Shared User Data: 0xFFDF0000(248000) Product: NT Workstation Suite: NT Version: 5.0 System Time: 0x1c569de5fde8a10 2005-06-05 14:53:46Z Time Zone ID: 2 Bias: 144000000000 Local Time: 0x1c569bcd8ccea10 2005-06-05 10:53:46Z Tick Count: 0x3148e8c System Root: C:\WINNT Processor Architecture: StandardDesign Processor Features: FloatingPointPrecisionErrata: FloatingPointEmulated: CompareExchangeDouble: X MMXInstructionsAvailable: X PPCMovemem64BitOk: AlphaByteInstructions: XMMIInstructionsAvailable: X 3DNOWInstructionsAvailable: RDTSCInstructionAvailable: X PAEEnabled: XMMI64InstructionsAvailable: Large page minimum: 0 Debugger Enabled: No NxSupport: 0x0 Active Console ID: 0 Physical Pages: 0 Booted in safe mode: No TestReturnInstruction: 0 0 0 0 SystemCall: 0x0 SystemCallReturn: 0x0 Cookie: 0x0 Kernel Base : 0x80400000 Kernel Size : 0x19fb90 Page Tables: 0xC0000000 (0x1680000) Page Directory: 0xC0300000 (0x30000) KeNumberProcessors: 0x8046B4CC(46b4cc) 1 KeActiveProcessors: 0x8046B4D4(46b4d4) 1 KiProcessorBlock: 0x8046BDA0(46bda0) KeBootTime: 0x8046B318 (46b318) Value: 0x1c569660cf6aac0 2005-06-05 00:32:27Z KeBootTimeBias: 0x8046B328 Value: 0 Processor Control Regions: KPCR0: 0xFFDFF000(247000) KdVersionBlock: 0x00000000(1) GDT Base: 0x80036000(36000) IDT Base: 0x80036400(36400) IDTR: 0x8003f400 Limit: 0x7ff GDTR: 0x8003f000 Limit: 0x3ff LDTR: 0x8003f000 Limit: 0x3ff TSS: 0x80249000(249000) Processor Control Block: 0xFFDFF120 IdleThread: 0x8046D3F0 BuildType: 2 CpuType: 6 CpuStep: 0x806 SetMember: 1 CpuID: 1 VendorString: GenuineIntel MHZ: 285 PRCBNumber: 0 LogicalProcessorsPerPhysicalProcessor: 0 DebugActive: false Pagefile Information: MmNumberOfPagingFiles: 0x80480644(480644) Value: 1 MmPagingFile: 0x80480C40(480c40) Pagingfile0: 0xFCC8EE28(12abe28) Size: 0xc000 MaximumSize: 0x18000 MinimumSize: 0xc000 FreeSpace: 0xa4fe CurrentUsage: 0x1b01 PeakUsage: 0x1b2c HighestPage: 0x0 FileObject: 0xFCC8EEA8 PagefileName: \??\C:\pagefile.sys Memory Information: MmPagesSize: 0x1000 MmLowestPhysicalPage: 0x8046B4D0(46b4d0) Value: 0x2 MmHighestPhysicalPage: 0x8046B4D8(46b4d8) Value: 0x7e7f MmNumberOfPhysicalPages: 0x8046B4DC(46b4dc) Value: 0x7dfb MmPfnDatabase: 0x8046B448(46b448) IDT Tables: IDT: 0x80036400(36400) No. Selector:Offset ParamCount Dpl Type Module 0. 8:80463c46 0 0 0xe \WINNT\System32\ntoskrnl.exe 1. 8:80463d96 0 0 0xe \WINNT\System32\ntoskrnl.exe 3. 8:8046406e 0 3 0xe \WINNT\System32\ntoskrnl.exe 4. 8:804641d2 0 3 0xe \WINNT\System32\ntoskrnl.exe 5. 8:80464316 0 0 0xe \WINNT\System32\ntoskrnl.exe 6. 8:8046447a 0 0 0xe \WINNT\System32\ntoskrnl.exe 7. 8:804649b0 0 0 0xe \WINNT\System32\ntoskrnl.exe 9. 8:80464d6c 0 0 0xe \WINNT\System32\ntoskrnl.exe a. 8:80464e74 0 0 0xe \WINNT\System32\ntoskrnl.exe b. 8:80464fa0 0 0 0xe \WINNT\System32\ntoskrnl.exe c. 8:804652a4 0 0 0xe \WINNT\System32\ntoskrnl.exe d. 8:804654b0 0 0 0xe \WINNT\System32\ntoskrnl.exe e. 8:80465f04 0 0 0xe \WINNT\System32\ntoskrnl.exe f. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 10. 8:804663a7 0 0 0xe \WINNT\System32\ntoskrnl.exe 11. 8:804664cb 0 0 0xe \WINNT\System32\ntoskrnl.exe 13. 8:8046661b 0 0 0xe \WINNT\System32\ntoskrnl.exe 14. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 15. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 16. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 17. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 18. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 19. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1a. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1b. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1c. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1d. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1e. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1f. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 2a. 8:8046310c 0 3 0xe \WINNT\System32\ntoskrnl.exe 2b. 8:80463202 0 3 0xe \WINNT\System32\ntoskrnl.exe 2c. 8:80463322 0 3 0xe \WINNT\System32\ntoskrnl.exe 2d. 8:80463f5e 0 3 0xe \WINNT\System32\ntoskrnl.exe 2e. 8:80462c2d 0 3 0xe \WINNT\System32\ntoskrnl.exe 2f. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 30. 8:8006807c 0 0 0xe \WINNT\System32\hal.dll 31. 8:fcdbc6a4 0 0 0xe 32. 8:80462284 0 0 0xe \WINNT\System32\ntoskrnl.exe 33. 8:8046228e 0 0 0xe \WINNT\System32\ntoskrnl.exe 34. 8:fcd32264 0 0 0xe 35. 8:804622a2 0 0 0xe \WINNT\System32\ntoskrnl.exe 36. 8:804622ac 0 0 0xe \WINNT\System32\ntoskrnl.exe 37. 8:804622b6 0 0 0xe \WINNT\System32\ntoskrnl.exe 38. 8:80062db0 0 0 0xe \WINNT\System32\hal.dll 39. 8:fcd53144 0 0 0xe 3a. 8:804622d4 0 0 0xe \WINNT\System32\ntoskrnl.exe 3b. 8:fcd32884 0 0 0xe 3c. 8:fcd33dc4 0 0 0xe 3d. 8:804622f2 0 0 0xe \WINNT\System32\ntoskrnl.exe 3e. 8:fcd4d164 0 0 0xe 3f. 8:80462306 0 0 0xe \WINNT\System32\ntoskrnl.exe 40. 8:80462310 0 0 0xe \WINNT\System32\ntoskrnl.exe 41. 8:8046231a 0 0 0xe \WINNT\System32\ntoskrnl.exe 42. 8:80462324 0 0 0xe \WINNT\System32\ntoskrnl.exe 43. 8:8046232e 0 0 0xe \WINNT\System32\ntoskrnl.exe 44. 8:80462338 0 0 0xe \WINNT\System32\ntoskrnl.exe 45. 8:80462342 0 0 0xe \WINNT\System32\ntoskrnl.exe 46. 8:8046234c 0 0 0xe \WINNT\System32\ntoskrnl.exe 47. 8:80462356 0 0 0xe \WINNT\System32\ntoskrnl.exe 48. 8:80462360 0 0 0xe \WINNT\System32\ntoskrnl.exe 49. 8:8046236a 0 0 0xe \WINNT\System32\ntoskrnl.exe 4a. 8:80462374 0 0 0xe \WINNT\System32\ntoskrnl.exe 4b. 8:8046237e 0 0 0xe \WINNT\System32\ntoskrnl.exe 4c. 8:80462388 0 0 0xe \WINNT\System32\ntoskrnl.exe 4d. 8:80462392 0 0 0xe \WINNT\System32\ntoskrnl.exe 4e. 8:8046239c 0 0 0xe \WINNT\System32\ntoskrnl.exe 4f. 8:804623a6 0 0 0xe \WINNT\System32\ntoskrnl.exe 50. 8:804623b0 0 0 0xe \WINNT\System32\ntoskrnl.exe 51. 8:804623ba 0 0 0xe \WINNT\System32\ntoskrnl.exe 52. 8:804623c4 0 0 0xe \WINNT\System32\ntoskrnl.exe 53. 8:804623ce 0 0 0xe \WINNT\System32\ntoskrnl.exe 54. 8:804623d8 0 0 0xe \WINNT\System32\ntoskrnl.exe 55. 8:804623e2 0 0 0xe \WINNT\System32\ntoskrnl.exe 56. 8:804623ec 0 0 0xe \WINNT\System32\ntoskrnl.exe 57. 8:804623f6 0 0 0xe \WINNT\System32\ntoskrnl.exe 58. 8:80462400 0 0 0xe \WINNT\System32\ntoskrnl.exe 59. 8:8046240a 0 0 0xe \WINNT\System32\ntoskrnl.exe 5a. 8:80462414 0 0 0xe \WINNT\System32\ntoskrnl.exe 5b. 8:8046241e 0 0 0xe \WINNT\System32\ntoskrnl.exe 5c. 8:80462428 0 0 0xe \WINNT\System32\ntoskrnl.exe 5d. 8:80462432 0 0 0xe \WINNT\System32\ntoskrnl.exe 5e. 8:8046243c 0 0 0xe \WINNT\System32\ntoskrnl.exe 5f. 8:80462446 0 0 0xe \WINNT\System32\ntoskrnl.exe 60. 8:80462450 0 0 0xe \WINNT\System32\ntoskrnl.exe 61. 8:8046245a 0 0 0xe \WINNT\System32\ntoskrnl.exe 62. 8:80462464 0 0 0xe \WINNT\System32\ntoskrnl.exe 63. 8:8046246e 0 0 0xe \WINNT\System32\ntoskrnl.exe 64. 8:80462478 0 0 0xe \WINNT\System32\ntoskrnl.exe 65. 8:80462482 0 0 0xe \WINNT\System32\ntoskrnl.exe 66. 8:8046248c 0 0 0xe \WINNT\System32\ntoskrnl.exe 67. 8:80462496 0 0 0xe \WINNT\System32\ntoskrnl.exe 68. 8:804624a0 0 0 0xe \WINNT\System32\ntoskrnl.exe 69. 8:804624aa 0 0 0xe \WINNT\System32\ntoskrnl.exe 6a. 8:804624b4 0 0 0xe \WINNT\System32\ntoskrnl.exe 6b. 8:804624be 0 0 0xe \WINNT\System32\ntoskrnl.exe 6c. 8:804624c8 0 0 0xe \WINNT\System32\ntoskrnl.exe 6d. 8:804624d2 0 0 0xe \WINNT\System32\ntoskrnl.exe 6e. 8:804624dc 0 0 0xe \WINNT\System32\ntoskrnl.exe 6f. 8:804624e6 0 0 0xe \WINNT\System32\ntoskrnl.exe 70. 8:804624f0 0 0 0xe \WINNT\System32\ntoskrnl.exe 71. 8:804624fa 0 0 0xe \WINNT\System32\ntoskrnl.exe 72. 8:80462504 0 0 0xe \WINNT\System32\ntoskrnl.exe 73. 8:8046250e 0 0 0xe \WINNT\System32\ntoskrnl.exe 74. 8:80462518 0 0 0xe \WINNT\System32\ntoskrnl.exe 75. 8:80462522 0 0 0xe \WINNT\System32\ntoskrnl.exe 76. 8:8046252c 0 0 0xe \WINNT\System32\ntoskrnl.exe 77. 8:80462536 0 0 0xe \WINNT\System32\ntoskrnl.exe 78. 8:80462540 0 0 0xe \WINNT\System32\ntoskrnl.exe 79. 8:8046254a 0 0 0xe \WINNT\System32\ntoskrnl.exe 7a. 8:80462554 0 0 0xe \WINNT\System32\ntoskrnl.exe 7b. 8:8046255e 0 0 0xe \WINNT\System32\ntoskrnl.exe 7c. 8:80462568 0 0 0xe \WINNT\System32\ntoskrnl.exe 7d. 8:80462572 0 0 0xe \WINNT\System32\ntoskrnl.exe 7e. 8:8046257c 0 0 0xe \WINNT\System32\ntoskrnl.exe 7f. 8:80462586 0 0 0xe \WINNT\System32\ntoskrnl.exe 80. 8:80462590 0 0 0xe \WINNT\System32\ntoskrnl.exe 81. 8:8046259a 0 0 0xe \WINNT\System32\ntoskrnl.exe 82. 8:804625a4 0 0 0xe \WINNT\System32\ntoskrnl.exe 83. 8:804625ae 0 0 0xe \WINNT\System32\ntoskrnl.exe 84. 8:804625b8 0 0 0xe \WINNT\System32\ntoskrnl.exe 85. 8:804625c2 0 0 0xe \WINNT\System32\ntoskrnl.exe 86. 8:804625cc 0 0 0xe \WINNT\System32\ntoskrnl.exe 87. 8:804625d6 0 0 0xe \WINNT\System32\ntoskrnl.exe 88. 8:804625e0 0 0 0xe \WINNT\System32\ntoskrnl.exe 89. 8:804625ea 0 0 0xe \WINNT\System32\ntoskrnl.exe 8a. 8:804625f4 0 0 0xe \WINNT\System32\ntoskrnl.exe 8b. 8:804625fe 0 0 0xe \WINNT\System32\ntoskrnl.exe 8c. 8:80462608 0 0 0xe \WINNT\System32\ntoskrnl.exe 8d. 8:80462612 0 0 0xe \WINNT\System32\ntoskrnl.exe 8e. 8:8046261c 0 0 0xe \WINNT\System32\ntoskrnl.exe 8f. 8:80462626 0 0 0xe \WINNT\System32\ntoskrnl.exe 90. 8:80462630 0 0 0xe \WINNT\System32\ntoskrnl.exe 91. 8:8046263a 0 0 0xe \WINNT\System32\ntoskrnl.exe 92. 8:80462644 0 0 0xe \WINNT\System32\ntoskrnl.exe 93. 8:8046264e 0 0 0xe \WINNT\System32\ntoskrnl.exe 94. 8:80462658 0 0 0xe \WINNT\System32\ntoskrnl.exe 95. 8:80462662 0 0 0xe \WINNT\System32\ntoskrnl.exe 96. 8:8046266c 0 0 0xe \WINNT\System32\ntoskrnl.exe 97. 8:80462676 0 0 0xe \WINNT\System32\ntoskrnl.exe 98. 8:80462680 0 0 0xe \WINNT\System32\ntoskrnl.exe 99. 8:8046268a 0 0 0xe \WINNT\System32\ntoskrnl.exe 9a. 8:80462694 0 0 0xe \WINNT\System32\ntoskrnl.exe 9b. 8:8046269e 0 0 0xe \WINNT\System32\ntoskrnl.exe 9c. 8:804626a8 0 0 0xe \WINNT\System32\ntoskrnl.exe 9d. 8:804626b2 0 0 0xe \WINNT\System32\ntoskrnl.exe 9e. 8:804626bc 0 0 0xe \WINNT\System32\ntoskrnl.exe 9f. 8:804626c6 0 0 0xe \WINNT\System32\ntoskrnl.exe a0. 8:804626d0 0 0 0xe \WINNT\System32\ntoskrnl.exe a1. 8:804626da 0 0 0xe \WINNT\System32\ntoskrnl.exe a2. 8:804626e4 0 0 0xe \WINNT\System32\ntoskrnl.exe a3. 8:804626ee 0 0 0xe \WINNT\System32\ntoskrnl.exe a4. 8:804626f8 0 0 0xe \WINNT\System32\ntoskrnl.exe a5. 8:80462702 0 0 0xe \WINNT\System32\ntoskrnl.exe a6. 8:8046270c 0 0 0xe \WINNT\System32\ntoskrnl.exe a7. 8:80462716 0 0 0xe \WINNT\System32\ntoskrnl.exe a8. 8:80462720 0 0 0xe \WINNT\System32\ntoskrnl.exe a9. 8:8046272a 0 0 0xe \WINNT\System32\ntoskrnl.exe aa. 8:80462734 0 0 0xe \WINNT\System32\ntoskrnl.exe ab. 8:8046273e 0 0 0xe \WINNT\System32\ntoskrnl.exe ac. 8:80462748 0 0 0xe \WINNT\System32\ntoskrnl.exe ad. 8:80462752 0 0 0xe \WINNT\System32\ntoskrnl.exe ae. 8:8046275c 0 0 0xe \WINNT\System32\ntoskrnl.exe af. 8:80462766 0 0 0xe \WINNT\System32\ntoskrnl.exe b0. 8:80462770 0 0 0xe \WINNT\System32\ntoskrnl.exe b1. 8:8046277a 0 0 0xe \WINNT\System32\ntoskrnl.exe b2. 8:80462784 0 0 0xe \WINNT\System32\ntoskrnl.exe b3. 8:8046278e 0 0 0xe \WINNT\System32\ntoskrnl.exe b4. 8:80462798 0 0 0xe \WINNT\System32\ntoskrnl.exe b5. 8:804627a2 0 0 0xe \WINNT\System32\ntoskrnl.exe b6. 8:804627ac 0 0 0xe \WINNT\System32\ntoskrnl.exe b7. 8:804627b6 0 0 0xe \WINNT\System32\ntoskrnl.exe b8. 8:804627c0 0 0 0xe \WINNT\System32\ntoskrnl.exe b9. 8:804627ca 0 0 0xe \WINNT\System32\ntoskrnl.exe ba. 8:804627d4 0 0 0xe \WINNT\System32\ntoskrnl.exe bb. 8:804627de 0 0 0xe \WINNT\System32\ntoskrnl.exe bc. 8:804627e8 0 0 0xe \WINNT\System32\ntoskrnl.exe bd. 8:804627f2 0 0 0xe \WINNT\System32\ntoskrnl.exe be. 8:804627fc 0 0 0xe \WINNT\System32\ntoskrnl.exe bf. 8:80462806 0 0 0xe \WINNT\System32\ntoskrnl.exe c0. 8:80462810 0 0 0xe \WINNT\System32\ntoskrnl.exe c1. 8:8046281a 0 0 0xe \WINNT\System32\ntoskrnl.exe c2. 8:80462824 0 0 0xe \WINNT\System32\ntoskrnl.exe c3. 8:8046282e 0 0 0xe \WINNT\System32\ntoskrnl.exe c4. 8:80462838 0 0 0xe \WINNT\System32\ntoskrnl.exe c5. 8:80462842 0 0 0xe \WINNT\System32\ntoskrnl.exe c6. 8:8046284c 0 0 0xe \WINNT\System32\ntoskrnl.exe c7. 8:80462856 0 0 0xe \WINNT\System32\ntoskrnl.exe c8. 8:80462860 0 0 0xe \WINNT\System32\ntoskrnl.exe c9. 8:8046286a 0 0 0xe \WINNT\System32\ntoskrnl.exe ca. 8:80462874 0 0 0xe \WINNT\System32\ntoskrnl.exe cb. 8:8046287e 0 0 0xe \WINNT\System32\ntoskrnl.exe cc. 8:80462888 0 0 0xe \WINNT\System32\ntoskrnl.exe cd. 8:80462892 0 0 0xe \WINNT\System32\ntoskrnl.exe ce. 8:8046289c 0 0 0xe \WINNT\System32\ntoskrnl.exe cf. 8:804628a6 0 0 0xe \WINNT\System32\ntoskrnl.exe d0. 8:804628b0 0 0 0xe \WINNT\System32\ntoskrnl.exe d1. 8:804628ba 0 0 0xe \WINNT\System32\ntoskrnl.exe d2. 8:804628c4 0 0 0xe \WINNT\System32\ntoskrnl.exe d3. 8:804628ce 0 0 0xe \WINNT\System32\ntoskrnl.exe d4. 8:804628d8 0 0 0xe \WINNT\System32\ntoskrnl.exe d5. 8:804628e2 0 0 0xe \WINNT\System32\ntoskrnl.exe d6. 8:804628ec 0 0 0xe \WINNT\System32\ntoskrnl.exe d7. 8:804628f6 0 0 0xe \WINNT\System32\ntoskrnl.exe d8. 8:80462900 0 0 0xe \WINNT\System32\ntoskrnl.exe d9. 8:8046290a 0 0 0xe \WINNT\System32\ntoskrnl.exe da. 8:80462914 0 0 0xe \WINNT\System32\ntoskrnl.exe db. 8:8046291e 0 0 0xe \WINNT\System32\ntoskrnl.exe dc. 8:80462928 0 0 0xe \WINNT\System32\ntoskrnl.exe dd. 8:80462932 0 0 0xe \WINNT\System32\ntoskrnl.exe de. 8:8046293c 0 0 0xe \WINNT\System32\ntoskrnl.exe df. 8:80462946 0 0 0xe \WINNT\System32\ntoskrnl.exe e0. 8:80462950 0 0 0xe \WINNT\System32\ntoskrnl.exe e1. 8:8046295a 0 0 0xe \WINNT\System32\ntoskrnl.exe e2. 8:80462964 0 0 0xe \WINNT\System32\ntoskrnl.exe e3. 8:8046296e 0 0 0xe \WINNT\System32\ntoskrnl.exe e4. 8:80462978 0 0 0xe \WINNT\System32\ntoskrnl.exe e5. 8:80462982 0 0 0xe \WINNT\System32\ntoskrnl.exe e6. 8:8046298c 0 0 0xe \WINNT\System32\ntoskrnl.exe e7. 8:80462996 0 0 0xe \WINNT\System32\ntoskrnl.exe e8. 8:804629a0 0 0 0xe \WINNT\System32\ntoskrnl.exe e9. 8:804629aa 0 0 0xe \WINNT\System32\ntoskrnl.exe ea. 8:804629b4 0 0 0xe \WINNT\System32\ntoskrnl.exe eb. 8:804629be 0 0 0xe \WINNT\System32\ntoskrnl.exe ec. 8:804629c8 0 0 0xe \WINNT\System32\ntoskrnl.exe ed. 8:804629d2 0 0 0xe \WINNT\System32\ntoskrnl.exe ee. 8:804629d9 0 0 0xe \WINNT\System32\ntoskrnl.exe ef. 8:804629e0 0 0 0xe \WINNT\System32\ntoskrnl.exe f0. 8:804629e7 0 0 0xe \WINNT\System32\ntoskrnl.exe f1. 8:804629ee 0 0 0xe \WINNT\System32\ntoskrnl.exe f2. 8:804629f5 0 0 0xe \WINNT\System32\ntoskrnl.exe f3. 8:804629fc 0 0 0xe \WINNT\System32\ntoskrnl.exe f4. 8:80462a03 0 0 0xe \WINNT\System32\ntoskrnl.exe f5. 8:80462a0a 0 0 0xe \WINNT\System32\ntoskrnl.exe f6. 8:80462a11 0 0 0xe \WINNT\System32\ntoskrnl.exe f7. 8:80462a18 0 0 0xe \WINNT\System32\ntoskrnl.exe f8. 8:80462a1f 0 0 0xe \WINNT\System32\ntoskrnl.exe f9. 8:80462a26 0 0 0xe \WINNT\System32\ntoskrnl.exe fa. 8:80462a2d 0 0 0xe \WINNT\System32\ntoskrnl.exe fb. 8:80462a34 0 0 0xe \WINNT\System32\ntoskrnl.exe fc. 8:80462a3b 0 0 0xe \WINNT\System32\ntoskrnl.exe fd. 8:80462a42 0 0 0xe \WINNT\System32\ntoskrnl.exe fe. 8:80462a49 0 0 0xe \WINNT\System32\ntoskrnl.exe ff. 8:80462a50 0 0 0xe \WINNT\System32\ntoskrnl.exe GDT Tables: GDT (callgates only): 0x80036000(36000) No. Selector:Offset ParamCount Dpl Type Module PsLoadedModuleList : 0x8046B618(46b618) Loaded System Modules: 1. ntoskrnl.exe<0xFCE28288(1445280)>: BaseAddress: 0x80400000 (400000) EntryPoint: 0x8040CF90 Size: 1702528 Flags: 0xc004000 Checksum: 0x1ac8b7 LoadCount: 1 Unknown1: 0 ImagePath: \WINNT\System32\ntoskrnl.exe 2. hal.dll<0xFCE281E8(14451e0)>: BaseAddress: 0x80062000 (62000) EntryPoint: 0x8006FE30 Size: 66528 Flags: 0xc004000 Checksum: 0x1a78e LoadCount: 1 Unknown1: 0 ImagePath: \WINNT\System32\hal.dll 3. BOOTVID.DLL<0xFCE28168(1445160)>: BaseAddress: 0xF0810000 (7d01000) EntryPoint: 0xF08118B0 Size: 12288 Flags: 0x9004000 Checksum: 0xd8a2 LoadCount: 2 Unknown1: 0 ImagePath: \WINNT\System32\BOOTVID.DLL 4. ACPI.sys<0xFCE280E8(14450e0)>: BaseAddress: 0xFC9F8000 (7d04000) EntryPoint: 0xFCA1C10B Size: 163840 Flags: 0x9004000 Checksum: 0x2d30f LoadCount: 1 Unknown1: 0 ImagePath: ACPI.sys 5. WMILIB.SYS<0xFCE28068(1445060)>: BaseAddress: 0xF09C8000 (7d2c000) EntryPoint: 0xF09C8AA0 Size: 4096 Flags: 0xd004000 Checksum: 0x8bfd LoadCount: 12 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\WMILIB.SYS 6. pci.sys<0xFCE26F88(1443f80)>: BaseAddress: 0xF0400000 (7d2d000) EntryPoint: 0xF040BA88 Size: 61440 Flags: 0x9004000 Checksum: 0x154e3 LoadCount: 1 Unknown1: 0 ImagePath: pci.sys 7. isapnp.sys<0xFCE26F08(1443f00)>: BaseAddress: 0xF0410000 (7d3c000) EntryPoint: 0xF0419A80 Size: 49152 Flags: 0x9004000 Checksum: 0x15782 LoadCount: 1 Unknown1: 0 ImagePath: isapnp.sys 8. ohci1394.sys<0xFCE26E88(1443e80)>: BaseAddress: 0xF0420000 (7d48000) EntryPoint: 0xF04273E0 Size: 40960 Flags: 0x9004000 Checksum: 0xd649 LoadCount: 1 Unknown1: 0 ImagePath: ohci1394.sys 9. 