3E00003D Connection Object: 0xFF1DC428 (1da7428) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x3e AfdEndpoint: 0xFF13D008 (20ee008) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x3E00003D Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF244808(51e5808) Type: 26 File Object Header: 0xFF2447F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF25B328 (194a328) ConnectionHandle: 0x3F00003E Connection Object: 0xFF180708 (98d708) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x3f AfdEndpoint: 0xFF14DB68 (1fdfb68) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x3F00003E Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF170F88(1a9df88) Type: 26 File Object Header: 0xFF170F70 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF17E508 (40d9508) ConnectionHandle: 0x4000003F Connection Object: 0xFF20B868 (538c868) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x40 AfdEndpoint: 0xFF16B2C8 (45e62c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x4000003F Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1A0CA8(37c0ca8) Type: 26 File Object Header: 0xFF1A0C90 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1A2428 (364e428) ConnectionHandle: 0x41000040 Connection Object: 0xFF152408 (21ce408) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x41 AfdEndpoint: 0xFCC609C8 (127d9c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x41000040 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF16C8C8(497a8c8) Type: 26 File Object Header: 0xFF16C8B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF137BA8 (3f2aba8) ConnectionHandle: 0x42000041 Connection Object: 0xFF18D628 (3a3f628) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x42 AfdEndpoint: 0xFF1D6BE8 (202ebe8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x42000041 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF21CDE8(50adde8) Type: 26 File Object Header: 0xFF21CDD0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF13E8A8 (21608a8) ConnectionHandle: 0x43000042 Connection Object: 0xFF23C2C8 (65f72c8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x43 AfdEndpoint: 0xFF23AC08 (6400c08) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x43000042 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF154628(4fcb628) Type: 26 File Object Header: 0xFF154610 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF13E928 (2160928) ConnectionHandle: 0x44000043 Connection Object: 0xFF20A8C8 (7df08c8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x44 AfdEndpoint: 0xFF1574A8 (40544a8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x44000043 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF17F2E8(406c2e8) Type: 26 File Object Header: 0xFF17F2D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF137388 (3f2a388) ConnectionHandle: 0x45000044 Connection Object: 0xFCC5C9C8 (12799c8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x45 AfdEndpoint: 0xFF19AE68 (385ce68) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x45000044 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF17F028(406c028) Type: 26 File Object Header: 0xFF17F010 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF173C28 (25c5c28) ConnectionHandle: 0x46000045 Connection Object: 0xFF218808 (4b15808) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x46 AfdEndpoint: 0xFF1944C8 (38cf4c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x46000045 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1D6A68(202ea68) Type: 26 File Object Header: 0xFF1D6A50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1689E8 (53db9e8) ConnectionHandle: 0x47000046 Connection Object: 0xFF1605A8 (7085a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x47 AfdEndpoint: 0xFF1922A8 (39922a8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x47000046 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1CAE68(2d33e68) Type: 26 File Object Header: 0xFF1CAE50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF168FC8 (53dbfc8) ConnectionHandle: 0x48000047 Connection Object: 0xFF289148 (85e148) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x48 AfdEndpoint: 0xFF17CC88 (4292c88) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x48000047 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF143028(3dc8028) Type: 26 File Object Header: 0xFF143010 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF14A968 (2e68968) ConnectionHandle: 0x49000048 Connection Object: 0xFF1D1B08 (22dbb08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x49 AfdEndpoint: 0xFF19C8A8 (381c8a8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x49000048 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF189648(3a7d648) Type: 26 File Object Header: 0xFF189630 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF239168 (65e2168) ConnectionHandle: 0x4A000049 Connection Object: 0xFF15B9A8 (65f99a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x4a AfdEndpoint: 0xFF19E288 (3841288) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x4A000049 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCCC6368(12e3368) Type: 26 File Object Header: 0xFCCC6350 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1D9688 (1ee9688) ConnectionHandle: 0x4B00004A Connection Object: 0xFF24F5A8 (7ac5a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x4b AfdEndpoint: 0xFF28C5C8 (7c155c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x4B00004A Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF17F4A8(406c4a8) Type: 26 File Object Header: 0xFF17F490 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF14BA88 (2fcba88) ConnectionHandle: 0x4C00004B Connection Object: 0xFF171948 (eec948) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x4c AfdEndpoint: 0xFF1B2008 (2d3d008) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x4C00004B Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1EB4E8(49a74e8) Type: 26 File Object Header: 0xFF1EB4D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1A7E48 (34bfe48) ConnectionHandle: 0x4D00004C Connection Object: 0xFF17F1E8 (406c1e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x4d AfdEndpoint: 0xFCC8D2C8 (12aa2c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x4D00004C Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1795C8(44055c8) Type: 26 File Object Header: 0xFF1795B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1A7E88 (34bfe88) ConnectionHandle: 0x4E00004D Connection Object: 0xFF1EDDA8 (48cada8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x4e AfdEndpoint: 0xFF14AB88 (2e68b88) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x4E00004D Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCA317C8(104e7c8) Type: 26 File Object Header: 0xFCA317B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF20D228(477e228) Type: 26 File Object Header: 0xFF20D210 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF155DC8(53cfdc8) Type: 26 File Object Header: 0xFF155DB0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF1A3268(362e268) Type: 26 File Object Header: 0xFF1A3250 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF1566C8(19736c8) Type: 26 File Object Header: 0xFF1566B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF1549C8(4fcb9c8) Type: 26 File Object Header: 0xFF1549B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF283468(a77468) Type: 26 File Object Header: 0xFF283450 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF15A848(23a8848) Type: 26 File Object Header: 0xFF15A830 GrantedAccess: 180 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFCA2F588(104c588) Type: 26 File Object Header: 0xFCA2F570 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF149588 (54ca588) ConnectionHandle: 0x4F00004E Connection Object: 0xFF176128 (591c128) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x4f AfdEndpoint: 0xFF168828 (53db828) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x4F00004E Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF164188(4873188) Type: 26 File Object Header: 0xFF164170 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFCDA2928(13bf928) Type: 26 File Object Header: 0xFCDA2910 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF20B6C8 (538c6c8) ConnectionHandle: 0x5000004F Connection Object: 0xFF16AE88 (51c8e88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x50 AfdEndpoint: 0xFF18F828 (3a06828) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x5000004F Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF2057E8(49d87e8) Type: 26 File Object Header: 0xFF2057D0 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF187848(3c41848) Type: 26 File Object Header: 0xFF187830 GrantedAccess: 180 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF15F4E8(54ef4e8) Type: 26 File Object Header: 0xFF15F4D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF20BC88 (538cc88) ConnectionHandle: 0x51000050 Connection Object: 0xFF201628 (4f55628) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x51 AfdEndpoint: 0xFCA30B88 (104db88) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x51000050 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF2046C8(4dfb6c8) Type: 26 File Object Header: 0xFF2046B0 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFCC60348(127d348) Type: 26 File Object Header: 0xFCC60330 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1A2D48 (364ed48) ConnectionHandle: 0x52000051 Connection Object: 0xFF161A88 (57f2a88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x52 AfdEndpoint: 0xFF1910E8 (39b10e8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x52000051 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF203DA8(519eda8) Type: 26 File Object Header: 0xFF203D90 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF280728(ae5728) Type: 26 File Object Header: 0xFF280710 GrantedAccess: 180 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF18C348(3a59348) Type: 26 File Object Header: 0xFF18C330 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1A2FC8 (364efc8) ConnectionHandle: 0x53000052 Connection Object: 0xFF1496A8 (54ca6a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCC8DB68 (12aab68) ConnectionId: 0x53 AfdEndpoint: 0xFF20F888 (65f2888) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x53000052 Address Object: 0xFCC8DB68 (12aab68) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF20A808:FF1496A8} OBJECT: 0xFF1383E8(1de63e8) Type: 26 File Object Header: 0xFF1383D0 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF155C08(53cfc08) Type: 26 File Object Header: 0xFF155BF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF168128 (53db128) ConnectionHandle: 0x54000053 Connection Object: 0xFF137A08 (3f2aa08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCC8DB68 (12aab68) ConnectionId: 0x54 AfdEndpoint: 0xFF152DC8 (21cedc8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x54000053 Address Object: 0xFCC8DB68 (12aab68) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF20A808:FF1496A8} OBJECT: 0xFF1482E8(26c92e8) Type: 26 File Object Header: 0xFF1482D0 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF138C48(1de6c48) Type: 26 File Object Header: 0xFF138C30 GrantedAccess: 180 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF19EB68(3841b68) Type: 26 File Object Header: 0xFF19EB50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1322A8 (66782a8) ConnectionHandle: 0x55000054 Connection Object: 0xFF206408 (515e408) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCC8DB68 (12aab68) ConnectionId: 0x55 AfdEndpoint: 0xFF174B28 (5a45b28) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x55000054 Address Object: 0xFCC8DB68 (12aab68) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF20A808:FF1496A8} OBJECT: 0xFF2051E8(49d81e8) Type: 26 File Object Header: 0xFF2051D0 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF1A4B48(3588b48) Type: 26 File Object Header: 0xFF1A4B30 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF219128 (4571128) ConnectionHandle: 0x56000055 Connection Object: 0xFF20A808 (7df0808) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCC8DB68 (12aab68) ConnectionId: 0x56 AfdEndpoint: 0xFF1A7168 (34bf168) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x56000055 Address Object: 0xFCC8DB68 (12aab68) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF20A808:FF1496A8} OBJECT: 0xFF15DAE8(5730ae8) Type: 26 File Object Header: 0xFF15DAD0 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF1454C8(27a24c8) Type: 26 File Object Header: 0xFF1454B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFCC5B828(1278828) Type: 26 File Object Header: 0xFCC5B810 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} 2. TABLE: 0xFCE25668(1442668): Table: 0xE1003000 QuotaProcess: ProcessId: 0 HandleCount: 59 CapturedHandleCount: 59 TableLevel: 2 StrictFIFO: No OBJECT: 0xFF271968(38f968) Type: 26 File Object Header: 0xFF271950 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF271908 (38f908) ConnectionHandle: 0x05000004 Connection Object: 0xFF2718A8 (38f8a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2721C8 (e841c8) ConnectionId: 0x5 AfdEndpoint: 0xFF2719E8 (38f9e8) ProcessId: 0x194 svchost.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x05000004 Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} OBJECT: 0xFF271B68(38fb68) Type: 26 File Object Header: 0xFF271B50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF271B08 (38fb08) ConnectionHandle: 0x04000003 Connection Object: 0xFF271AA8 (38faa8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2721C8 (e841c8) ConnectionId: 0x4 AfdEndpoint: 0xFF271BE8 (38fbe8) ProcessId: 0x194 svchost.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x04000003 Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} OBJECT: 0xFF272508(e84508) Type: 26 File Object Header: 0xFF2724F0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF272388 (e84388) Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} OBJECT: 0xE130E4A0(1a374a0) Type: 18 Key Object Header: 0xE130E488 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Power\ OBJECT: 0xFF272068(e84068) Type: 26 File Object Header: 0xFF272050 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF271F08 (38ff08) ConnectionHandle: 0x02000001 Connection Object: 0xFF271EA8 (38fea8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2721C8 (e841c8) ConnectionId: 0x2 AfdEndpoint: 0xFF271F48 (38ff48) ProcessId: 0x194 svchost.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x02000001 Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} OBJECT: 0xFF272148(e84148) Type: 26 File Object Header: 0xFF272130 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF2720E8 (e840e8) ConnectionHandle: 0x01000000 Connection Object: 0xFF272868 (e84868) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2721C8 (e841c8) ConnectionId: 0x1 AfdEndpoint: 0xFF2770E8 (dd00e8) ProcessId: 0x194 svchost.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x01000000 Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} OBJECT: 0xFF271D68(38fd68) Type: 26 File Object Header: 0xFF271D50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF271D08 (38fd08) ConnectionHandle: 0x03000002 Connection Object: 0xFF271CA8 (38fca8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2721C8 (e841c8) ConnectionId: 0x3 AfdEndpoint: 0xFF271DE8 (38fde8) ProcessId: 0x194 svchost.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x03000002 Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} OBJECT: 0xFCD5F768(137c768) Type: 26 File Object Header: 0xFCD5F750 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SAM.LOG OBJECT: 0xFCD5F808(137c808) Type: 26 File Object Header: 0xFCD5F7F0 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SAM OBJECT: 0xFCCCA1C8(12e71c8) Type: 26 File Object Header: 0xFCCCA1B0 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\DEFAULT.LOG OBJECT: 0xFCCCA268(12e7268) Type: 26 File Object Header: 0xFCCCA250 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\DEFAULT OBJECT: 0xFCD5E1C8(137b1c8) Type: 26 File Object Header: 0xFCD5E1B0 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SYSTEM.ALT OBJECT: 0xFCD5E308(137b308) Type: 26 File Object Header: 0xFCD5E2F0 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SYSTEM OBJECT: 0xFCD5E508(137b508) Type: 26 File Object Header: 0xFCD5E4F0 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SOFTWARE.LOG OBJECT: 0xE1309940(19fa940) Type: 18 Key Object Header: 0xE1309928 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_REDBOOK\0000\ OBJECT: 0xFCD5E628(137b628) Type: 26 File Object Header: 0xFCD5E610 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SOFTWARE OBJECT: 0xFCD5EB68(137bb68) Type: 26 File Object Header: 0xFCD5EB50 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SECURITY OBJECT: 0xE13AE320(2b89320) Type: 18 Key Object Header: 0xE13AE308 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_REDBOOK\0000\Control\ OBJECT: 0xE12F3580(199b580) Type: 18 Key Object Header: 0xE12F3568 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CDAUDIO\0000\Control\ OBJECT: 0xFCD61A48(137ea48) Type: 26 File Object Header: 0xFCD61A30 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\hiberfil.sys OBJECT: 0xE12B8F20(19bdf20) Type: 18 Key Object Header: 0xE12B8F08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CDAUDIO\0000\ OBJECT: 0xFCD5E808(137b808) Type: 26 File Object Header: 0xFCD5E7F0 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SECURITY.LOG OBJECT: 0xE130B4C0(1aa04c0) Type: 18 Key Object Header: 0xE130B4A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_REDBOOK\ OBJECT: 0xE12B8EE0(19bdee0) Type: 18 Key Object Header: 0xE12B8EC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CDAUDIO\ OBJECT: 0xFF22F748(2c02748) Type: 26 File Object Header: 0xFF22F730 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22F6E8 (2c026e8) ConnectionHandle: 0x08000007 Connection Object: 0xFF235568 (7799568) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22F888 (2c02888) ConnectionId: 0x8 AfdEndpoint: 0xFF22F7C8 (2c027c8) ProcessId: 0x224 UMGR32.EXE TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x08000007 Address Object: 0xFF22F888 (2c02888) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1593E8:FF235568} OBJECT: 0xFF22F3A8(2c023a8) Type: 26 File Object Header: 0xFF22F390 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22F348 (2c02348) ConnectionHandle: 0x0A000009 Connection Object: 0xFF22F2E8 (2c022e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22F888 (2c02888) ConnectionId: 0xa AfdEndpoint: 0xFF22F428 (2c02428) ProcessId: 0x224 UMGR32.EXE TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x0A000009 Address Object: 0xFF22F888 (2c02888) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1593E8:FF235568} OBJECT: 0xFF22FAA8(2c02aa8) Type: 26 File Object Header: 0xFF22FA90 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF22FA48 (2c02a48) Address Object: 0xFF22F888 (2c02888) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1593E8:FF235568} OBJECT: 0xFF22F5A8(2c025a8) Type: 26 File Object Header: 0xFF22F590 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22F548 (2c02548) ConnectionHandle: 0x09000008 Connection Object: 0xFF22F4E8 (2c024e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22F888 (2c02888) ConnectionId: 0x9 AfdEndpoint: 0xFF22F628 (2c02628) ProcessId: 0x224 UMGR32.EXE TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x09000008 Address Object: 0xFF22F888 (2c02888) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1593E8:FF235568} OBJECT: 0xFF2541A8(29ac1a8) Type: 26 File Object Header: 0xFF254190 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF254148 (29ac148) ConnectionHandle: 0x07000006 Connection Object: 0xFF2562A8 (29042a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2542E8 (29ac2e8) ConnectionId: 0x7 AfdEndpoint: 0xFF254228 (29ac228) ProcessId: 0x1f8 nc.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x07000006 Address Object: 0xFF2542E8 (29ac2e8) Local Address: 0x0:b80b 0.0.0.0:3000 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF2562A8:FF2562A8} OBJECT: 0xFF254508(29ac508) Type: 26 File Object Header: 0xFF2544F0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF2544A8 (29ac4a8) Address Object: 0xFF2542E8 (29ac2e8) Local Address: 0x0:b80b 0.0.0.0:3000 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF2562A8:FF2562A8} OBJECT: 0xFF26FC28(f74c28) Type: 26 File Object Header: 0xFF26FC10 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF26FBC8 (f74bc8) ConnectionHandle: 0x06000005 Connection Object: 0xFF27AE88 (cd9e88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2721C8 (e841c8) ConnectionId: 0x6 AfdEndpoint: 0xFF26FCE8 (f74ce8) ProcessId: 0x194 svchost.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x06000005 Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} OBJECT: 0xFF22F1A8(2c021a8) Type: 26 File Object Header: 0xFF22F190 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22F148 (2c02148) ConnectionHandle: 0x0B00000A Connection Object: 0xFF22F0E8 (2c020e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22F888 (2c02888) ConnectionId: 0xb AfdEndpoint: 0xFF22F228 (2c02228) ProcessId: 0x224 UMGR32.EXE TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x0B00000A Address Object: 0xFF22F888 (2c02888) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1593E8:FF235568} OBJECT: 0xFF22FE08(2c02e08) Type: 26 File Object Header: 0xFF22FDF0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF22E248 (dc5248) Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} OBJECT: 0xFF22DB08(6ba7b08) Type: 26 File Object Header: 0xFF22DAF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22DAA8 (6ba7aa8) ConnectionHandle: 0x0E00000D Connection Object: 0xFF236C28 (7774c28) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22DD28 (6ba7d28) ConnectionId: 0xe AfdEndpoint: 0xFF22DB88 (6ba7b88) ProcessId: 0x240 MSTask.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x0E00000D Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} OBJECT: 0xFF22DCA8(6ba7ca8) Type: 26 File Object Header: 0xFF22DC90 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22DC48 (6ba7c48) ConnectionHandle: 0x0D00000C Connection Object: 0xFF22EB68 (dc5b68) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22DD28 (6ba7d28) ConnectionId: 0xd AfdEndpoint: 0xFF22E188 (dc5188) ProcessId: 0x240 MSTask.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x0D00000C Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} OBJECT: 0xFF22D968(6ba7968) Type: 26 File Object Header: 0xFF22D950 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22D908 (6ba7908) ConnectionHandle: 0x0F00000E Connection Object: 0xFF22E888 (dc5888) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22DD28 (6ba7d28) ConnectionId: 0xf AfdEndpoint: 0xFF22D9E8 (6ba79e8) ProcessId: 0x240 MSTask.