1394BUS.SYS<0xFCE26DE8(1443de0)>: BaseAddress: 0xF0430000 (7d52000) EntryPoint: 0xF0435360 Size: 45056 Flags: 0xd004000 Checksum: 0x111a7 LoadCount: 2 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\1394BUS.SYS 10. compbatt.sys<0xFCE26D68(1443d60)>: BaseAddress: 0xF0814000 (7d5d000) EntryPoint: 0xF0815900 Size: 12288 Flags: 0x9004000 Checksum: 0x63b9 LoadCount: 1 Unknown1: 0 ImagePath: compbatt.sys 11. BATTC.SYS<0xFCE27FA8(1444fa0)>: BaseAddress: 0xF0900000 (7da0000) EntryPoint: 0xF0900700 Size: 8192 Flags: 0xd004000 Checksum: 0xba7c LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\BATTC.SYS 12. PCIIde.sys<0xFCE27F48(1444f40)>: BaseAddress: 0xF09C9000 (7d62000) EntryPoint: 0xF09C92C0 Size: 4096 Flags: 0x9004000 Checksum: 0xfff0 LoadCount: 1 Unknown1: 0 ImagePath: PCIIde.sys 13. PCIIDEX.SYS<0xFCE27EC8(1444ec0)>: BaseAddress: 0xF0680000 (7d63000) EntryPoint: 0xF0683E70 Size: 24576 Flags: 0xd004000 Checksum: 0xbafb LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\Drivers\PCIIDEX.SYS 14. intelide.sys<0xFCE27E48(1444e40)>: BaseAddress: 0xF09CA000 (7d69000) EntryPoint: 0xF09CA2C0 Size: 4096 Flags: 0x9004000 Checksum: 0x3b0a LoadCount: 1 Unknown1: 0 ImagePath: intelide.sys 15. pcmcia.sys<0xFCE27DA8(1444da0)>: BaseAddress: 0xFC9DD000 (7d6a000) EntryPoint: 0xFC9F4A1C Size: 110592 Flags: 0x9004000 Checksum: 0x293f1 LoadCount: 1 Unknown1: 0 ImagePath: pcmcia.sys 16. ftdisk.sys<0xFCE27D28(1444d20)>: BaseAddress: 0xFC9C0000 (7d85000) EntryPoint: 0xFC9D91D8 Size: 118784 Flags: 0x9004000 Checksum: 0x2b963 LoadCount: 1 Unknown1: 0 ImagePath: ftdisk.sys 17. Diskperf.sys<0xFCE25008(1442000)>: BaseAddress: 0xF0902000 (7da2000) EntryPoint: 0xF09032C0 Size: 8192 Flags: 0x9004000 Checksum: 0xeef0 LoadCount: 1 Unknown1: 0 ImagePath: Diskperf.sys 18. dmio.sys<0xFCE25FA8(1442fa0)>: BaseAddress: 0xFC99E000 (7da4000) EntryPoint: 0xFC9A0824 Size: 139264 Flags: 0x9004000 Checksum: 0x30f8e LoadCount: 1 Unknown1: 0 ImagePath: dmio.sys 19. sbp2port.sys<0xFCE25F28(1442f20)>: BaseAddress: 0xF0440000 (7dc6000) EntryPoint: 0xF0446480 Size: 36864 Flags: 0x9004000 Checksum: 0xfd87 LoadCount: 1 Unknown1: 0 ImagePath: sbp2port.sys 20. ACPIEC.sys<0xFCE25E88(1442e80)>: BaseAddress: 0xF0818000 (7dcf000) EntryPoint: 0xF081A280 Size: 12288 Flags: 0x9004000 Checksum: 0x57c2 LoadCount: 1 Unknown1: 0 ImagePath: ACPIEC.sys 21. PartMgr.sys<0xFCE25E08(1442e00)>: BaseAddress: 0xF081C000 (7dd2000) EntryPoint: 0xF081E040 Size: 12288 Flags: 0x9004000 Checksum: 0x742c LoadCount: 1 Unknown1: 0 ImagePath: PartMgr.sys 22. MountMgr.sys<0xFCE25D88(1442d80)>: BaseAddress: 0xF0688000 (7dd5000) EntryPoint: 0xF068E160 Size: 32768 Flags: 0x9004000 Checksum: 0xe831 LoadCount: 1 Unknown1: 0 ImagePath: MountMgr.sys 23. atapi.sys<0xFCE25CE8(1442ce0)>: BaseAddress: 0xFC989000 (7ddd000) EntryPoint: 0xFC99B5BA Size: 86016 Flags: 0x9004000 Checksum: 0x1ad3f LoadCount: 1 Unknown1: 0 ImagePath: atapi.sys 24. va32w2.sys<0xFCE25C68(1442c60)>: BaseAddress: 0xF0690000 (7df2000) EntryPoint: 0xF0693FCE Size: 28672 Flags: 0x9004000 Checksum: 0x9158 LoadCount: 1 Unknown1: 0 ImagePath: va32w2.sys 25. SCSIPORT.SYS<0xFCE25BE8(1442be0)>: BaseAddress: 0xFC977000 (7df9000) EntryPoint: 0xFC9868BC Size: 73728 Flags: 0xd004000 Checksum: 0x162c6 LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\SCSIPORT.SYS 26. va16w2.sys<0xFCE25B48(1442b40)>: BaseAddress: 0xF0698000 (7e0b000) EntryPoint: 0xF069B246 Size: 20480 Flags: 0x9004000 Checksum: 0x10d4e LoadCount: 1 Unknown1: 0 ImagePath: va16w2.sys 27. disk.sys<0xFCE25AC8(1442ac0)>: BaseAddress: 0xF06A0000 (7e10000) EntryPoint: 0xF06A5120 Size: 28672 Flags: 0x9004000 Checksum: 0x11fe4 LoadCount: 1 Unknown1: 0 ImagePath: disk.sys 28. CLASSPNP.SYS<0xFCE25A48(1442a40)>: BaseAddress: 0xF0450000 (7e17000) EntryPoint: 0xF04570A0 Size: 36864 Flags: 0xd004000 Checksum: 0xa231 LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\CLASSPNP.SYS 29. Fastfat.sys<0xFCE259A8(14429a0)>: BaseAddress: 0xFC954000 (7e60000) EntryPoint: 0xFC972806 Size: 143360 Flags: 0x9004000 Checksum: 0x2d073 LoadCount: 1 Unknown1: 0 ImagePath: Fastfat.sys 30. KSecDD.sys<0xFCE25928(1442920)>: BaseAddress: 0xFC943000 (7e43000) EntryPoint: 0xFC9528BE Size: 69632 Flags: 0x9004000 Checksum: 0x15d45 LoadCount: 4 Unknown1: 0 ImagePath: KSecDD.sys 31. NDIS.sys<0xFCE258A8(14428a0)>: BaseAddress: 0xFC91B000 (7e54000) EntryPoint: 0xFC93FF1E Size: 163840 Flags: 0x9004000 Checksum: 0x373fe LoadCount: 13 Unknown1: 0 ImagePath: NDIS.sys 32. NaiFsRec.sys<0xFCE25828(1442820)>: BaseAddress: 0xF0904000 (7e7c000) EntryPoint: 0xF090494E Size: 8192 Flags: 0x1004000 Checksum: 0xd391 LoadCount: 1 Unknown1: 0 ImagePath: NaiFsRec.sys 33. Mup.sys<0xFCE25788(1442780)>: BaseAddress: 0xFC905000 (7e7e000) EntryPoint: 0xFC90AB04 Size: 90112 Flags: 0x9004000 Checksum: 0x1f266 LoadCount: 1 Unknown1: 0 ImagePath: Mup.sys 34. VIDEOPRT.SYS<0xFCD26EA8(1343ea0)>: BaseAddress: 0xF0480000 (2260000) EntryPoint: 0xF048A800 Size: 53248 Flags: 0x9104000 Checksum: 0x1a5d2 LoadCount: 3 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS 35. i81xnt5.sys<0xFCD81328(139e320)>: BaseAddress: 0xFC8B2000 (219e000) EntryPoint: 0xFC8B22E0 Size: 139264 Flags: 0x9104000 Checksum: 0x26d86 LoadCount: 1 Unknown1: 86 ImagePath: \SystemRoot\System32\DRIVERS\i81xnt5.sys 36. PxHelper.sys<0xFCD26968(1343960)>: BaseAddress: 0xF087C000 (220d000) EntryPoint: 0xF087D3D8 Size: 12288 Flags: 0x1104000 Checksum: 0x95bd LoadCount: 1 Unknown1: 0 ImagePath: \??\C:\WINNT\System32\drivers\PxHelper.sys 37. cdrom.sys<0xFCD26348(1343340)>: BaseAddress: 0xF06D0000 (2211000) EntryPoint: 0xF06D5980 Size: 28672 Flags: 0x9104000 Checksum: 0x9f9f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\cdrom.sys 38. e100bnt5.sys<0xFCD446E8(13616e0)>: BaseAddress: 0xFC898000 (21fa000) EntryPoint: 0xFC89B7B8 Size: 106496 Flags: 0x9104000 Checksum: 0x222a9 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\e100bnt5.sys 39. i8042prt.sys<0xFCD441A8(13611a0)>: BaseAddress: 0xF0490000 (2254000) EntryPoint: 0xF0498000 Size: 49152 Flags: 0x9104000 Checksum: 0xc15a LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\i8042prt.sys 40. kbdclass.sys<0xFCD80B88(139db80)>: BaseAddress: 0xF06E0000 (22a2000) EntryPoint: 0xF06E3E64 Size: 24576 Flags: 0x9104000 Checksum: 0xe259 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\kbdclass.sys 41. Apfiltr.sys<0xFCDC4768(13e1760)>: BaseAddress: 0xF04A0000 (2288000) EntryPoint: 0xF04A8F80 Size: 40960 Flags: 0x9104000 Checksum: 0xa904 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\Apfiltr.sys 42. mouclass.sys<0xFCDC4448(13e1440)>: BaseAddress: 0xF06F0000 (2293000) EntryPoint: 0xF06F34E4 Size: 24576 Flags: 0x9104000 Checksum: 0x7e78 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\mouclass.sys 43. CmBatt.sys<0xFCD25E68(1342e60)>: BaseAddress: 0xF088C000 (229d000) EntryPoint: 0xF088DBA0 Size: 12288 Flags: 0x9104000 Checksum: 0x2bdd LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\CmBatt.sys 44. SonyPI.sys<0xFCD25148(1342140)>: BaseAddress: 0xF04B0000 (22e1000) EntryPoint: 0xF04B785C Size: 36864 Flags: 0x1104000 Checksum: 0x14b69 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\SonyPI.sys 45. SonyNC.sys<0xFCD24888(1341880)>: BaseAddress: 0xF06F8000 (22d4000) EntryPoint: 0xF06FBE72 Size: 20480 Flags: 0x1104000 Checksum: 0x1ab68 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\SonyNC.sys 46. serial.sys<0xFCD241A8(13411a0)>: BaseAddress: 0xF04C0000 (22fd000) EntryPoint: 0xF04CA300 Size: 65536 Flags: 0x9104000 Checksum: 0x11703 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\serial.sys 47. serenum.sys<0xFCD7FFA8(139cfa0)>: BaseAddress: 0xF089C000 (230e000) EntryPoint: 0xF089E9C0 Size: 16384 Flags: 0x9104000 Checksum: 0x1105e LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\serenum.sys 48. parport.sys<0xFCD7E008(139b000)>: BaseAddress: 0xF0710000 (231f000) EntryPoint: 0xF07104A2 Size: 28672 Flags: 0x9104000 Checksum: 0xeedd LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\parport.sys 49. fdc.sys<0xFCD7E988(139b980)>: BaseAddress: 0xF0720000 (1) EntryPoint: 0xF0724F30 Size: 28672 Flags: 0x9104000 Checksum: 0x1553c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\fdc.sys 50. USBD.SYS<0xFCD7DEA8(139aea0)>: BaseAddress: 0xF0740000 (2358000) EntryPoint: 0xF0740300 Size: 20480 Flags: 0x9104000 Checksum: 0x5465 LoadCount: 3 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\USBD.SYS 51. uhcd.sys<0xFCD7E0C8(139b0c0)>: BaseAddress: 0xF0730000 (2350000) EntryPoint: 0xF07302E0 Size: 32768 Flags: 0x9104000 Checksum: 0x11484 LoadCount: 1 Unknown1: 85 ImagePath: \SystemRoot\System32\DRIVERS\uhcd.sys 52. KS.SYS<0xFCDC08C8(13dd8c0)>: BaseAddress: 0xFC80B000 (24cd000) EntryPoint: 0xFC826060 Size: 122880 Flags: 0x9104000 Checksum: 0x2d626 LoadCount: 5 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\KS.SYS 53. portcls.sys<0xFCDC0B68(13ddb60)>: BaseAddress: 0xFC829000 (2487000) EntryPoint: 0xFC83F87C Size: 151552 Flags: 0x9104000 Checksum: 0x30ed1 LoadCount: 1 Unknown1: 75 ImagePath: \SystemRoot\system32\drivers\portcls.sys 54. smwdm.sys<0xFCDC0E08(13dde00)>: BaseAddress: 0xFC84E000 (23bd000) EntryPoint: 0xFC88BE78 Size: 303104 Flags: 0x9104000 Checksum: 0x580c3 LoadCount: 1 Unknown1: 112 ImagePath: \SystemRoot\system32\drivers\smwdm.sys 55. rksample.sys<0xFCDBFF08(13dcf00)>: BaseAddress: 0xF04D0000 (24f0000) EntryPoint: 0xF04DBE18 Size: 57344 Flags: 0x9104000 Checksum: 0x2434c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rksample.sys 56. winachsf.sys<0xFCDBFAC8(13dcac0)>: BaseAddress: 0xFC715000 (259e000) EntryPoint: 0xFC77AFC0 Size: 450560 Flags: 0x9104000 Checksum: 0x9726c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\winachsf.sys 57. Modem.SYS<0xFCDBF6C8(13dc6c0)>: BaseAddress: 0xF0768000 (268c000) EntryPoint: 0xF076D6EA Size: 28672 Flags: 0x9104000 Checksum: 0x16f4a LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Modem.SYS 58. audstub.sys<0xFCDBEA88(13dba80)>: BaseAddress: 0xF0A45000 (2720000) EntryPoint: 0xF0A45500 Size: 4096 Flags: 0x9104000 Checksum: 0x8ef7 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\audstub.sys 59. rasl2tp.sys<0xFCD42AA8(135faa0)>: BaseAddress: 0xF04E0000 (26c5000) EntryPoint: 0xF04EB2A0 Size: 53248 Flags: 0x9104000 Checksum: 0x10dac LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rasl2tp.sys 60. ndistapi.sys<0xFCD23E08(1340e00)>: BaseAddress: 0xF08A8000 (26d6000) EntryPoint: 0xF08A96E2 Size: 12288 Flags: 0x9104000 Checksum: 0xe062 LoadCount: 2 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ndistapi.sys 61. ndiswan.sys<0xFCD23848(1340840)>: BaseAddress: 0xFC6FE000 (26ba000) EntryPoint: 0xFC711180 Size: 94208 Flags: 0x9104000 Checksum: 0x24edb LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ndiswan.sys 62. TDI.SYS<0xFCD7AEE8(1397ee0)>: BaseAddress: 0xF08B8000 (2761000) EntryPoint: 0xF08B87D0 Size: 16384 Flags: 0x9104000 Checksum: 0x1329d LoadCount: 10 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\TDI.SYS 63. raspptp.sys<0xFCD7B8E8(13988e0)>: BaseAddress: 0xF04F0000 (26f5000) EntryPoint: 0xF04FA6C0 Size: 49152 Flags: 0x9104000 Checksum: 0xe275 LoadCount: 1 Unknown1: 84 ImagePath: \SystemRoot\System32\DRIVERS\raspptp.sys 64. ptilink.sys<0xFCD7A328(1397320)>: BaseAddress: 0xF0788000 (274c000) EntryPoint: 0xF07882E0 Size: 20480 Flags: 0x9104000 Checksum: 0xf2be LoadCount: 2 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ptilink.sys 65. raspti.sys<0xFCDBD888(13da880)>: BaseAddress: 0xF0798000 (2738000) EntryPoint: 0xF079B240 Size: 20480 Flags: 0x9104000 Checksum: 0xfed0 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\raspti.sys 66. SonyiNet.sys<0xFCDBD2E8(13da2e0)>: BaseAddress: 0xF07A8000 (2766000) EntryPoint: 0xF07A8414 Size: 28672 Flags: 0x9104000 Checksum: 0x10386 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\SonyiNet.sys 67. parallel.sys<0xFCD79E68(1396e60)>: BaseAddress: 0xF0500000 (278d000) EntryPoint: 0xF0502BBE Size: 61440 Flags: 0x9104000 Checksum: 0x16ad6 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\parallel.sys 68. swenum.sys<0xFCD79548(1396540)>: BaseAddress: 0xF0A48000 (27a8000) EntryPoint: 0xF0A486A0 Size: 4096 Flags: 0x9104000 Checksum: 0x7716 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\swenum.sys 69. update.sys<0xFCD78E68(1395e60)>: BaseAddress: 0xFC6E4000 (2840000) EntryPoint: 0xFC6FCE60 Size: 106496 Flags: 0x9104000 Checksum: 0x209d8 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\update.sys 70. flpydisk.sys<0xFCD35668(1352660)>: BaseAddress: 0xF07C8000 (27db000) EntryPoint: 0xF07CBBA0 Size: 20480 Flags: 0x9104000 Checksum: 0xf1a2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\flpydisk.sys 71. usbhub.sys<0xFCD31648(134e640)>: BaseAddress: 0xF0540000 (2842000) EntryPoint: 0xF0540372 Size: 40960 Flags: 0x9104000 Checksum: 0xaef8 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\usbhub.sys 72. NDProxy.SYS<0xFCD1E7C8(133b7c0)>: BaseAddress: 0xF0550000 (287e000) EntryPoint: 0xF0558720 Size: 40960 Flags: 0x9104000 Checksum: 0x121c3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\NDProxy.SYS 73. SonyUSBL.sys<0xFCD682E8(13852e0)>: BaseAddress: 0xF0912000 (28ff000) EntryPoint: 0xF09122C0 Size: 8192 Flags: 0x9104000 Checksum: 0xf068 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\SonyUSBL.sys 74. USBSTOR.SYS<0xFCCF6D28(1313d20)>: BaseAddress: 0xF07D8000 (2942000) EntryPoint: 0xF07D9CA0 Size: 20480 Flags: 0x9104000 Checksum: 0x10fba LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\USBSTOR.SYS 75. Fs_Rec.SYS<0xFCD64968(1381960)>: BaseAddress: 0xF0916000 (296a000) EntryPoint: 0xF0917294 Size: 8192 Flags: 0x9104000 Checksum: 0xab4c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Fs_Rec.SYS 76. Null.SYS<0xFCCF3988(1310980)>: BaseAddress: 0xF0A4C000 (1) EntryPoint: 0xF0A4C47A Size: 4096 Flags: 0x9104000 Checksum: 0x23ce LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Null.SYS 77. Beep.SYS<0xFCD63008(1380000)>: BaseAddress: 0xF0A4F000 (2979000) EntryPoint: 0xF0A4F29A Size: 4096 Flags: 0x9104000 Checksum: 0xc54f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Beep.SYS 78. biosview.sys<0xFCD63F48(1380f40)>: BaseAddress: 0xF091A000 (297c000) EntryPoint: 0xF091A2E2 Size: 8192 Flags: 0x9104000 Checksum: 0x76f0 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\biosview.sys 79. vga.sys<0xFCD634E8(13804e0)>: BaseAddress: 0xF08D4000 (297e000) EntryPoint: 0xF08D6C40 Size: 16384 Flags: 0x9104000 Checksum: 0x1047d LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\drivers\vga.sys 80. mnmdd.SYS<0xFCD63428(1380420)>: BaseAddress: 0xF0A50000 (29c2000) EntryPoint: 0xF0A503A0 Size: 4096 Flags: 0x9104000 Checksum: 0xf6c2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\mnmdd.SYS 81. Msfs.SYS<0xFCD62AC8(137fac0)>: BaseAddress: 0xF07F8000 (29a8000) EntryPoint: 0xF07FBEDA Size: 24576 Flags: 0x9104000 Checksum: 0xe5fa LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Msfs.SYS 82. Npfs.SYS<0xFCCF29A8(130f9a0)>: BaseAddress: 0xF0560000 (2993000) EntryPoint: 0xF056790E Size: 36864 Flags: 0x9104000 Checksum: 0x17e60 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Npfs.SYS 83. UdfReadr.SYS<0xFCD61FA8(137efa0)>: BaseAddress: 0xF8371000 (29dc000) EntryPoint: 0xF8372722 Size: 208896 Flags: 0x1004000 Checksum: 0x38b5d LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\UdfReadr.SYS 84. rasacd.sys<0xFCCF0008(130d000)>: BaseAddress: 0xF0922000 (2a32000) EntryPoint: 0xF0923493 Size: 8192 Flags: 0x9104000 Checksum: 0xf369 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rasacd.sys 85. tcpip.sys<0xFCCF0508(130d500)>: BaseAddress: 0xF82E8000 (2a77000) EntryPoint: 0xF832E4CA Size: 323584 Flags: 0x9104000 Checksum: 0x56824 LoadCount: 3 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\tcpip.sys 86. msgpc.sys<0xFCCB1228(12ce220)>: BaseAddress: 0xF0570000 (2b0d000) EntryPoint: 0xF05702E0 Size: 36864 Flags: 0x9104000 Checksum: 0x17874 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\msgpc.sys 87. netbt.sys<0xFCCA9B48(12c6b40)>: BaseAddress: 0xF82C4000 (2b62000) EntryPoint: 0xF82E3F2E Size: 147456 Flags: 0x9104000 Checksum: 0x282d2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\netbt.sys 88. wanarp.sys<0xFCCA6D88(12c3d80)>: BaseAddress: 0xF06B0000 (2b6b000) EntryPoint: 0xF06B6266 Size: 32768 Flags: 0x9104000 Checksum: 0x9122 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\wanarp.sys 89. netbios.sys<0xFCCA61A8(12c31a0)>: BaseAddress: 0xF0580000 (2b74000) EntryPoint: 0xF0586E20 Size: 36864 Flags: 0x9104000 Checksum: 0xb5c1 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\netbios.sys 90. rdbss.sys<0xFCCB1A28(12cea20)>: BaseAddress: 0xF82A2000 (2bd4000) EntryPoint: 0xF82BFF20 Size: 139264 Flags: 0x9104000 Checksum: 0x2c2a9 LoadCount: 2 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rdbss.sys 91. mrxsmb.sys<0xFCC966A8(12b36a0)>: BaseAddress: 0xF8232000 (2c4e000) EntryPoint: 0xF8254DD6 Size: 385024 Flags: 0x9104000 Checksum: 0x69eb4 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\mrxsmb.sys 92. dump_WMILIB.SYS<0xFCC78E48(1295e40)>: BaseAddress: 0xF0A9C000 (33cb000) EntryPoint: 0xF0A9CAA0 Size: 4096 Flags: 0x9104000 Checksum: 0x8bfd LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\dump_WMILIB.SYS 93. dump_atapi.sys<0xFCC8E288(12ab280)>: BaseAddress: 0xF81F5000 (3355000) EntryPoint: 0xF82075BA Size: 86016 Flags: 0x9104000 Checksum: 0x1ad3f LoadCount: 1 Unknown1: 87 ImagePath: \SystemRoot\System32\Drivers\dump_atapi.sys 94. win32k.sys<0xFCC6EC28(128bc20)>: BaseAddress: 0xA0000000 (4156000) EntryPoint: 0xA0194C37 Size: 1728512 Flags: 0x9104000 Checksum: 0x1b02d1 LoadCount: 1 Unknown1: 0 ImagePath: \??\C:\WINNT\system32\win32k.sys 95. Vchnt5.DLL<0xFCC65EA8(1282ea0)>: BaseAddress: 0xFC793000 (34d9000) EntryPoint: 0xFC793300 Size: 12288 Flags: 0x9104000 Checksum: 0xfa01 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\Vchnt5.DLL 96. Ch7xxNT5.DLL<0xFCC657C8(12827c0)>: BaseAddress: 0xFC78B000 (1) EntryPoint: 0xFC78B300 Size: 16384 Flags: 0x9104000 Checksum: 0xb9b7 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\Ch7xxNT5.DLL 97. SiInt5.DLL<0xFCC654C8(12824c0)>: BaseAddress: 0xF0AA1000 (1) EntryPoint: 0xF0AA12E0 Size: 4096 Flags: 0x9104000 Checksum: 0x10943 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\SiInt5.DLL 98. atv01nt5.DLL<0xFCC64948(1281940)>: BaseAddress: 0xF0770000 (1) EntryPoint: 0xF0770300 Size: 24576 Flags: 0x9104000 Checksum: 0x6ccb LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv01nt5.DLL 99. adv01nt5.DLL<0xFCC63E08(1280e00)>: BaseAddress: 0xF0930000 (1) EntryPoint: 0xF09302E0 Size: 8192 Flags: 0x9104000 Checksum: 0xa1f2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\adv01nt5.DLL 100. atv02nt5.DLL<0xFCC636C8(12806c0)>: BaseAddress: 0xFC783000 (1) EntryPoint: 0xFC783300 Size: 12288 Flags: 0x9104000 Checksum: 0x4caf LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv02nt5.DLL 101. adv02nt5.DLL<0xFCC62F68(127ff60)>: BaseAddress: 0xF0AA4000 (1) EntryPoint: 0xF0AA42E0 Size: 4096 Flags: 0x9104000 Checksum: 0xcef8 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\adv02nt5.DLL 102. atv04nt5.DLL<0xFCC62828(127f820)>: BaseAddress: 0xF0780000 (1) EntryPoint: 0xF0780300 Size: 24576 Flags: 0x9104000 Checksum: 0xced3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv04nt5.DLL 103. adv05nt5.DLL<0xFCC620E8(127f0e0)>: BaseAddress: 0xF0AA7000 (1) EntryPoint: 0xF0AA72E0 Size: 4096 Flags: 0x9104000 Checksum: 0x4c3f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\adv05nt5.DLL 104. atv06nt5.DLL<0xFCC61D28(127ed20)>: BaseAddress: 0xF08A4000 (1) EntryPoint: 0xF08A4300 Size: 12288 Flags: 0x9104000 Checksum: 0x97ce LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv06nt5.DLL 105. i81xdnt5.dll<0xFCC60FA8(127dfa0)>: BaseAddress: 0xF8133000 (458f000) EntryPoint: 0xF8133320 Size: 663552 Flags: 0x9104000 Checksum: 0xa775c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\i81xdnt5.dll 106. afd.sys<0xFF2886C8(58916c0)>: BaseAddress: 0xF7FFD000 (5a3b000) EntryPoint: 0xF801784A Size: 122880 Flags: 0x9104000 Checksum: 0x2ce34 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\drivers\afd.sys 107. ParVdm.SYS<0xFF280FA8(5bfefa0)>: BaseAddress: 0xF0940000 (1) EntryPoint: 0xF0940900 Size: 8192 Flags: 0x9104000 Checksum: 0x770b LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\ParVdm.SYS 108. amosnt.sys<0xFF271068(5eb0060)>: BaseAddress: 0xF7F8A000 (5f30000) EntryPoint: 0xF7FAAD78 Size: 143360 Flags: 0x9104000 Checksum: 0x3dee3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\amosnt.sys 109. Aspi32.SYS<0xFF270EE8(6069ee0)>: BaseAddress: 0xF80E3000 (6136000) EntryPoint: 0xF80E348A Size: 16384 Flags: 0x1104000 Checksum: 0xc64f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Aspi32.SYS 110. fallback.sys<0xFF274848(5dce840)>: BaseAddress: 0xF7E7C000 (6260000) EntryPoint: 0xF7EBF958 Size: 286720 Flags: 0x9104000 Checksum: 0x74577 LoadCount: 1 Unknown1: 1582 ImagePath: \SystemRoot\System32\DRIVERS\fallback.sys 111. fsksnt.sys<0xFCD455E8(13625e0)>: BaseAddress: 0xF7E66000 (6219000) EntryPoint: 0xF7E7A938 Size: 90112 Flags: 0x9104000 Checksum: 0x32482 LoadCount: 1 Unknown1: 1602 ImagePath: \SystemRoot\System32\DRIVERS\fsksnt.sys 112. Ich.sys<0xFF25E2A8(63972a0)>: BaseAddress: 0xF05A0000 (638f000) EntryPoint: 0xF05AC638 Size: 57344 Flags: 0x9104000 Checksum: 0x20e7f LoadCount: 1 Unknown1: 1574 ImagePath: \SystemRoot\System32\DRIVERS\Ich.sys 113. k56nt.sys<0xFF25E628(6397620)>: BaseAddress: 0xF7E06000 (6518000) EntryPoint: 0xF7E62498 Size: 393216 Flags: 0x9104000 Checksum: 0xaf3ad LoadCount: 1 Unknown1: 1646 ImagePath: \SystemRoot\System32\DRIVERS\k56nt.sys 114. wdmaud.sys<0xFF250488(6797480)>: BaseAddress: 0xF7DF3000 (66ca000) EntryPoint: 0xF7DF68B8 Size: 77824 Flags: 0x9104000 Checksum: 0x183eb LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\wdmaud.sys 115. sysaudio.sys<0xFF24EA48(66c5a40)>: BaseAddress: 0xF80C3000 (66bd000) EntryPoint: 0xF80CD340 Size: 49152 Flags: 0x9104000 Checksum: 0xe409 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\sysaudio.sys 116. srv.sys<0xFF22CE68(7aefe60)>: BaseAddress: 0xF7CA4000 (7c64000) EntryPoint: 0xF7CDA0A0 Size: 241664 Flags: 0x9104000 Checksum: 0x3abee LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\srv.sys 117. faxnt.sys<0xFF2316A8(6f2d6a0)>: BaseAddress: 0xF7C73000 (a6f000) EntryPoint: 0xF7CA1B18 Size: 200704 Flags: 0x9104000 Checksum: 0x57808 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\faxnt.sys 118. tonesnt.sys<0xFF224CA8(a41ca0)>: BaseAddress: 0xF7EE2000 (cf1000) EntryPoint: 0xF7EECEB8 Size: 53248 Flags: 0x9104000 Checksum: 0x18925 LoadCount: 1 Unknown1: 35 ImagePath: \SystemRoot\System32\DRIVERS\tonesnt.sys 119. v124nt.sys<0xFF223508(8e6500)>: BaseAddress: 0xF7BD8000 (e8c000) EntryPoint: 0xF7C46698 Size: 471040 Flags: 0x9104000 Checksum: 0xc7564 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\v124nt.sys 120. Cdfs.SYS<0xFF225788(9be780)>: BaseAddress: 0xF7ED2000 (225000) EntryPoint: 0xF7EDF1A0 Size: 61440 Flags: 0x9104000 Checksum: 0x1296d LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Cdfs.SYS 121. ipsec.sys<0xFF29CD68(5273d60)>: BaseAddress: 0xF7AFB000 (3d72000) EntryPoint: 0xF7B0DCE6 Size: 86016 Flags: 0x9104000 Checksum: 0x21cb3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ipsec.sys 122. dfrwsdrv.sys<0xFF178B08(4075b00)>: BaseAddress: 0xF0A18000 (3e10000) EntryPoint: 0xF0A18718 Size: 4096 Flags: 0x9104000 Checksum: 0xb8ac LoadCount: 1 Unknown1: 0 ImagePath: \??\c:\winnt\system32\dfrwsdrv.sys 123. kmixer.sys<0xFF1B6D08(5425d00)>: BaseAddress: 0xF771B000 (6bb2000) EntryPoint: 0xF772C1B3 Size: 147456 Flags: 0x9104000 Checksum: 0x2ef53 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\kmixer.sys 124. ATMFD.DLL<0xFF10BE48(464de40)>: BaseAddress: 0xF76D4000 (1) EntryPoint: 0xF76D6E3A Size: 290816 Flags: 0x9104000 Checksum: 0x4f552 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\ATMFD.DLL Unloaded System Modules: 0x80480418 (0x480418) 1. (0x0): BaseAddress: 0x00000000 ImageEnd: 0x00000000 Unknown1: 0x0 Unknown2: 0x0 2. kmixer.sys(0x611ef28): BaseAddress: 0xF79BF000 ImageEnd: 0xF79E3000 Unknown1: 0x6651f7a0 Unknown2: 0x1c56966 3. kmixer.sys(0x1914448): BaseAddress: 0xF7D07000 ImageEnd: 0xF7D2B000 Unknown1: 0x29370d30 Unknown2: 0x1c56966 4. DMusic.sys(0x6914c08): BaseAddress: 0xF8093000 ImageEnd: 0xF80A0000 Unknown1: 0x27466d40 Unknown2: 0x1c56966 5. swmidi.sys(0x5891448): BaseAddress: 0xF80A3000 ImageEnd: 0xF80B0000 Unknown1: 0x2575e440 Unknown2: 0x1c56966 6. VGA.dll(0x127e488): BaseAddress: 0xF81C0000 ImageEnd: 0xF81D5000 Unknown1: 0x170700e0 Unknown2: 0x1c56966 7. i81xdnt5.dll(0x127ede8): BaseAddress: 0xF8133000 ImageEnd: 0xF81D5000 Unknown1: 0x1703f280 Unknown2: 0x1c56966 8. redbook.sys(0x130eda8): BaseAddress: 0xF0590000 ImageEnd: 0xF0599000 Unknown1: 0x13fa2810 Unknown2: 0x1c56966 Drivers: \Driver\WMI<0xFCDF4C30(1411c30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0xFCDF46D8 DriverInit: 0x80561536 \WINNT\System32\ntoskrnl.exe DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80512A98 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80512AD8 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x804B1C53 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80512B8C \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80512FB6 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: \Driver\WMI \Driver\KSecDD<0xFCD4C750(1369750)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25928 KSecDD.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9528BE KSecDD.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC94BA3A KSecDD.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC94BA3A KSecDD.sys IRP_MJ_READ: 0xFC94BA3A KSecDD.sys IRP_MJ_WRITE: 0xFC94BA3A KSecDD.sys IRP_MJ_QUERY_INFORMATION: 0xFC94BA3A KSecDD.sys IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC94BA3A KSecDD.sys IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC94BA3A KSecDD.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: KSecDD \Driver\NDIS<0xFCD828F0(139f8f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE258A8 NDIS.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC93FF1E NDIS.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC91F196 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC91F196 NDIS.sys IRP_MJ_CLOSE: 0xFC91F196 NDIS.sys IRP_MJ_READ: 0xFC91F196 NDIS.sys IRP_MJ_WRITE: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_EA: 0xFC91F196 NDIS.sys IRP_MJ_SET_EA: 0xFC91F196 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC91F196 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_CLEANUP: 0xFC91F196 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC91F196 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC91F196 NDIS.sys IRP_MJ_POWER: 0xFC91F196 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC91F196 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC91F196 NDIS.sys IRP_MJ_PNP: 0xFC91F196 NDIS.sys AddDevice: 0x00000000 ServiceKeyName: NDIS \Driver\Beep<0xFCD63E70(1380e70)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD63008 \SystemRoot\System32\Drivers\Beep.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0A4F29A \SystemRoot\System32\Drivers\Beep.SYS DriverStartIo: 0xF0A4F572 \SystemRoot\System32\Drivers\Beep.SYS DriverUnload: 0xF0A4F67E \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_CREATE: 0xF0A4F4C0 \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A4F50E \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0A4F456 \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0A4F39E \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Beep \Driver\V124<0xFF1F6D10(35cd10)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF223508 \SystemRoot\System32\DRIVERS\v124nt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7C46698 \SystemRoot\System32\DRIVERS\v124nt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7BE3A60 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_CREATE: 0xF7BE3B00 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7BE3B00 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_READ: 0xF7BE3B00 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: V124 \Driver\Raspti<0xFCDBD6F0(13da6f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBD888 \SystemRoot\System32\DRIVERS\raspti.sys FastIoDispatch: 0x00000000 DriverInit: 0xF079B240 \SystemRoot\System32\DRIVERS\raspti.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: Raspti \Driver\Mouclass<0xFCDC4270(13e1270)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC4448 \SystemRoot\System32\DRIVERS\mouclass.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06F34E4 \SystemRoot\System32\DRIVERS\mouclass.sys DriverStartIo: 0xF06F0C7C \SystemRoot\System32\DRIVERS\mouclass.sys DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF06F058C \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF06F0808 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_READ: 0xF06F0A38 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF06F04F2 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF06F2466 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06F2080 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF06F04B6 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF06F2F92 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_SYSTEM_CONTROL: 0xF06F3270 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF06F1026 \SystemRoot\System32\DRIVERS\mouclass.sys AddDevice: 0xF06F2142 \SystemRoot\System32\DRIVERS\mouclass.sys ServiceKeyName: Mouclass \Driver\Diskperf<0xFCD86970(13a3970)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25008 Diskperf.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09032C0 Diskperf.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0902EC2 Diskperf.sys IRP_MJ_CREATE: 0xF09023B6 Diskperf.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF09022F6 Diskperf.sys IRP_MJ_CLOSE: 0xF09022F6 Diskperf.sys IRP_MJ_READ: 0xF09023CC Diskperf.sys IRP_MJ_WRITE: 0xF09023CC Diskperf.sys IRP_MJ_QUERY_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_SET_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_QUERY_EA: 0xF09022F6 Diskperf.sys IRP_MJ_SET_EA: 0xF09022F6 Diskperf.sys IRP_MJ_FLUSH_BUFFERS: 0xF090268A Diskperf.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_DIRECTORY_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_DEVICE_CONTROL: 0xF090256E Diskperf.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_SHUTDOWN: 0xF090268A Diskperf.sys IRP_MJ_LOCK_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_CLEANUP: 0xF09022F6 Diskperf.sys IRP_MJ_CREATE_MAILSLOT: 0xF09022F6 Diskperf.sys IRP_MJ_QUERY_SECURITY: 0xF09022F6 Diskperf.sys IRP_MJ_SET_SECURITY: 0xF09022F6 Diskperf.sys IRP_MJ_POWER: 0xF0902314 Diskperf.sys IRP_MJ_SYSTEM_CONTROL: 0xF0902DCA Diskperf.sys IRP_MJ_DEVICE_CHANGE: 0xF09022F6 Diskperf.sys IRP_MJ_QUERY_QUOTA: 0xF09022F6 Diskperf.sys IRP_MJ_SET_QUOTA: 0xF09022F6 Diskperf.sys IRP_MJ_PNP: 0xF0902C26 Diskperf.sys AddDevice: 0xF0902AFA Diskperf.sys ServiceKeyName: Diskperf \Driver\Kbdclass<0xFCD809B0(139d9b0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD80B88 \SystemRoot\System32\DRIVERS\kbdclass.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06E3E64 \SystemRoot\System32\DRIVERS\kbdclass.sys DriverStartIo: 0xF06E0D58 \SystemRoot\System32\DRIVERS\kbdclass.sys DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF06E066E \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF06E08EC \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_READ: 0xF06E0B1C \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF06E05D4 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF06E28EC \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06E2380 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF06E04B6 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF06E35E2 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_SYSTEM_CONTROL: 0xF06E3BFE \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF06E1168 \SystemRoot\System32\DRIVERS\kbdclass.sys AddDevice: 0xF06E2494 \SystemRoot\System32\DRIVERS\kbdclass.sys ServiceKeyName: Kbdclass \Driver\Compbatt<0xFCD308D0(134d8d0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26D68 compbatt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0815900 compbatt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0814DC0 compbatt.sys IRP_MJ_CREATE: 0xF081445C compbatt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF081445C compbatt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0814DC8 compbatt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0814930 compbatt.sys IRP_MJ_SYSTEM_CONTROL: 0xF0814476 compbatt.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0814872 compbatt.sys AddDevice: 0xF081432E compbatt.sys ServiceKeyName: Compbatt \Driver\NDProxy<0xFCD1E630(133b630)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD1E7C8 \SystemRoot\System32\Drivers\NDProxy.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0558720 \SystemRoot\System32\Drivers\NDProxy.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF0550506 \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_CREATE: 0xF0550604 \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0550604 \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF055061E \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: NDProxy \Driver\VgaSave<0xFCD63350(1380350)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD634E8 \SystemRoot\System32\drivers\vga.sys FastIoDispatch: 0x00000000 DriverInit: 0xF08D6C40 \SystemRoot\System32\drivers\vga.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04886C4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: VgaSave \Driver\MountMgr<0xFCD4DD50(136ad50)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25D88 MountMgr.sys FastIoDispatch: 0x00000000 DriverInit: 0xF068E160 MountMgr.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF068C622 MountMgr.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF068C622 MountMgr.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF068DEB6 MountMgr.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0688658 MountMgr.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: MountMgr \Driver\Ptilink<0xFCD7A190(1397190)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7A328 \SystemRoot\System32\DRIVERS\ptilink.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07882E0 \SystemRoot\System32\DRIVERS\ptilink.sys DriverStartIo: 0x00000000 DriverUnload: 0xF07894AC \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_CREATE: 0xF0788E1A \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07890B8 \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_READ: 0xF078930A \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_WRITE: 0xF0789298 \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0789404 \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Ptilink \Driver\SonyUSBL<0xFCD68030(1385030)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD682E8 \SystemRoot\System32\DRIVERS\SonyUSBL.