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x0F00000E Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} OBJECT: 0xFF22D7C8(6ba77c8) Type: 26 File Object Header: 0xFF22D7B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22D768 (6ba7768) ConnectionHandle: 0x1000000F Connection Object: 0xFF22E908 (dc5908) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22DD28 (6ba7d28) ConnectionId: 0x10 AfdEndpoint: 0xFF22D848 (6ba7848) ProcessId: 0x240 MSTask.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x1000000F Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} OBJECT: 0xFF22D628(6ba7628) Type: 26 File Object Header: 0xFF22D610 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22D5C8 (6ba75c8) ConnectionHandle: 0x11000010 Connection Object: 0xFF22D568 (6ba7568) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22DD28 (6ba7d28) ConnectionId: 0x11 AfdEndpoint: 0xFF22D6A8 (6ba76a8) ProcessId: 0x240 MSTask.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x11000010 Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} OBJECT: 0xFF22C8E8(b6e8e8) Type: 26 File Object Header: 0xFF22C8D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22C888 (b6e888) ConnectionHandle: 0x12000011 Connection Object: 0xFF22D228 (6ba7228) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22DD28 (6ba7d28) ConnectionId: 0x12 AfdEndpoint: 0xFF22C968 (b6e968) ProcessId: 0x240 MSTask.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x12000011 Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} OBJECT: 0xFCC5EB48(127bb48) Type: 26 File Object Header: 0xFCC5EB30 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF16E168 (4721168) Unknown1: 0x00010000 (15e8000) Unknown2: 0x65a93890 Address Object: 0xFF16D008 (ab9008) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF250F08:FF24EC28} OBJECT: 0xFCDC2CC8(13dfcc8) Type: 26 File Object Header: 0xFCDC2CB0 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\ntuser.dat.LOG OBJECT: 0xFF1E4748(4d3c748) Type: 26 File Object Header: 0xFF1E4730 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1EA548 (17d548) Address Object: 0xFF1E4008 (4d3c008) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF1EF9C8(4c489c8) Type: 26 File Object Header: 0xFF1EF9B0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1EF968 (4c48968) Unknown2: 0x1000 Address Object: 0xFF1E5968 (626968) Local Address: 0x0:204 0.0.0.0:1026 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFCDC2F68(13dff68) Type: 26 File Object Header: 0xFCDC2F50 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat OBJECT: 0xFCD47C08(1364c08) Type: 26 File Object Header: 0xFCD47BF0 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\ntuser.dat OBJECT: 0xFCD47268(1364268) Type: 26 File Object Header: 0xFCD47250 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG OBJECT: 0xFCC5FF08(127cf08) Type: 26 File Object Header: 0xFCC5FEF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16DDC8 (ab9dc8) ConnectionHandle: 0x15000014 Connection Object: 0xFF250AE8 (7c7ae8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D008 (ab9008) ConnectionId: 0x15 AfdEndpoint: 0xFF16DE08 (ab9e08) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x15000014 Address Object: 0xFF16D008 (ab9008) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF250F08:FF24EC28} OBJECT: 0xFCC5F328(127c328) Type: 26 File Object Header: 0xFCC5F310 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16DFC8 (ab9fc8) ConnectionHandle: 0x13000012 Connection Object: 0xFF24EC28 (7d47c28) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D008 (ab9008) ConnectionId: 0x13 AfdEndpoint: 0xFF187928 (3c41928) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x13000012 Address Object: 0xFF16D008 (ab9008) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF250F08:FF24EC28} OBJECT: 0xFCC5F688(127c688) Type: 26 File Object Header: 0xFCC5F670 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16DEC8 (ab9ec8) ConnectionHandle: 0x14000013 Connection Object: 0xFCC5A888 (1277888) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D008 (ab9008) ConnectionId: 0x14 AfdEndpoint: 0xFF16DF08 (ab9f08) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x14000013 Address Object: 0xFF16D008 (ab9008) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF250F08:FF24EC28} OBJECT: 0xFF176388(591c388) Type: 26 File Object Header: 0xFF176370 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16DCC8 (ab9cc8) ConnectionHandle: 0x16000015 Connection Object: 0xFF24EC88 (7d47c88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D008 (ab9008) ConnectionId: 0x16 AfdEndpoint: 0xFF16DD08 (ab9d08) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x16000015 Address Object: 0xFF16D008 (ab9008) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF250F08:FF24EC28} OBJECT: 0xFF16DB88(ab9b88) Type: 26 File Object Header: 0xFF16DB70 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16DB28 (ab9b28) ConnectionHandle: 0x17000016 Connection Object: 0xFF250F08 (7c7f08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D008 (ab9008) ConnectionId: 0x17 AfdEndpoint: 0xFF16DC08 (ab9c08) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x17000016 Address Object: 0xFF16D008 (ab9008) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF250F08:FF24EC28} OBJECT: 0xFF16D8A8(ab98a8) Type: 26 File Object Header: 0xFF16D890 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF16D848 (ab9848) Unknown1: 0x000000BB (1) Address Object: 0xFF16D688 (ab9688) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFCC5C948:FF2518A8} OBJECT: 0xFF16D548(ab9548) Type: 26 File Object Header: 0xFF16D530 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16D4E8 (ab94e8) ConnectionHandle: 0x18000017 Connection Object: 0xFF2518A8 (47938a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D688 (ab9688) ConnectionId: 0x18 AfdEndpoint: 0xFF16D5C8 (ab95c8) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x18000017 Address Object: 0xFF16D688 (ab9688) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFCC5C948:FF2518A8} OBJECT: 0xFF16D3A8(ab93a8) Type: 26 File Object Header: 0xFF16D390 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16D348 (ab9348) ConnectionHandle: 0x19000018 Connection Object: 0xFCC5B608 (1278608) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D688 (ab9688) ConnectionId: 0x19 AfdEndpoint: 0xFF16D428 (ab9428) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x19000018 Address Object: 0xFF16D688 (ab9688) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFCC5C948:FF2518A8} OBJECT: 0xFF16D208(ab9208) Type: 26 File Object Header: 0xFF16D1F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16C008 (497a008) ConnectionHandle: 0x1A000019 Connection Object: 0xFF26B008 (250008) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D688 (ab9688) ConnectionId: 0x1a AfdEndpoint: 0xFF16D288 (ab9288) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x1A000019 Address Object: 0xFF16D688 (ab9688) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFCC5C948:FF2518A8} OBJECT: 0xFF16CEC8(497aec8) Type: 26 File Object Header: 0xFF16CEB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16CE68 (497ae68) ConnectionHandle: 0x1B00001A Connection Object: 0xFCA37068 (1054068) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D688 (ab9688) ConnectionId: 0x1b AfdEndpoint: 0xFF16CF48 (497af48) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x1B00001A Address Object: 0xFF16D688 (ab9688) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFCC5C948:FF2518A8} OBJECT: 0xFF16CD28(497ad28) Type: 26 File Object Header: 0xFF16CD10 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16CCC8 (497acc8) ConnectionHandle: 0x1C00001B Connection Object: 0xFCC5C948 (1279948) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D688 (ab9688) ConnectionId: 0x1c AfdEndpoint: 0xFF16CDA8 (497ada8) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x1C00001B Address Object: 0xFF16D688 (ab9688) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFCC5C948:FF2518A8} OBJECT: 0xFF191328(39b1328) Type: 26 File Object Header: 0xFF191310 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF149748 (54ca748) ConnectionHandle: 0x59000056 Connection Object: 0xFF1593E8 (48823e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22F888 (2c02888) ConnectionId: 0x59 AfdEndpoint: 0xFF203E68 (519ee68) ProcessId: 0x224 UMGR32.EXE TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x59000056 Address Object: 0xFF22F888 (2c02888) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1593E8:FF235568} OBJECT: 0xFF289A48(85ea48) Type: 26 File Object Header: 0xFF289A30 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF17CD88 (4292d88) Unknown1: 0x00005453 (1) Unknown2: 0x5 Address Object: 0xFF19B828 (384a828) Local Address: 0x200a8c0:f401 192.168.0.2:500 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} 3. TABLE: 0xFCC83628(12a0628): Table: 0xE13D2000 QuotaProcess: 0xFCD64D60 ProcessId: 98 HandleCount: 33 CapturedHandleCount: 33 TableLevel: 2 StrictFIFO: No OBJECT: 0xE131C390(1a65390) Type: 17 Section Object Header: 0xE131C378 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE137DD88(28e0d88) BasedAddress: 0x2E90CC38 SizeOfSegment: 0xe000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\smss.exe OBJECT: 0xFCC83820(12a0820) Type: 8 Event Object Header: 0xFCC83808 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC837E0(12a07e0) Type: 8 Event Object Header: 0xFCC837C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC837A0(12a07a0) Type: 8 Event Object Header: 0xFCC83788 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC834A8(12a04a8) Type: 26 File Object Header: 0xFCC83490 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT OBJECT: 0xE13D1F40(4450f40) Type: 19 Port Object Header: 0xE13D1F28 GrantedAccess: 1f0001 PointerCount: 8 HandleCount: 1 Directory: 0xFCE00850 Name: SmApiPort SecurityDescriptor: 0xE13C5C38(2cf2c38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCRC;;;RC)(A;;0x1f0001;;;BA) Creator: 00000098.00000094 ClientThread: 0x00000000 ServerProcess: 0xFCD64D60 OBJECT: 0xFCD64800(1381800) Type: 6 Thread Object Header: 0xFCD647E8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.0000009C ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCD64560(1381560) Type: 6 Thread Object Header: 0xFCD64548 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000A0 ThreadsProcess: 0xFCD64D60 OBJECT: 0xE1DC9EF0(75ebef0) Type: 19 Port Object Header: 0xE1DC9ED8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000098.000000A0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCE00630(141d630) Type: 2 Directory Object Header: 0xFCE00618 GrantedAccess: f000f PointerCount: 142 HandleCount: 1 Directory: 0xFCE00850 Name: ?? SecurityDescriptor: 0xE1007D38(15a8d38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;OICIIO;GX;;;WD)(A;OICIIO;GA;;;BA)(A;OICIIO;GA;;;SY)(A;OICIIO;GA;;;CO) FullPath: \?? OBJECT: 0xFCC82548(129f548) Type: 26 File Object Header: 0xFCC82530 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32 OBJECT: 0xFCC82370(129f370) Type: 3 SymbolicLink Object Header: 0xFCC82358 GrantedAccess: f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC82930 Name: KnownDllPath SecurityDescriptor: 0xE13D1E78(4450e78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCRC;;;RC)(A;;CCSDRCWDWO;;;BA) Target: C:\WINNT\system32 OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: f000f PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xE130FC60(1a38c60) Type: 18 Key Object Header: 0xE130FC48 GrantedAccess: 20006 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PERFLIB\ OBJECT: 0xFCD5FF10(137cf10) Type: 8 Event Object Header: 0xFCD5FEF8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCE00850 