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09122C0 \SystemRoot\System32\DRIVERS\SonyUSBL.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0912308 \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CREATE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CLOSE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_READ: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_WRITE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_EA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_EA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_FLUSH_BUFFERS: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_DIRECTORY_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_DEVICE_CONTROL: 0xF091267A \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF091267A \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SHUTDOWN: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_LOCK_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CLEANUP: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CREATE_MAILSLOT: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_SECURITY: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_SECURITY: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_POWER: 0xF0912598 \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SYSTEM_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_DEVICE_CHANGE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_QUOTA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_QUOTA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_PNP: 0xF0912442 \SystemRoot\System32\DRIVERS\SonyUSBL.sys AddDevice: 0xF0912322 \SystemRoot\System32\DRIVERS\SonyUSBL.sys ServiceKeyName: SonyUSBL \Driver\wdmaud<0xFF26D530(5f3a530)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF250488 \SystemRoot\system32\drivers\wdmaud.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7DF68B8 \SystemRoot\system32\drivers\wdmaud.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7DFF56B \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_CREATE: 0xF7DF939D \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7DF883C \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF7DF71A1 \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF7DF8666 \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC80CA6A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC81682C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF7DFE18E \SystemRoot\system32\drivers\wdmaud.sys AddDevice: 0xF7DF6920 \SystemRoot\system32\drivers\wdmaud.sys ServiceKeyName: wdmaud \Driver\ohci1394<0xFCD85AD0(13a2ad0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26E88 ohci1394.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04273E0 ohci1394.sys DriverStartIo: 0xF04215AA ohci1394.sys DriverUnload: 0xF04202C0 ohci1394.sys IRP_MJ_CREATE: 0xF0430300 \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0430300 \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0420D1A ohci1394.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF043031A \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0432EEA \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_SYSTEM_CONTROL: 0xF04276EA ohci1394.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04364C1 \WINNT\System32\DRIVERS\1394BUS.SYS AddDevice: 0xF0427426 ohci1394.sys ServiceKeyName: ohci1394 \Driver\Aspi32<0xFF270D10(6069d10)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF270EE8 \SystemRoot\System32\Drivers\Aspi32.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF80E348A \SystemRoot\System32\Drivers\Aspi32.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF80E58BC \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_CREATE: 0xF80E3F98 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF80E43E4 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF80E3FB2 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF80E43B2 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Aspi32 \Driver\SoftFax<0xFF24BD10(66ead10)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF2316A8 \SystemRoot\System32\DRIVERS\faxnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7CA1B18 \SystemRoot\System32\DRIVERS\faxnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7C75B10 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_CREATE: 0xF7C75BB0 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7C75BB0 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_READ: 0xF7C75BB0 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: SoftFax \Driver\isapnp<0xFCD53C90(1370c90)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F08 isapnp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0419A80 isapnp.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04140E0 isapnp.sys IRP_MJ_CREATE: 0xF0414322 isapnp.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0414322 isapnp.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04142E8 isapnp.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF041337F isapnp.sys IRP_MJ_SYSTEM_CONTROL: 0xF04142E8 isapnp.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0414262 isapnp.sys AddDevice: 0xF04140E4 isapnp.sys ServiceKeyName: isapnp \Driver\atapi<0xFCD4DA50(136aa50)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25CE8 atapi.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC99B5BA atapi.sys DriverStartIo: 0xFC98EC44 atapi.sys DriverUnload: 0xFC998A00 atapi.sys IRP_MJ_CREATE: 0xFC992BFA atapi.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC992BFA atapi.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC992C10 atapi.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC98E6BE atapi.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC992C30 atapi.sys IRP_MJ_SYSTEM_CONTROL: 0xFC998984 atapi.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC998956 atapi.sys AddDevice: 0xFC996D76 atapi.sys ServiceKeyName: atapi \Driver\E100B<0xFCD445B0(13615b0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD446E8 \SystemRoot\System32\DRIVERS\e100bnt5.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC89B7B8 \SystemRoot\System32\DRIVERS\e100bnt5.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: E100B \Driver\K56<0xFF25C6D0(64a76d0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25E628 \SystemRoot\System32\DRIVERS\k56nt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7E62498 \SystemRoot\System32\DRIVERS\k56nt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7E0E560 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_CREATE: 0xF7E0E600 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7E0E600 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_READ: 0xF7E0E600 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: K56 \Driver\USBSTOR<0xFCCF6BF0(1313bf0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF6D28 \SystemRoot\System32\DRIVERS\USBSTOR.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF07D9CA0 \SystemRoot\System32\DRIVERS\USBSTOR.SYS DriverStartIo: 0xF07D86AE \SystemRoot\System32\DRIVERS\USBSTOR.SYS DriverUnload: 0xF07D9D06 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_CREATE: 0xF07DBF08 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07DBF08 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_READ: 0xF07DBF22 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_WRITE: 0xF07DBF22 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF07DB486 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF07D8422 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF07D9E40 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_SYSTEM_CONTROL: 0xF07D9F2C \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF07D9F70 \SystemRoot\System32\DRIVERS\USBSTOR.SYS AddDevice: 0xF07D9D0A \SystemRoot\System32\DRIVERS\USBSTOR.SYS ServiceKeyName: USBSTOR \Driver\DFRWSDRV2005<0xFF25D890(639b890)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF178B08 \??\c:\winnt\system32\dfrwsdrv.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0A18718 \??\c:\winnt\system32\dfrwsdrv.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0A18692 \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_CREATE: 0xF0A1840A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A1840A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_READ: 0xF0A1840A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_WRITE: 0xF0A1840A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0A18424 \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: DFRWSDRV2005 \Driver\dmio<0xFCD86870(13a3870)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25FA8 dmio.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9A0824 dmio.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC9A0D18 dmio.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC9A0DCC dmio.sys IRP_MJ_READ: 0xFC9A0E4C dmio.sys IRP_MJ_WRITE: 0xFC9A0EA6 dmio.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC9A14C6 dmio.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC9A0F90 dmio.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9A1F3E dmio.sys IRP_MJ_SHUTDOWN: 0xFC9A14C6 dmio.sys IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC9A1ED0 dmio.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC9A18FC dmio.sys AddDevice: 0xFC9A1814 dmio.sys ServiceKeyName: dmio \Driver\RasAcd<0xFCCF0BB0(130dbb0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF0008 \SystemRoot\System32\DRIVERS\rasacd.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0923493 \SystemRoot\System32\DRIVERS\rasacd.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CLOSE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_READ: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_WRITE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_EA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_EA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_FLUSH_BUFFERS: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_DIRECTORY_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_DEVICE_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SHUTDOWN: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_LOCK_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CLEANUP: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CREATE_MAILSLOT: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_SECURITY: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_SECURITY: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_POWER: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SYSTEM_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_DEVICE_CHANGE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_QUOTA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_QUOTA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: RasAcd \Driver\uhcd<0xFCD7DCD0(139acd0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7E0C8 \SystemRoot\System32\DRIVERS\uhcd.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07302E0 \SystemRoot\System32\DRIVERS\uhcd.sys DriverStartIo: 0xF0731A22 \SystemRoot\System32\DRIVERS\uhcd.sys DriverUnload: 0xF07306FE \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_CREATE: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_SYSTEM_CONTROL: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys AddDevice: 0xF0730702 \SystemRoot\System32\DRIVERS\uhcd.sys ServiceKeyName: uhcd \Driver\audstub<0xFCDBE8F0(13db8f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBEA88 \SystemRoot\System32\DRIVERS\audstub.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0A45500 \SystemRoot\System32\DRIVERS\audstub.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0A454C8 \SystemRoot\System32\DRIVERS\audstub.sys IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0A4542E \SystemRoot\System32\DRIVERS\audstub.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0A453B4 \SystemRoot\System32\DRIVERS\audstub.sys AddDevice: 0xF0A45360 \SystemRoot\System32\DRIVERS\audstub.sys ServiceKeyName: audstub \Driver\Win32k<0xFF29FB30(516db30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0xA000A8ED \??\C:\WINNT\system32\win32k.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: \Driver\Win32k \Driver\winachsf<0xFCDBF950(13dc950)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBFAC8 \SystemRoot\System32\DRIVERS\winachsf.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC77AFC0 \SystemRoot\System32\DRIVERS\winachsf.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC776EFC \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_CREATE: 0xFC775890 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC775DBA \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_READ: 0xFC77608A \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_WRITE: 0xFC77611A \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_QUERY_INFORMATION: 0xFC775FF6 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_SET_INFORMATION: 0xFC77605C \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC776174 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC7761B4 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC77A636 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xFC775F42 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC77988E \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC77914A \SystemRoot\System32\DRIVERS\winachsf.sys AddDevice: 0xFC7787D4 \SystemRoot\System32\DRIVERS\winachsf.sys ServiceKeyName: winachsf \Driver\swenum<0xFCD793B0(13963b0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD79548 \SystemRoot\System32\DRIVERS\swenum.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0A486A0 \SystemRoot\System32\DRIVERS\swenum.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0A482C0 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_CREATE: 0xF0A485A2 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A4865C \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0A48606 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0A482E0 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_SYSTEM_CONTROL: 0xF0A482C4 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0A484E2 \SystemRoot\System32\DRIVERS\swenum.sys AddDevice: 0xF0A48476 \SystemRoot\System32\DRIVERS\swenum.sys ServiceKeyName: swenum \Driver\usbhub<0xFCD353D0(13523d0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD31648 \SystemRoot\System32\DRIVERS\usbhub.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0540372 \SystemRoot\System32\DRIVERS\usbhub.sys DriverStartIo: 0x00000000 DriverUnload: 0xF05406B4 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_CREATE: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_SYSTEM_CONTROL: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys AddDevice: 0xF0541168 \SystemRoot\System32\DRIVERS\usbhub.sys ServiceKeyName: usbhub \Driver\Update<0xFCD78CD0(1395cd0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD78E68 \SystemRoot\System32\DRIVERS\update.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC6FCE60 \SystemRoot\System32\DRIVERS\update.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC6E4D36 \SystemRoot\System32\DRIVERS\update.sys IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC6E4C3A \SystemRoot\System32\DRIVERS\update.sys IRP_MJ_SYSTEM_CONTROL: 0xFC6E4D0A \SystemRoot\System32\DRIVERS\update.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC6E45E0 \SystemRoot\System32\DRIVERS\update.sys AddDevice: 0xFC6E4677 \SystemRoot\System32\DRIVERS\update.sys ServiceKeyName: Update \Driver\Ftdisk<0xFCD86C10(13a3c10)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27D28 ftdisk.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9D91D8 ftdisk.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9CB450 ftdisk.sys IRP_MJ_CREATE: 0xFC9C04D4 ftdisk.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0xFC9C0A2E ftdisk.sys IRP_MJ_WRITE: 0xFC9C0A2E ftdisk.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC9C0D7A ftdisk.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC9C9FB2 ftdisk.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9C86B4 ftdisk.sys IRP_MJ_SHUTDOWN: 0xFC9C0D7A ftdisk.sys IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xFC9C105A ftdisk.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC9C0784 ftdisk.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC9CB45E ftdisk.sys AddDevice: 0x00000000 ServiceKeyName: Ftdisk \Driver\smwdm<0xFCDC0770(13dd770)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC0E08 \SystemRoot\system32\drivers\smwdm.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC88BE78 \SystemRoot\system32\drivers\smwdm.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC83908D \SystemRoot\system32\drivers\portcls.sys IRP_MJ_CREATE: 0xFC88B5C4 \SystemRoot\system32\drivers\smwdm.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC88B5C4 \SystemRoot\system32\drivers\smwdm.sys IRP_MJ_READ: 0xFC8172F6 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_WRITE: 0xFC81733C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC817382 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC88B538 \SystemRoot\system32\drivers\smwdm.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0xFC81829A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SET_SECURITY: 0xFC8182C4 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_POWER: 0xFC8421F6 \SystemRoot\system32\drivers\portcls.sys IRP_MJ_SYSTEM_CONTROL: 0xFC83FA6A \SystemRoot\system32\drivers\portcls.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC83CC7C \SystemRoot\system32\drivers\portcls.sys AddDevice: 0xFC88C000 \SystemRoot\system32\drivers\smwdm.sys ServiceKeyName: smwdm \Driver\Modem<0xFCDBF590(13dc590)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBF6C8 \SystemRoot\System32\Drivers\Modem.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF076D6EA \SystemRoot\System32\Drivers\Modem.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF0769320 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_CREATE: 0xF076A0D6 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF076A15C \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_READ: 0xF076C106 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_WRITE: 0xF076C070 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_QUERY_INFORMATION: 0xF076AC20 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_SET_INFORMATION: 0xF076AC20 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF076AC20 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF076AE08 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF076BF6A \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF076925E \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_SYSTEM_CONTROL: 0xF076A996 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0769563 \SystemRoot\System32\Drivers\Modem.SYS AddDevice: 0xF0769336 \SystemRoot\System32\Drivers\Modem.SYS ServiceKeyName: Modem \Driver\sysaudio<0xFF25B4D0(65b94d0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24EA48 \SystemRoot\system32\drivers\sysaudio.sys FastIoDispatch: 0x00000000 DriverInit: 0xF80CD340 \SystemRoot\system32\drivers\sysaudio.sys DriverStartIo: 0x00000000 DriverUnload: 0xF80CB084 \SystemRoot\system32\drivers\sysaudio.sys IRP_MJ_CREATE: 0xFC817186 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC81739E \SystemRoot\system32\drivers\KS.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0xFC81733C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC818272 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC80CA6A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC81682C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF80CA2A8 \SystemRoot\system32\drivers\sysaudio.sys AddDevice: 0xF80C6C45 \SystemRoot\system32\drivers\sysaudio.sys ServiceKeyName: sysaudio \Driver\Fdc<0xFCD7E7F0(139b7f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7E988 \SystemRoot\System32\DRIVERS\fdc.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0724F30 \SystemRoot\System32\DRIVERS\fdc.sys DriverStartIo: 0xF0722C6E \SystemRoot\System32\DRIVERS\fdc.sys DriverUnload: 0xF07202E0 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_CREATE: 0xF0722518 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0722518 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0722534 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0722572 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0720BA2 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0720408 \SystemRoot\System32\DRIVERS\fdc.sys AddDevice: 0xF07202F8 \SystemRoot\System32\DRIVERS\fdc.sys ServiceKeyName: Fdc \Driver\Rasl2tp<0xFCD42910(135f910)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD42AA8 \SystemRoot\System32\DRIVERS\rasl2tp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04EB2A0 \SystemRoot\System32\DRIVERS\rasl2tp.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: Rasl2tp \Driver\AmosNT<0xFF271750(5eb0750)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF271068 \SystemRoot\System32\DRIVERS\amosnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7FAAD78 \SystemRoot\System32\DRIVERS\amosnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7F8C010 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_CREATE: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_READ: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_WRITE: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: AmosNT \Driver\Ich<0xFF25E170(6397170)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25E2A8 \SystemRoot\System32\DRIVERS\Ich.sys FastIoDispatch: 0x00000000 DriverInit: 0xF05AC638 \SystemRoot\System32\DRIVERS\Ich.sys DriverStartIo: 0x00000000 DriverUnload: 0xF05A0420 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_CREATE: 0xF05A04C0 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF05A04C0 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_READ: 0xF05A04C0 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Ich \Driver\ACPIEC<0xFCDC7B50(13e4b50)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25E88 ACPIEC.sys FastIoDispatch: 0x00000000 DriverInit: 0xF081A280 ACPIEC.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0819B97 ACPIEC.sys IRP_MJ_CREATE: 0xF0819C78 ACPIEC.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0819C78 ACPIEC.sys IRP_MJ_READ: 0xF08182E0 ACPIEC.sys IRP_MJ_WRITE: 0xF08182E0 ACPIEC.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF08183FE ACPIEC.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0819CBE ACPIEC.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF08183BA ACPIEC.sys IRP_MJ_SYSTEM_CONTROL: 0xF08183FE ACPIEC.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF081899A ACPIEC.sys AddDevice: 0xF0818633 ACPIEC.sys ServiceKeyName: ACPIEC \Driver\ParVdm<0xFF279D90(5d1fd90)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF280FA8 \SystemRoot\System32\Drivers\ParVdm.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0940900 \SystemRoot\System32\Drivers\ParVdm.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF0940712 \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_CREATE: 0xF09404E8 \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF094058A \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF094063E \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: ParVdm \Driver\Fallback<0xFF2749F0(5dce9f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF274848 \SystemRoot\System32\DRIVERS\fallback.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7EBF958 \SystemRoot\System32\DRIVERS\fallback.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7E81070 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_CREATE: 0xF7E81110 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7E81110 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_READ: 0xF7E81110 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Fallback \Driver\ACPI_HAL<0xFCDF4D30(1411d30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0x8006CEFE \WINNT\System32\hal.dll DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x8006A876 \WINNT\System32\hal.dll IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x8006D016 \WINNT\System32\hal.dll AddDevice: 0x8006CF5A \WINNT\System32\hal.dll ServiceKeyName: \Driver\ACPI_HAL \Driver\serenum<0xFCD7FD50(139cd50)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7FFA8 \SystemRoot\System32\DRIVERS\serenum.sys FastIoDispatch: 0x00000000 DriverInit: 0xF089E9C0 \SystemRoot\System32\DRIVERS\serenum.sys DriverStartIo: 0x00000000 DriverUnload: 0xF089D606 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CREATE: 0xF089C4EA \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CLOSE: 0xF089C4EA \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_READ: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_WRITE: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_EA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_EA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_FLUSH_BUFFERS: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_DIRECTORY_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_DEVICE_CONTROL: 0xF089C608 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF089C75C \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SHUTDOWN: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_LOCK_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CLEANUP: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CREATE_MAILSLOT: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_SECURITY: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_SECURITY: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_POWER: 0xF089C8D8 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SYSTEM_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_DEVICE_CHANGE: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_QUOTA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_QUOTA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_PNP: 0xF089CDF4 \SystemRoot\System32\DRIVERS\serenum.sys AddDevice: 0xF089CC80 \SystemRoot\System32\DRIVERS\serenum.sys ServiceKeyName: serenum \Driver\PptpMiniport<0xFCD7AD50(1397d50)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7B8E8 \SystemRoot\System32\DRIVERS\raspptp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04FA6C0 \SystemRoot\System32\DRIVERS\raspptp.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: PptpMiniport \Driver\NetBT<0xFCCA9F30(12c6f30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCA9B48 \SystemRoot\System32\DRIVERS\netbt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF82E3F2E \SystemRoot\System32\DRIVERS\netbt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF82DFF34 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_CREATE: 0xF82DCE74 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF82DD552 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF82DD5DB \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82C58FD \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF82DD298 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF82CBE01 \SystemRoot\System32\DRIVERS\netbt.sys AddDevice: 0x00000000 ServiceKeyName: NetBT \Driver\PCIIde<0xFCDC9270(13e6270)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27F48 PCIIde.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09C92C0 PCIIde.sys DriverStartIo: 0x00000000 DriverUnload: 0xF06841A4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06840D4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0680886 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0684088 \WINNT\System32\Drivers\PCIIDEX.SYS AddDevice: 0xF0681BB2 \WINNT\System32\Drivers\PCIIDEX.SYS ServiceKeyName: PCIIde \Driver\va16w2<0xFCD497F0(13667f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25B48 va16w2.sys FastIoDispatch: 0x00000000 DriverInit: 0xF069B246 va16w2.sys DriverStartIo: 0xFC9785E0 \WINNT\System32\DRIVERS\SCSIPORT.SYS DriverUnload: 0xFC982396 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS AddDevice: 0xFC98232C \WINNT\System32\DRIVERS\SCSIPORT.SYS ServiceKeyName: va16w2 \Driver\Cdrom<0xFCD26210(1343210)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD26348 \SystemRoot\System32\DRIVERS\cdrom.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06D5980 \SystemRoot\System32\DRIVERS\cdrom.sys DriverStartIo: 0xF0452BAF \WINNT\System32\DRIVERS\CLASSPNP.SYS DriverUnload: 0xF0454A1C \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_READ: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_WRITE: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04520DB \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0452A77 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SHUTDOWN: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF045331D \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SYSTEM_CONTROL: 0xF0456152 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0454AA3 \WINNT\System32\DRIVERS\CLASSPNP.SYS AddDevice: 0xF0454A52 \WINNT\System32\DRIVERS\CLASSPNP.SYS ServiceKeyName: Cdrom \Driver\Tones<0xFF20B930(ee2930)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF224CA8 \SystemRoot\System32\DRIVERS\tonesnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7EECEB8 \SystemRoot\System32\DRIVERS\tonesnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7EE2E00 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_CREATE: 0xF7EE2EA0 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7EE2EA0 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_READ: 0xF7EE2EA0 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Tones \Driver\kmixer<0xFF175F30(4535f30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF1B6D08 \SystemRoot\system32\drivers\kmixer.sys FastIoDispatch: 0x00000000 DriverInit: 0xF772C1B3 \SystemRoot\system32\drivers\kmixer.sys DriverStartIo: 0x00000000 DriverUnload: 0xF772E049 \SystemRoot\system32\drivers\kmixer.sys IRP_MJ_CREATE: 0xFC817186 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC81739E \SystemRoot\system32\drivers\KS.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0xFC81733C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC818272 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC80CA6A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC81682C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF772875A \SystemRoot\system32\drivers\kmixer.sys AddDevice: 0xF772C531 \SystemRoot\system32\drivers\kmixer.sys ServiceKeyName: kmixer \Driver\Pcmcia<0xFCD86030(13a3030)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27DA8 pcmcia.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9F4A1C pcmcia.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9F12B6 pcmcia.sys IRP_MJ_CREATE: 0xFC9DD946 pcmcia.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC9DD946 pcmcia.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC9DD946 pcmcia.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0xFC9DD946 pcmcia.sys IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xFC9DD946 pcmcia.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC9DD946 pcmcia.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9DD946 pcmcia.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC9DD946 pcmcia.sys AddDevice: 0xFC9F0D32 pcmcia.sys ServiceKeyName: Pcmcia \Driver\va32w2<0xFCD49A70(1366a70)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25C68 va32w2.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0693FCE va32w2.sys DriverStartIo: 0xFC9785E0 \WINNT\System32\DRIVERS\SCSIPORT.SYS DriverUnload: 0xFC982396 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS AddDevice: 0xFC98232C \WINNT\System32\DRIVERS\SCSIPORT.SYS ServiceKeyName: va32w2 \Driver\SNC<0xFCD246F0(13416f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD24888 \SystemRoot\System32\Drivers\SonyNC.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06FBE72 \SystemRoot\System32\Drivers\SonyNC.sys DriverStartIo: 0xF06F8CF5 \SystemRoot\System32\Drivers\SonyNC.sys DriverUnload: 0xF06F8CAE \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_CREATE: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_READ: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_WRITE: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys AddDevice: 0xF06F8D08 \SystemRoot\System32\Drivers\SonyNC.sys ServiceKeyName: SNC \Driver\mnmdd<0xFCD62C10(137fc10)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD63428 \SystemRoot\System32\Drivers\mnmdd.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0A503A0 \SystemRoot\System32\Drivers\mnmdd.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF04886C4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: mnmdd \Driver\Tcpip<0xFCCF0370(130d370)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF0508 \SystemRoot\System32\DRIVERS\tcpip.sys FastIoDispatch: 0x00000000 DriverInit: 0xF832E4CA \SystemRoot\System32\DRIVERS\tcpip.sys DriverStartIo: 0x00000000 DriverUnload: 0xF831B604 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CREATE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CLOSE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_READ: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_WRITE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_EA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_EA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_FLUSH_BUFFERS: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_DIRECTORY_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_DEVICE_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82E997F \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SHUTDOWN: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_LOCK_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CLEANUP: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CREATE_MAILSLOT: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_SECURITY: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_SECURITY: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_POWER: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SYSTEM_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_DEVICE_CHANGE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_QUOTA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_QUOTA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_PNP: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys AddDevice: 0x00000000 ServiceKeyName: Tcpip \Driver\Wanarp<0xFCCA5D10(12c2d10)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCA6D88 \SystemRoot\System32\DRIVERS\wanarp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06B6266 \SystemRoot\System32\DRIVERS\wanarp.sys DriverStartIo: 0x00000000 DriverUnload: 0xF06B5C96 \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CREATE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CLOSE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_READ: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_WRITE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_EA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_EA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_FLUSH_BUFFERS: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_DIRECTORY_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_DEVICE_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SHUTDOWN: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_LOCK_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CLEANUP: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CREATE_MAILSLOT: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_SECURITY: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_SECURITY: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_POWER: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SYSTEM_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_DEVICE_CHANGE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_QUOTA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_QUOTA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_PNP: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys AddDevice: 0x00000000 ServiceKeyName: Wanarp \Driver\PxHelper<0xFCD26750(1343750)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD26968 \??