Name: UniqueSessionIdEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1CEF5A0(633d5a0) Type: 19 Port Object Header: 0xE1CEF588 GrantedAccess: 1f0001 PointerCount: 7 HandleCount: 1 Directory: 0xFCE00850 Name: DbgSsApiPort SecurityDescriptor: 0xE137A9D8(281b9d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD) Creator: 00000098.00000094 ClientThread: 0x00000000 ServerProcess: 0xFCD64D60 OBJECT: 0xE130E160(1a37160) Type: 18 Key Object Header: 0xE130E148 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CrashControl\ OBJECT: 0xE1D398A0(689e8a0) Type: 19 Port Object Header: 0xE1D39888 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCE00850 Name: DbgUiApiPort SecurityDescriptor: 0xE137A9D8(281b9d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD) Creator: 00000098.00000094 ClientThread: 0x00000000 ServerProcess: 0xFCD64D60 OBJECT: 0xFCD5C020(1379020) Type: 6 Thread Object Header: 0xFCD5C008 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000A8 ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCD5C380(1379380) Type: 6 Thread Object Header: 0xFCD5C368 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000A4 ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCD64D60(1381d60) Type: 5 Process Object Header: 0xFCD64D48 GrantedAccess: 20040 PointerCount: 12 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: smss.exe OBJECT: 0xE1D384D0(688d4d0) Type: 19 Port Object Header: 0xE1D384B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000098.000000A4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1400770(6604770) Type: 19 Port Object Header: 0xE1400758 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000098.00000094 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC62020(127f020) Type: 6 Thread Object Header: 0xFCC62008 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000AC ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCC62F40(127ff40) Type: 8 Event Object Header: 0xFCC62F28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC62B00(127fb00) Type: 5 Process Object Header: 0xFCC62AE8 GrantedAccess: 1f0fff PointerCount: 141 HandleCount: 3 SecurityDescriptor: 0xE1D39478(689e478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x20c79;;;SY) ImageFileName: csrss.exe OBJECT: 0xFCC62B00(127fb00) Type: 5 Process Object Header: 0xFCC62AE8 GrantedAccess: 20040 PointerCount: 141 HandleCount: 3 SecurityDescriptor: 0xE1D39478(689e478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x20c79;;;SY) ImageFileName: csrss.exe OBJECT: 0xE1DC87F0(76627f0) Type: 19 Port Object Header: 0xE1DC87D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000098.00000094 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1DC6310(7600310) Type: 19 Port Object Header: 0xE1DC62F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000098.000000A4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC62B00(127fb00) Type: 5 Process Object Header: 0xFCC62AE8 GrantedAccess: 400 PointerCount: 141 HandleCount: 3 SecurityDescriptor: 0xE1D39478(689e478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x20c79;;;SY) ImageFileName: csrss.exe OBJECT: 0xE1DC88D0(76628d0) Type: 19 Port Object Header: 0xE1DC88B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000098.0000009C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1DC9030(75eb030) Type: 19 Port Object Header: 0xE1DC9018 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000098.0000009C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA36620(1053620) Type: 5 Process Object Header: 0xFCA36608 GrantedAccess: 1f0fff PointerCount: 217 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: winlogon.exe 4. TABLE: 0xFCC63CE8(1280ce8): Table: 0xE1D3C000 QuotaProcess: 0xFCC62B00 ProcessId: b4 HandleCount: 321 CapturedHandleCount: 322 TableLevel: 2 StrictFIFO: No OBJECT: 0xE130DBB0(1a30bb0) Type: 17 Section Object Header: 0xE130DB98 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1338388(1aa6388) BasedAddress: 0x2EBF1C30 SizeOfSegment: 0x4000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\csrss.exe OBJECT: 0xFCC62720(127f720) Type: 8 Event Object Header: 0xFCC62708 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC626E0(127f6e0) Type: 8 Event Object Header: 0xFCC626C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC626A0(127f6a0) Type: 8 Event Object Header: 0xFCC62688 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFCC62608(127f608) Type: 26 File Object Header: 0xFCC625F0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32 OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFCA36620(1053620) Type: 5 Process Object Header: 0xFCA36608 GrantedAccess: 1f0fff PointerCount: 217 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: winlogon.exe OBJECT: 0xE1321510(1a6d510) Type: 17 Section Object Header: 0xE13214F8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1D3B9E8(68b99e8) BasedAddress: 0x000000C0 SizeOfSegment: 0x100000 OBJECT: 0xFCC61FA0(127efa0) Type: 8 Event Object Header: 0xFCC61F88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC61B30(127eb30) Type: 2 Directory Object Header: 0xFCC61B18 GrantedAccess: f000f PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: Restricted SecurityDescriptor: 0xE1D409B8(69709b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCLCSWRC;;;RC) FullPath: \BaseNamedObjects\Restricted OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: f000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1f0001 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1D42040(695b040) Type: 17 Section Object Header: 0xE1D42028 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC616C0 Name: NlsSectionUnicode SecurityDescriptor: 0xE1D405F8(69705f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D3F0E8(692f0e8) BasedAddress: 