\C:\WINNT\System32\drivers\PxHelper.sys FastIoDispatch: 0x00000000 DriverInit: 0xF087D3D8 \??\C:\WINNT\System32\drivers\PxHelper.sys DriverStartIo: 0x00000000 DriverUnload: 0xF087CA2C \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CREATE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CLOSE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_READ: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_WRITE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_EA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_EA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_FLUSH_BUFFERS: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_DIRECTORY_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_DEVICE_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SHUTDOWN: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_LOCK_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CLEANUP: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CREATE_MAILSLOT: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_SECURITY: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_SECURITY: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_POWER: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SYSTEM_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_DEVICE_CHANGE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_QUOTA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_QUOTA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_PNP: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys AddDevice: 0xF087CA30 \??\C:\WINNT\System32\drivers\PxHelper.sys ServiceKeyName: PxHelper \Driver\biosview<0xFCD63870(1380870)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD63F48 \SystemRoot\system32\drivers\biosview.sys FastIoDispatch: 0x00000000 DriverInit: 0xF091A2E2 \SystemRoot\system32\drivers\biosview.sys DriverStartIo: 0x00000000 DriverUnload: 0xF091A458 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_CREATE: 0xF091A3E6 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF091A3E6 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF091A3E6 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: biosview \Driver\Rksample<0xFCDBFD90(13dcd90)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBFF08 \SystemRoot\System32\DRIVERS\rksample.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04DBE18 \SystemRoot\System32\DRIVERS\rksample.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04D0E50 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_CREATE: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_READ: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys AddDevice: 0xF04D0EF0 \SystemRoot\System32\DRIVERS\rksample.sys ServiceKeyName: Rksample \Driver\Null<0xFCCF37F0(13107f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF3988 \SystemRoot\System32\Drivers\Null.SYS FastIoDispatch: 0xFCD647A8 DriverInit: 0xF0A4C47A \SystemRoot\System32\Drivers\Null.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF0A4C360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A4C360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_READ: 0xF0A4C360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_WRITE: 0xF0A4C360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_QUERY_INFORMATION: 0xF0A4C360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0xF0A4C360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Null \Driver\Disk<0xFCD49690(1366690)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06A5120 disk.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0454A1C \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_READ: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_WRITE: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04520DB \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0452A77 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SHUTDOWN: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF045331D \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SYSTEM_CONTROL: 0xF0456152 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0454AA3 \WINNT\System32\DRIVERS\CLASSPNP.SYS AddDevice: 0xF0454A52 \WINNT\System32\DRIVERS\CLASSPNP.SYS ServiceKeyName: Disk \Driver\PCI<0xFCDDF230(13fc230)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys FastIoDispatch: 0x00000000 DriverInit: 0xF040BA88 pci.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04073A6 pci.sys IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0400D84 pci.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0400D84 pci.sys IRP_MJ_SYSTEM_CONTROL: 0xF0400D84 pci.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0400D84 pci.sys AddDevice: 0xF0406B90 pci.sys ServiceKeyName: PCI \Driver\sbp2port<0xFCDC8410(13e5410)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25F28 sbp2port.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0446480 sbp2port.sys DriverStartIo: 0xF0444B4E sbp2port.sys DriverUnload: 0xF0440AB6 sbp2port.sys IRP_MJ_CREATE: 0xF0446DB6 sbp2port.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0446DB6 sbp2port.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0446D32 sbp2port.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04448A8 sbp2port.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0441758 sbp2port.sys IRP_MJ_SYSTEM_CONTROL: 0xF044753C sbp2port.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0440F20 sbp2port.sys AddDevice: 0xF04464D8 sbp2port.sys ServiceKeyName: sbp2port \Driver\IPSEC<0xFF1E5270(3f07270)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF29CD68 \SystemRoot\System32\DRIVERS\ipsec.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7B0DCE6 \SystemRoot\System32\DRIVERS\ipsec.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7AFB30A \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_CREATE: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: IPSEC \Driver\PartMgr<0xFCD4DE50(136ae50)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25E08 PartMgr.sys FastIoDispatch: 0x00000000 DriverInit: 0xF081E040 PartMgr.sys DriverStartIo: 0x00000000 DriverUnload: 0xF081C3BE PartMgr.sys IRP_MJ_CREATE: 0xF081CC80 PartMgr.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF081C2C0 PartMgr.sys IRP_MJ_CLOSE: 0xF081CC80 PartMgr.sys IRP_MJ_READ: 0xF081C2C0 PartMgr.sys IRP_MJ_WRITE: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_EA: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_EA: 0xF081C2C0 PartMgr.sys IRP_MJ_FLUSH_BUFFERS: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_DIRECTORY_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_DEVICE_CONTROL: 0xF081DB90 PartMgr.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_SHUTDOWN: 0xF081C2C0 PartMgr.sys IRP_MJ_LOCK_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_CLEANUP: 0xF081C2C0 PartMgr.sys IRP_MJ_CREATE_MAILSLOT: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_SECURITY: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_SECURITY: 0xF081C2C0 PartMgr.sys IRP_MJ_POWER: 0xF081C396 PartMgr.sys IRP_MJ_SYSTEM_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_DEVICE_CHANGE: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_QUOTA: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_QUOTA: 0xF081C2C0 PartMgr.sys IRP_MJ_PNP: 0xF081CD20 PartMgr.sys AddDevice: 0xF081CEFA PartMgr.sys ServiceKeyName: PartMgr \Driver\NdisWan<0xFCD236B0(13406b0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD23848 \SystemRoot\System32\DRIVERS\ndiswan.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC711180 \SystemRoot\System32\DRIVERS\ndiswan.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: NdisWan \Driver\NdisTapi<0xFCD23C70(1340c70)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD23E08 \SystemRoot\System32\DRIVERS\ndistapi.sys FastIoDispatch: 0x00000000 DriverInit: 0xF08A96E2 \SystemRoot\System32\DRIVERS\ndistapi.sys DriverStartIo: 0x00000000 DriverUnload: 0xF08A8BD8 \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_CREATE: 0xF08A84DA \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF08A84DA \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF08A84DA \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF08A8376 \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: NdisTapi \Driver\Serial<0xFCD7F030(139c030)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD241A8 \SystemRoot\System32\DRIVERS\serial.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04CA300 \SystemRoot\System32\DRIVERS\serial.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04C5257 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_CREATE: 0xF04C4983 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04C7A49 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_READ: 0xF04C754A \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_WRITE: 0xF04C9D1B \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_QUERY_INFORMATION: 0xF04C4748 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_SET_INFORMATION: 0xF04C573A \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04C4BDB \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04C6F30 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04C6BF5 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF04C7C41 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF04C48DD \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_SYSTEM_CONTROL: 0xF04C2800 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04C2872 \SystemRoot\System32\DRIVERS\serial.sys AddDevice: 0xF04C435C \SystemRoot\System32\DRIVERS\serial.sys ServiceKeyName: Serial \Driver\Gpc<0xFCCAA530(12c7530)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCB1228 \SystemRoot\System32\DRIVERS\msgpc.sys FastIoDispatch: 0x00000000 DriverInit: 0xF05702E0 \SystemRoot\System32\DRIVERS\msgpc.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CLOSE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_READ: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_WRITE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_EA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_EA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_FLUSH_BUFFERS: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_DIRECTORY_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_DEVICE_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SHUTDOWN: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_LOCK_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CLEANUP: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CREATE_MAILSLOT: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_SECURITY: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_SECURITY: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_POWER: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SYSTEM_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_DEVICE_CHANGE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_QUOTA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_QUOTA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_PNP: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys AddDevice: 0x00000000 ServiceKeyName: Gpc \Driver\ACPI<0xFCE149F0(14319f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys FastIoDispatch: 0xFCA11560 ACPI.sys DriverInit: 0xFCA1C10B ACPI.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9FE758 ACPI.sys IRP_MJ_CREATE: 0xFC9FE52C ACPI.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC9FE52C ACPI.sys IRP_MJ_CLOSE: 0xFC9FE52C ACPI.sys IRP_MJ_READ: 0xFC9FE52C ACPI.sys IRP_MJ_WRITE: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_SET_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_EA: 0xFC9FE52C ACPI.sys IRP_MJ_SET_EA: 0xFC9FE52C ACPI.sys IRP_MJ_FLUSH_BUFFERS: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_DEVICE_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_SHUTDOWN: 0xFC9FE52C ACPI.sys IRP_MJ_LOCK_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_CLEANUP: 0xFC9FE52C ACPI.sys IRP_MJ_CREATE_MAILSLOT: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_SECURITY: 0xFC9FE52C ACPI.sys IRP_MJ_SET_SECURITY: 0xFC9FE52C ACPI.sys IRP_MJ_POWER: 0xFC9FE52C ACPI.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_DEVICE_CHANGE: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_QUOTA: 0xFC9FE52C ACPI.sys IRP_MJ_SET_QUOTA: 0xFC9FE52C ACPI.sys IRP_MJ_PNP: 0xFC9FE52C ACPI.sys AddDevice: 0xFC9FE1FB ACPI.sys ServiceKeyName: ACPI \Driver\PnpManager<0xFCE18EF0(1435ef0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0x80551D98 \WINNT\System32\ntoskrnl.exe DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x8042890A \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x804E210C \WINNT\System32\ntoskrnl.exe AddDevice: 0x8051DE5C \WINNT\System32\ntoskrnl.exe ServiceKeyName: \Driver\PnpManager \Driver\Parallel<0xFCD79C90(1396c90)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD79E68 \SystemRoot\System32\DRIVERS\parallel.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0502BBE \SystemRoot\System32\DRIVERS\parallel.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0502CFA \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_CREATE: 0xF0503B08 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0503CB4 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_READ: 0xF05093EC \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_WRITE: 0xF05093EC \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_QUERY_INFORMATION: 0xF0504B48 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_SET_INFORMATION: 0xF0504BE4 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0502D5C \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0503106 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0503C30 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0508876 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_SYSTEM_CONTROL: 0xF050CF24 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0507612 \SystemRoot\System32\DRIVERS\parallel.sys AddDevice: 0xF0507EC4 \SystemRoot\System32\DRIVERS\parallel.sys ServiceKeyName: Parallel \Driver\Flpydisk<0xFCD1F430(133c430)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD35668 \SystemRoot\System32\DRIVERS\flpydisk.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07CBBA0 \SystemRoot\System32\DRIVERS\flpydisk.sys DriverStartIo: 0x00000000 DriverUnload: 0xF07C82E0 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_CREATE: 0xF07C93B8 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07C93B8 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_READ: 0xF07C9CCE \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_WRITE: 0xF07C9CCE \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF07C9466 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF07C9BEE \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF07C991C \SystemRoot\System32\DRIVERS\flpydisk.sys AddDevice: 0xF07C900C \SystemRoot\System32\DRIVERS\flpydisk.sys ServiceKeyName: Flpydisk \Driver\i81x<0xFCD26D70(1343d70)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD81328 \SystemRoot\System32\DRIVERS\i81xnt5.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC8B22E0 \SystemRoot\System32\DRIVERS\i81xnt5.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04886C4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0485F98 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF048572C \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS AddDevice: 0xF04886F4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS ServiceKeyName: i81x \Driver\AFD<0xFF287DF0(590ddf0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF2886C8 \SystemRoot\System32\drivers\afd.sys FastIoDispatch: 0xF7FFFC30 \SystemRoot\System32\drivers\afd.sys DriverInit: 0xF801784A \SystemRoot\System32\drivers\afd.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CLOSE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_READ: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_WRITE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_EA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_EA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_FLUSH_BUFFERS: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_DIRECTORY_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_DEVICE_CONTROL: 0xF80002D6 \SystemRoot\System32\drivers\afd.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SHUTDOWN: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_LOCK_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CLEANUP: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CREATE_MAILSLOT: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_SECURITY: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_SECURITY: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_POWER: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SYSTEM_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_DEVICE_CHANGE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_QUOTA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_QUOTA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_PNP: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys AddDevice: 0x00000000 ServiceKeyName: AFD \Driver\Fsks<0xFF260B30(6363b30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD455E8 \SystemRoot\System32\DRIVERS\fsksnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7E7A938 \SystemRoot\System32\DRIVERS\fsksnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7E68560 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_CREATE: 0xF7E68600 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7E68600 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_READ: 0xF7E68600 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Fsks \Driver\Parport<0xFCD7EE70(139be70)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7E008 \SystemRoot\System32\DRIVERS\parport.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07104A2 \SystemRoot\System32\DRIVERS\parport.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0710572 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_CREATE: 0xF0710EF0 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0710F66 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0710850 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF07102E0 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF071334A \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_SYSTEM_CONTROL: 0xF0714B86 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0712914 \SystemRoot\System32\DRIVERS\parport.sys AddDevice: 0xF071289A \SystemRoot\System32\DRIVERS\parport.sys ServiceKeyName: Parport \Driver\IntelIde<0xFCD87030(13a4030)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27E48 intelide.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09CA2C0 intelide.sys DriverStartIo: 0x00000000 DriverUnload: 0xF06841A4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06840D4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0680886 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0684088 \WINNT\System32\Drivers\PCIIDEX.SYS AddDevice: 0xF0681BB2 \WINNT\System32\Drivers\PCIIDEX.SYS ServiceKeyName: IntelIde \Driver\ApfiltrService<0xFCDC45D0(13e15d0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC4768 \SystemRoot\System32\DRIVERS\Apfiltr.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04A8F80 \SystemRoot\System32\DRIVERS\Apfiltr.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04A8F74 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CREATE: 0xF04A7C76 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CLOSE: 0xF04A7C76 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_READ: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_WRITE: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_EA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_EA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_FLUSH_BUFFERS: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_DIRECTORY_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_DEVICE_CONTROL: 0xF04A7DA6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04A8B5A \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SHUTDOWN: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_LOCK_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CLEANUP: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CREATE_MAILSLOT: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_SECURITY: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_SECURITY: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_POWER: 0xF04A8EFA \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SYSTEM_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_DEVICE_CHANGE: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_QUOTA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_QUOTA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_PNP: 0xF04A8D82 \SystemRoot\System32\DRIVERS\Apfiltr.sys AddDevice: 0xF04A7B20 \SystemRoot\System32\DRIVERS\Apfiltr.sys ServiceKeyName: ApfiltrService \Driver\CmBatt<0xFCD25CD0(1342cd0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD25E68 \SystemRoot\System32\DRIVERS\CmBatt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF088DBA0 \SystemRoot\System32\DRIVERS\CmBatt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF088D340 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_CREATE: 0xF088D344 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF088D344 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF088D3AA \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF088D060 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_SYSTEM_CONTROL: 0xF088D0A4 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF088CE78 \SystemRoot\System32\DRIVERS\CmBatt.sys AddDevice: 0xF088CA18 \SystemRoot\System32\DRIVERS\CmBatt.sys ServiceKeyName: CmBatt \Driver\SPI<0xFCD24F30(1341f30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD25148 \SystemRoot\System32\Drivers\SonyPI.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04B785C \SystemRoot\System32\Drivers\SonyPI.sys DriverStartIo: 0xF04B0EBD \SystemRoot\System32\Drivers\SonyPI.sys DriverUnload: 0xF04B6720 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_CREATE: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_READ: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_WRITE: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys AddDevice: 0xF04B0ED3 \SystemRoot\System32\Drivers\SonyPI.sys ServiceKeyName: SPI \Driver\iLINKnet<0xFCD22E90(133fe90)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBD2E8 \SystemRoot\System32\DRIVERS\SonyiNet.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07A8414 \SystemRoot\System32\DRIVERS\SonyiNet.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: iLINKnet \Driver\i8042prt<0xFCD80E30(139de30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD441A8 \SystemRoot\System32\DRIVERS\i8042prt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0498000 \SystemRoot\System32\DRIVERS\i8042prt.sys DriverStartIo: 0xF04906D6 \SystemRoot\System32\DRIVERS\i8042prt.sys DriverUnload: 0xF0495091 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_CREATE: 0xF0493295 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0494F3F \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF0491583 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0494F68 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0490300 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0496695 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_SYSTEM_CONTROL: 0xF04932DA \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0493120 \SystemRoot\System32\DRIVERS\i8042prt.sys AddDevice: 0xF0494E5C \SystemRoot\System32\DRIVERS\i8042prt.sys ServiceKeyName: i8042prt \FileSystem\NetBIOS<0xFCCA62D0(12c32d0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCA61A8 \SystemRoot\System32\DRIVERS\netbios.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0586E20 \SystemRoot\System32\DRIVERS\netbios.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0581676 \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_CREATE: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: NetBIOS \FileSystem\Fastfat<0xFCE11550(142e550)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE259A8 Fastfat.sys FastIoDispatch: 0xFC957220 Fastfat.sys DriverInit: 0xFC972806 Fastfat.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC95805E Fastfat.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC958DDA Fastfat.sys IRP_MJ_READ: 0xFC9542E0 Fastfat.sys IRP_MJ_WRITE: 0xFC954482 Fastfat.sys IRP_MJ_QUERY_INFORMATION: 0xFC95DA34 Fastfat.sys IRP_MJ_SET_INFORMATION: 0xFC960D30 Fastfat.sys IRP_MJ_QUERY_EA: 0xFC9683AC Fastfat.sys IRP_MJ_SET_EA: 0xFC96845C Fastfat.sys IRP_MJ_FLUSH_BUFFERS: 0xFC963082 Fastfat.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC9637BE Fastfat.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC972264 Fastfat.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC957EF0 Fastfat.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC95FF78 Fastfat.sys IRP_MJ_DEVICE_CONTROL: 0xFC95F84E Fastfat.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0xFC9711FA Fastfat.sys IRP_MJ_LOCK_CONTROL: 0xFC9704B8 Fastfat.sys IRP_MJ_CLEANUP: 0xFC95B288 Fastfat.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC97092E Fastfat.sys AddDevice: 0x00000000 ServiceKeyName: Fastfat \FileSystem\Rdbss<0xFCCB1AB0(12ceab0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCB1A28 \SystemRoot\System32\DRIVERS\rdbss.sys FastIoDispatch: 0xF82A9760 \SystemRoot\System32\DRIVERS\rdbss.sys DriverInit: 0xF82BFF20 \SystemRoot\System32\DRIVERS\rdbss.sys DriverStartIo: 0x00000000 DriverUnload: 0xF82BA154 \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CREATE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CLOSE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_READ: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_WRITE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_EA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_EA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_FLUSH_BUFFERS: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_DIRECTORY_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_DEVICE_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SHUTDOWN: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_LOCK_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CLEANUP: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CREATE_MAILSLOT: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_SECURITY: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_SECURITY: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_POWER: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SYSTEM_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_DEVICE_CHANGE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_QUOTA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_QUOTA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Rdbss \FileSystem\UdfReadr<0xFCD61E10(137ee10)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD61FA8 \SystemRoot\System32\Drivers\UdfReadr.SYS FastIoDispatch: 0xF8395560 \SystemRoot\System32\Drivers\UdfReadr.SYS DriverInit: 0xF8372722 \SystemRoot\System32\Drivers\UdfReadr.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF8372BAA \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CREATE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CREATE_NAMED_PIPE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CLOSE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_READ: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_WRITE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_EA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_EA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_FLUSH_BUFFERS: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_DIRECTORY_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_DEVICE_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SHUTDOWN: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_LOCK_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CLEANUP: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CREATE_MAILSLOT: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_SECURITY: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_SECURITY: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_POWER: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SYSTEM_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_DEVICE_CHANGE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_QUOTA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_QUOTA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_PNP: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS AddDevice: 0x00000000 ServiceKeyName: UdfReadr \FileSystem\Msfs<0xFCCF2F30(130ff30)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD62AC8 \SystemRoot\System32\Drivers\Msfs.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF07FBEDA \SystemRoot\System32\Drivers\Msfs.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF07F9740 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07FA834 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_READ: 0xF07F9140 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_WRITE: 0xF07F9478 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_QUERY_INFORMATION: 0xF07FABC4 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_SET_INFORMATION: 0xF07FB7EE \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF07FB09A \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0xF07FB268 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF07FBC4C \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF07FA368 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_CREATE_MAILSLOT: 0xF07F9DAC \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_QUERY_SECURITY: 0xF07FB97C \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_SET_SECURITY: 0xF07FB9FE \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Msfs \FileSystem\MRxSmb<0xFCC96510(12b3510)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC966A8 \SystemRoot\System32\DRIVERS\mrxsmb.sys FastIoDispatch: 0xF82A9760 \SystemRoot\System32\DRIVERS\rdbss.sys DriverInit: 0xF8254DD6 \SystemRoot\System32\DRIVERS\mrxsmb.sys DriverStartIo: 0x00000000 DriverUnload: 0xF8269508 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CREATE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CLOSE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_READ: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_WRITE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_EA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_EA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_FLUSH_BUFFERS: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_DIRECTORY_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_DEVICE_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SHUTDOWN: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_LOCK_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CLEANUP: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CREATE_MAILSLOT: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_SECURITY: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_SECURITY: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_POWER: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SYSTEM_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_DEVICE_CHANGE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_QUOTA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_QUOTA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_PNP: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys AddDevice: 0x00000000 ServiceKeyName: MRxSmb \FileSystem\Srv<0xFF22C830(7aef830)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF22CE68 \SystemRoot\System32\DRIVERS\srv.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7CDA0A0 \SystemRoot\System32\DRIVERS\srv.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7CC9727 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CREATE: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CLOSE: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_READ: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_WRITE: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_INFORMATION: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_INFORMATION: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_EA: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_EA: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_FLUSH_BUFFERS: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_DIRECTORY_CONTROL: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_DEVICE_CONTROL: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SHUTDOWN: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_LOCK_CONTROL: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CLEANUP: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CREATE_MAILSLOT: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_SECURITY: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_SECURITY: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_POWER: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SYSTEM_CONTROL: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_DEVICE_CHANGE: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_QUOTA: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_QUOTA: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_PNP: 0xF7CC1441 \SystemRoot\System32\DRIVERS\srv.sys AddDevice: 0x00000000 ServiceKeyName: Srv \FileSystem\NaiFsRec<0xFCD45790(1362790)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25828 NaiFsRec.sys FastIoDispatch: 0x00000000 DriverInit: 0xF090494E NaiFsRec.