0x2D7BD4D8 SizeOfSegment: 0x15df4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\unicode.nls OBJECT: 0xE1D40420(6970420) Type: 17 Section Object Header: 0xE1D40408 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC616C0 Name: NlsSectionLocale SecurityDescriptor: 0xE1D405F8(69705f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D40468(6970468) BasedAddress: 0x2DC314D8 SizeOfSegment: 0x2eeec SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\locale.nls OBJECT: 0xE1D40220(6970220) Type: 17 Section Object Header: 0xE1D40208 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC616C0 Name: NlsSectionCType SecurityDescriptor: 0xE1D405F8(69705f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D3F548(692f548) BasedAddress: 0x2DC21CC0 SizeOfSegment: 0x1b9e SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\ctype.nls OBJECT: 0xE1D41FC0(697ffc0) Type: 17 Section Object Header: 0xE1D41FA8 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC616C0 Name: NlsSectionSortkey SecurityDescriptor: 0xE1D405F8(69705f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D41008(697f008) BasedAddress: 0x2EC0ECC8 SizeOfSegment: 0x40004 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\sortkey.nls OBJECT: 0xE1D421C0(695b1c0) Type: 17 Section Object Header: 0xE1D421A8 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC616C0 Name: NlsSectionSortTbls SecurityDescriptor: 0xE1D405F8(69705f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D40188(6970188) BasedAddress: 0x2EC10CC8 SizeOfSegment: 0x3580 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\sorttbls.nls OBJECT: 0xFCC60CC0(127dcc0) Type: 8 Event Object Header: 0xFCC60CA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC60C80(127dc80) Type: 8 Event Object Header: 0xFCC60C68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC60C40(127dc40) Type: 8 Event Object Header: 0xFCC60C28 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC60C00(127dc00) Type: 8 Event Object Header: 0xFCC60BE8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D4DD20(69d8d20) Type: 18 Key Object Header: 0xE1D4DD08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Intel\IgfxCfg\Display1\DISPLAY\ OBJECT: 0xE131F4A0(1a674a0) Type: 18 Key Object Header: 0xE131F488 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Intel\IgfxCfg\Display1\DISPLAY\ OBJECT: 0xE12B0DC0(19dbdc0) Type: 18 Key Object Header: 0xE12B0DA8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Intel\IgfxCfg\Display1\DISPLAY\ OBJECT: 0xE1D42D50(695bd50) Type: 19 Port Object Header: 0xE1D42D38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC5A500(1277500) Type: 6 Thread Object Header: 0xFCC5A4E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000B8 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCC5A480(1277480) Type: 8 Event Object Header: 0xFCC5A468 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC5A440(1277440) Type: 8 Event Object Header: 0xFCC5A428 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC5A400(1277400) Type: 8 Event Object Header: 0xFCC5A3E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC5A3C0(12773c0) Type: 8 Event Object Header: 0xFCC5A3A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC5A380(1277380) Type: 8 Event Object Header: 0xFCC5A368 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DC2D80(7573d80) Type: 19 Port Object Header: 0xE1DC2D68 GrantedAccess: 1f0001 PointerCount: 93 HandleCount: 1 Directory: 0xFCC90030 Name: ApiPort SecurityDescriptor: 0xE1DC1378(7552378) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD)(A;;0x1f0001;;;RC) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0xFCC62B00 OBJECT: 0xFCA37FC0(1054fc0) Type: 8 Event Object Header: 0xFCA37FA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D64740(756b740) Type: 18 Key Object Header: 0xE1D64728 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\ OBJECT: 0xE1DC8AB0(7662ab0) Type: 19 Port Object Header: 0xE1DC8A98 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA371A0(10541a0) Type: 6 Thread Object Header: 0xFCA37188 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000BC ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA36020(1053020) Type: 8 Event Object Header: 0xFCA36008 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA36CA0(1053ca0) Type: 6 Thread Object Header: 0xFCA36C88 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C0 ThreadsProcess: 0xFCC62B00 OBJECT: 0xE1DC89C0(76629c0) Type: 19 Port Object Header: 0xE1DC89A8 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCC90030 Name: SbApiPort SecurityDescriptor: 0xE131B438(1a3b438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0xFCC62B00 OBJECT: 0xFCA36960(1053960) Type: 6 Thread Object Header: 0xFCA36948 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C4 ThreadsProcess: 0xFCC62B00 OBJECT: 0xE1DC6210(7600210) Type: 19 Port Object Header: 0xE1DC61F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA363A0(10533a0) Type: 6 Thread Object Header: 0xFCA36388 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.0000008C ThreadsProcess: 0xFCA36620 OBJECT: 0xE1DCEE50(76b6e50) Type: 19 Port Object Header: 0xE1DCEE38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA33D60(1050d60) Type: 6 Thread Object Header: 0xFCA33D48 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C8 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA33AA0(1050aa0) Type: 8 Event Object Header: 0xFCA33A88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2E8A0(104b8a0) Type: 8 Event Object Header: 0xFCA2E888 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2E120(104b120) Type: 8 Event Object Header: 0xFCA2E108 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2D8B0(104a8b0) Type: 8 Event Object Header: 0xFCA2D898 GrantedA