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF09043FA NaiFsRec.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF09043FA NaiFsRec.sys IRP_MJ_CLOSE: 0xF09043FA NaiFsRec.sys IRP_MJ_READ: 0xF09043FA NaiFsRec.sys IRP_MJ_WRITE: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_EA: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_EA: 0xF09043FA NaiFsRec.sys IRP_MJ_FLUSH_BUFFERS: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_DIRECTORY_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_DEVICE_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_SHUTDOWN: 0xF09043FA NaiFsRec.sys IRP_MJ_LOCK_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_CLEANUP: 0xF09043FA NaiFsRec.sys IRP_MJ_CREATE_MAILSLOT: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_SECURITY: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_SECURITY: 0xF09043FA NaiFsRec.sys IRP_MJ_POWER: 0xF09043FA NaiFsRec.sys IRP_MJ_SYSTEM_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_DEVICE_CHANGE: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_QUOTA: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_QUOTA: 0xF09043FA NaiFsRec.sys IRP_MJ_PNP: 0xF09043FA NaiFsRec.sys AddDevice: 0x00000000 ServiceKeyName: NaiFsRec \FileSystem\Mup<0xFCD826D0(139f6d0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25788 Mup.sys FastIoDispatch: 0xFC907258 Mup.sys DriverInit: 0xFC90AB04 Mup.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC90936E Mup.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC90936E Mup.sys IRP_MJ_CLOSE: 0xFC90911E Mup.sys IRP_MJ_READ: 0xFC9056B6 Mup.sys IRP_MJ_WRITE: 0xFC90A1D8 Mup.sys IRP_MJ_QUERY_INFORMATION: 0xFC90FBBC Mup.sys IRP_MJ_SET_INFORMATION: 0xFC90FCD0 Mup.sys IRP_MJ_QUERY_EA: 0xFC9056B6 Mup.sys IRP_MJ_SET_EA: 0xFC9056B6 Mup.sys IRP_MJ_FLUSH_BUFFERS: 0xFC9056B6 Mup.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC917AE8 Mup.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC917CB6 Mup.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC90A5DA Mup.sys IRP_MJ_DEVICE_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_SHUTDOWN: 0xFC9056B6 Mup.sys IRP_MJ_LOCK_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_CLEANUP: 0xFC908E2E Mup.sys IRP_MJ_CREATE_MAILSLOT: 0xFC90936E Mup.sys IRP_MJ_QUERY_SECURITY: 0xFC9056B6 Mup.sys IRP_MJ_SET_SECURITY: 0xFC9056B6 Mup.sys IRP_MJ_POWER: 0xFC9056B6 Mup.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_DEVICE_CHANGE: 0xFC9056B6 Mup.sys IRP_MJ_QUERY_QUOTA: 0xFC9056B6 Mup.sys IRP_MJ_SET_QUOTA: 0xFC9056B6 Mup.sys IRP_MJ_PNP: 0xFC9056B6 Mup.sys AddDevice: 0x00000000 ServiceKeyName: Mup \FileSystem\RAW<0xFCE14E50(1431e50)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0x8055EF80 \WINNT\System32\ntoskrnl.exe DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x804FE1AF \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 \FileSystem\Npfs<0xFCCF2810(130f810)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF29A8 \SystemRoot\System32\Drivers\Npfs.SYS FastIoDispatch: 0xF0562208 \SystemRoot\System32\Drivers\Npfs.SYS DriverInit: 0xF056790E \SystemRoot\System32\Drivers\Npfs.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF05626FE \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_CREATE_NAMED_PIPE: 0xF0562AE4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_CLOSE: 0xF056257C \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_READ: 0xF0565BB4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_WRITE: 0xF0566F5A \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_QUERY_INFORMATION: 0xF0563792 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_SET_INFORMATION: 0xF0563832 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF0563ED4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF0566DD4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0xF05631BE \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF0564070 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF05623E6 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0xF056633C \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_SET_SECURITY: 0xF05663DC \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Npfs \FileSystem\Fs_Rec<0xFCD649F0(13819f0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD64968 \SystemRoot\System32\Drivers\Fs_Rec.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0917294 \SystemRoot\System32\Drivers\Fs_Rec.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF091653E \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_CREATE: 0xF0916492 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0916480 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09164C4 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0916480 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Fs_Rec \FileSystem\Cdfs<0xFF1F6AF0(35caf0)> SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF225788 \SystemRoot\System32\Drivers\Cdfs.SYS FastIoDispatch: 0xF7ED3CE0 \SystemRoot\System32\Drivers\Cdfs.SYS DriverInit: 0xF7EDF1A0 \SystemRoot\System32\Drivers\Cdfs.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_READ: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_SET_INFORMATION: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_DEVICE_CONTROL: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_CLEANUP: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF7ED22E0 \SystemRoot\System32\Drivers\Cdfs.SYS AddDevice: 0x00000000 ServiceKeyName: Cdfs Driver count: 100 KeServiceDescriptorTable at virtual address : 0x8046B840(46b840) 0 0x804BBAD9 \WINNT\System32\ntoskrnl.exe 1 0x804B322A \WINNT\System32\ntoskrnl.exe 2 0x804B371A \WINNT\System32\ntoskrnl.exe 3 0x8050ABDE \WINNT\System32\ntoskrnl.exe 4 0x804AADD7 \WINNT\System32\ntoskrnl.exe 5 0x8045A6DE \WINNT\System32\ntoskrnl.exe 6 0x8050BE92 \WINNT\System32\ntoskrnl.exe 7 0x8050BED2 \WINNT\System32\ntoskrnl.exe 8 0x804A6E80 \WINNT\System32\ntoskrnl.exe 9 0x80508458 \WINNT\System32\ntoskrnl.exe a 0x804ABA51 \WINNT\System32\ntoskrnl.exe b 0x804FBBF0 \WINNT\System32\ntoskrnl.exe c 0x804AECE7 \WINNT\System32\ntoskrnl.exe d 0x804AB72A \WINNT\System32\ntoskrnl.exe e 0x804492BA \WINNT\System32\ntoskrnl.exe f 0x804AAE39 \WINNT\System32\ntoskrnl.exe 10 0x8049ED34 \WINNT\System32\ntoskrnl.exe 11 0x804EF7C3 \WINNT\System32\ntoskrnl.exe 12 0x804FBFA3 \WINNT\System32\ntoskrnl.exe 13 0x8040189A \WINNT\System32\ntoskrnl.exe 14 0x804CB21E \WINNT\System32\ntoskrnl.exe 15 0x80418F04 \WINNT\System32\ntoskrnl.exe 16 0x804E9B8C \WINNT\System32\ntoskrnl.exe 17 0x80498F39 \WINNT\System32\ntoskrnl.exe 18 0x8044D292 \WINNT\System32\ntoskrnl.exe 19 0x804AAD7D \WINNT\System32\ntoskrnl.exe 1a 0x804BBF63 \WINNT\System32\ntoskrnl.exe 1b 0x804BC28B \WINNT\System32\ntoskrnl.exe 1c 0x804668B0 \WINNT\System32\ntoskrnl.exe 1d 0x804F3CE6 \WINNT\System32\ntoskrnl.exe 1e 0x8049AE26 \WINNT\System32\ntoskrnl.exe 1f 0x804C47BF \WINNT\System32\ntoskrnl.exe 20 0x8049A5F1 \WINNT\System32\ntoskrnl.exe 21 0x804BA7B0 \WINNT\System32\ntoskrnl.exe 22 0x804FBCC6 \WINNT\System32\ntoskrnl.exe 23 0x804A0635 \WINNT\System32\ntoskrnl.exe 24 0x8048ECD1 \WINNT\System32\ntoskrnl.exe 25 0x804A6DBA \WINNT\System32\ntoskrnl.exe 26 0x8048EBF9 \WINNT\System32\ntoskrnl.exe 27 0x804ECAC7 \WINNT\System32\ntoskrnl.exe 28 0x804B501B \WINNT\System32\ntoskrnl.exe 29 0x804BD4CB \WINNT\System32\ntoskrnl.exe 2a 0x804C3D89 \WINNT\System32\ntoskrnl.exe 2b 0x804B963E \WINNT\System32\ntoskrnl.exe 2c 0x804B849C \WINNT\System32\ntoskrnl.exe 2d 0x80491F98 \WINNT\System32\ntoskrnl.exe 2e 0x804BB61D \WINNT\System32\ntoskrnl.exe 2f 0x8048E37F \WINNT\System32\ntoskrnl.exe 30 0x8050E0D0 \WINNT\System32\ntoskrnl.exe 31 0x804EA9EA \WINNT\System32\ntoskrnl.exe 32 0x80498B96 \WINNT\System32\ntoskrnl.exe 33 0x804B7FE0 \WINNT\System32\ntoskrnl.exe 34 0x804CB386 \WINNT\System32\ntoskrnl.exe 35 0x804958F5 \WINNT\System32\ntoskrnl.exe 36 0x8050C24E \WINNT\System32\ntoskrnl.exe 37 0x804AC8B6 \WINNT\System32\ntoskrnl.exe 38 0x804A22EF \WINNT\System32\ntoskrnl.exe 39 0x804C0066 \WINNT\System32\ntoskrnl.exe 3a 0x804BAA57 \WINNT\System32\ntoskrnl.exe 3b 0x804A408E \WINNT\System32\ntoskrnl.exe 3c 0x804B9EEF \WINNT\System32\ntoskrnl.exe 3d 0x804A14B2 \WINNT\System32\ntoskrnl.exe 3e 0x804F0212 \WINNT\System32\ntoskrnl.exe 3f 0x80508F0A \WINNT\System32\ntoskrnl.exe 40 0x804A6385 \WINNT\System32\ntoskrnl.exe 41 0x804A1CCB \WINNT\System32\ntoskrnl.exe 42 0x804B927C \WINNT\System32\ntoskrnl.exe 43 0x804B306C \WINNT\System32\ntoskrnl.exe 44 0x804B0757 \WINNT\System32\ntoskrnl.exe 45 0x804F063F \WINNT\System32\ntoskrnl.exe 46 0x804498E5 \WINNT\System32\ntoskrnl.exe 47 0x804A29E7 \WINNT\System32\ntoskrnl.exe 48 0x8049C1A5 \WINNT\System32\ntoskrnl.exe 49 0x80492F9B \WINNT\System32\ntoskrnl.exe 4a 0x804F5C02 \WINNT\System32\ntoskrnl.exe 4b 0x80517DFD \WINNT\System32\ntoskrnl.exe 4c 0x80461606 \WINNT\System32\ntoskrnl.exe 4d 0x80449F2C \WINNT\System32\ntoskrnl.exe 4e 0x8050EB71 \WINNT\System32\ntoskrnl.exe 4f 0x804A4826 \WINNT\System32\ntoskrnl.exe 50 0x80453B63 \WINNT\System32\ntoskrnl.exe 51 0x8051E658 \WINNT\System32\ntoskrnl.exe 52 0x804F59F0 \WINNT\System32\ntoskrnl.exe 53 0x804F5BF4 \WINNT\System32\ntoskrnl.exe 54 0x804EAC0D \WINNT\System32\ntoskrnl.exe 55 0x8052AD90 \WINNT\System32\ntoskrnl.exe 56 0x8051F33B \WINNT\System32\ntoskrnl.exe 57 0x80460FCE \WINNT\System32\ntoskrnl.exe 58 0x804A75FD \WINNT\System32\ntoskrnl.exe 59 0x804F06D6 \WINNT\System32\ntoskrnl.exe 5a 0x80491967 \WINNT\System32\ntoskrnl.exe 5b 0x804489A9 \WINNT\System32\ntoskrnl.exe 5c 0x80448DBC \WINNT\System32\ntoskrnl.exe 5d 0x804B977E \WINNT\System32\ntoskrnl.exe 5e 0x804B4CBA \WINNT\System32\ntoskrnl.exe 5f 0x804B9AD4 \WINNT\System32\ntoskrnl.exe 60 0x804B9B02 \WINNT\System32\ntoskrnl.exe 61 0x804BC938 \WINNT\System32\ntoskrnl.exe 62 0x804A6810 \WINNT\System32\ntoskrnl.exe 63 0x804C48AB \WINNT\System32\ntoskrnl.exe 64 0x804B6C37 \WINNT\System32\ntoskrnl.exe 65 0x804CFC5B \WINNT\System32\ntoskrnl.exe 66 0x804FBEDB \WINNT\System32\ntoskrnl.exe 67 0x8049FDAE \WINNT\System32\ntoskrnl.exe 68 0x804A7039 \WINNT\System32\ntoskrnl.exe 69 0x804AED64 \WINNT\System32\ntoskrnl.exe 6a 0x804BE76D \WINNT\System32\ntoskrnl.exe 6b 0x8049E5E5 \WINNT\System32\ntoskrnl.exe 6c 0x804B941B \WINNT\System32\ntoskrnl.exe 6d 0x804AAA86 \WINNT\System32\ntoskrnl.exe 6e 0x804BC708 \WINNT\System32\ntoskrnl.exe 6f 0x804ABD64 \WINNT\System32\ntoskrnl.exe 70 0x80499353 \WINNT\System32\ntoskrnl.exe 71 0x804C4485 \WINNT\System32\ntoskrnl.exe 72 0x804B11E3 \WINNT\System32\ntoskrnl.exe 73 0x8049227F \WINNT\System32\ntoskrnl.exe 74 0x804ABF6F \WINNT\System32\ntoskrnl.exe 75 0x8050B5E3 \WINNT\System32\ntoskrnl.exe 76 0x8050B3BF \WINNT\System32\ntoskrnl.exe 77 0x804BAE4E \WINNT\System32\ntoskrnl.exe 78 0x804BF790 \WINNT\System32\ntoskrnl.exe 79 0x804B4964 \WINNT\System32\ntoskrnl.exe 7a 0x804B6EE6 \WINNT\System32\ntoskrnl.exe 7b 0x804B67D3 \WINNT\System32\ntoskrnl.exe 7c 0x804A7A5C \WINNT\System32\ntoskrnl.exe 7d 0x804BED76 \WINNT\System32\ntoskrnl.exe 7e 0x80491C73 \WINNT\System32\ntoskrnl.exe 7f 0x804D06D6 \WINNT\System32\ntoskrnl.exe 80 0x804BEA2A \WINNT\System32\ntoskrnl.exe 81 0x804B43D3 \WINNT\System32\ntoskrnl.exe 82 0x804B7154 \WINNT\System32\ntoskrnl.exe 83 0x804BDA90 \WINNT\System32\ntoskrnl.exe 84 0x80498DBB \WINNT\System32\ntoskrnl.exe 85 0x804EAC8B \WINNT\System32\ntoskrnl.exe 86 0x804B6854 \WINNT\System32\ntoskrnl.exe 87 0x80498FC2 \WINNT\System32\ntoskrnl.exe 88 0x8049E3E0 \WINNT\System32\ntoskrnl.exe 89 0x804A7E24 \WINNT\System32\ntoskrnl.exe 8a 0x804C4357 \WINNT\System32\ntoskrnl.exe 8b 0x804A0EB7 \WINNT\System32\ntoskrnl.exe 8c 0x8051F9F0 \WINNT\System32\ntoskrnl.exe 8d 0x804C461E \WINNT\System32\ntoskrnl.exe 8e 0x804A2E40 \WINNT\System32\ntoskrnl.exe 8f 0x80520094 \WINNT\System32\ntoskrnl.exe 90 0x804BF0C1 \WINNT\System32\ntoskrnl.exe 91 0x804D15EE \WINNT\System32\ntoskrnl.exe 92 0x804BCAFC \WINNT\System32\ntoskrnl.exe 93 0x8044D7BA \WINNT\System32\ntoskrnl.exe 94 0x804C2ECD \WINNT\System32\ntoskrnl.exe 95 0x804BC7A5 \WINNT\System32\ntoskrnl.exe 96 0x804C37D8 \WINNT\System32\ntoskrnl.exe 97 0x8049F2CE \WINNT\System32\ntoskrnl.exe 98 0x804A2888 \WINNT\System32\ntoskrnl.exe 99 0x804AD79C \WINNT\System32\ntoskrnl.exe 9a 0x804B0536 \WINNT\System32\ntoskrnl.exe 9b 0x804A01DA \WINNT\System32\ntoskrnl.exe 9c 0x804B77C4 \WINNT\System32\ntoskrnl.exe 9d 0x804A6670 \WINNT\System32\ntoskrnl.exe 9e 0x804AD6F9 \WINNT\System32\ntoskrnl.exe 9f 0x804668F8 \WINNT\System32\ntoskrnl.exe a0 0x804C2B38 \WINNT\System32\ntoskrnl.exe a1 0x8049AF1B \WINNT\System32\ntoskrnl.exe a2 0x804D2295 \WINNT\System32\ntoskrnl.exe a3 0x804BC642 \WINNT\System32\ntoskrnl.exe a4 0x804A585A \WINNT\System32\ntoskrnl.exe a5 0x804BB8F2 \WINNT\System32\ntoskrnl.exe a6 0x80499536 \WINNT\System32\ntoskrnl.exe a7 0x8049DAC1 \WINNT\System32\ntoskrnl.exe a8 0x804991E5 \WINNT\System32\ntoskrnl.exe a9 0x8051F81F \WINNT\System32\ntoskrnl.exe aa 0x804A42A8 \WINNT\System32\ntoskrnl.exe ab 0x804986CE \WINNT\System32\ntoskrnl.exe ac 0x804339E4 \WINNT\System32\ntoskrnl.exe ad 0x804EAE8E \WINNT\System32\ntoskrnl.exe ae 0x804F5B92 \WINNT\System32\ntoskrnl.exe af 0x804B29EE \WINNT\System32\ntoskrnl.exe b0 0x80498311 \WINNT\System32\ntoskrnl.exe b1 0x804F599C \WINNT\System32\ntoskrnl.exe b2 0x804BF8E0 \WINNT\System32\ntoskrnl.exe b3 0x8044A413 \WINNT\System32\ntoskrnl.exe b4 0x8051EF54 \WINNT\System32\ntoskrnl.exe b5 0x804BB755 \WINNT\System32\ntoskrnl.exe b6 0x80495A06 \WINNT\System32\ntoskrnl.exe b7 0x8051F0B8 \WINNT\System32\ntoskrnl.exe b8 0x804330BD \WINNT\System32\ntoskrnl.exe b9 0x804BEE87 \WINNT\System32\ntoskrnl.exe ba 0x804931B3 \WINNT\System32\ntoskrnl.exe bb 0x804C2DCF \WINNT\System32\ntoskrnl.exe bc 0x804C0322 \WINNT\System32\ntoskrnl.exe bd 0x804C08F0 \WINNT\System32\ntoskrnl.exe be 0x804D0C43 \WINNT\System32\ntoskrnl.exe bf 0x80498E90 \WINNT\System32\ntoskrnl.exe c0 0x804C4B4D \WINNT\System32\ntoskrnl.exe c1 0x804C4A93 \WINNT\System32\ntoskrnl.exe c2 0x804A16C0 \WINNT\System32\ntoskrnl.exe c3 0x804FCE5A \WINNT\System32\ntoskrnl.exe c4 0x8051F525 \WINNT\System32\ntoskrnl.exe c5 0x804A2F65 \WINNT\System32\ntoskrnl.exe c6 0x804B732C \WINNT\System32\ntoskrnl.exe c7 0x8049D596 \WINNT\System32\ntoskrnl.exe c8 0x8050F100 \WINNT\System32\ntoskrnl.exe c9 0x804C4345 \WINNT\System32\ntoskrnl.exe ca 0x80492B0E \WINNT\System32\ntoskrnl.exe cb 0x804C4AF7 \WINNT\System32\ntoskrnl.exe cc 0x804C4A2F \WINNT\System32\ntoskrnl.exe cd 0x804D1B59 \WINNT\System32\ntoskrnl.exe ce 0x8044D6C5 \WINNT\System32\ntoskrnl.exe cf 0x804C3A62 \WINNT\System32\ntoskrnl.exe d0 0x8048D7CA \WINNT\System32\ntoskrnl.exe d1 0x80489C29 \WINNT\System32\ntoskrnl.exe d2 0x8048DE42 \WINNT\System32\ntoskrnl.exe d3 0x804921A9 \WINNT\System32\ntoskrnl.exe d4 0x8041909D \WINNT\System32\ntoskrnl.exe d5 0x8048DF4C \WINNT\System32\ntoskrnl.exe d6 0x804C3279 \WINNT\System32\ntoskrnl.exe d7 0x804A8822 \WINNT\System32\ntoskrnl.exe d8 0x804D1C75 \WINNT\System32\ntoskrnl.exe d9 0x804C0034 \WINNT\System32\ntoskrnl.exe da 0x8044E121 \WINNT\System32\ntoskrnl.exe db 0x804C3FFA \WINNT\System32\ntoskrnl.exe dc 0x804C42A1 \WINNT\System32\ntoskrnl.exe dd 0x80492ECB \WINNT\System32\ntoskrnl.exe de 0x8052ABEF \WINNT\System32\ntoskrnl.exe df 0x804FDC2C \WINNT\System32\ntoskrnl.exe e0 0x804BE082 \WINNT\System32\ntoskrnl.exe e1 0x804B7C2F \WINNT\System32\ntoskrnl.exe e2 0x804BB99A \WINNT\System32\ntoskrnl.exe e3 0x8052AF5D \WINNT\System32\ntoskrnl.exe e4 0x8051F34D \WINNT\System32\ntoskrnl.exe e5 0x804A73C6 \WINNT\System32\ntoskrnl.exe e6 0x804B469E \WINNT\System32\ntoskrnl.exe e7 0x804B82A3 \WINNT\System32\ntoskrnl.exe e8 0x80494707 \WINNT\System32\ntoskrnl.exe e9 0x8044E312 \WINNT\System32\ntoskrnl.exe ea 0x80498C2D \WINNT\System32\ntoskrnl.exe eb 0x804C49D1 \WINNT\System32\ntoskrnl.exe ec 0x804C4973 \WINNT\System32\ntoskrnl.exe ed 0x804A1A9A \WINNT\System32\ntoskrnl.exe ee 0x804D2B4A \WINNT\System32\ntoskrnl.exe ef 0x804BC69B \WINNT\System32\ntoskrnl.exe f0 0x804A56D1 \WINNT\System32\ntoskrnl.exe f1 0x804E9B84 \WINNT\System32\ntoskrnl.exe f2 0x804E9B84 \WINNT\System32\ntoskrnl.exe f3 0x804E9B84 \WINNT\System32\ntoskrnl.exe f4 0x80432FFF \WINNT\System32\ntoskrnl.exe f5 0x80446B97 \WINNT\System32\ntoskrnl.exe f6 0x804E9B8C \WINNT\System32\ntoskrnl.exe f7 0x80433007 \WINNT\System32\ntoskrnl.exe KeServiceDescriptorTableShadow at virtual address : 0x8046B880(46b880) 0 0xA0105666 \??\C:\WINNT\system32\win32k.sys 1 0xA011D430 \??\C:\WINNT\system32\win32k.sys 2 0xA00AEB4F \??\C:\WINNT\system32\win32k.sys 3 0xA0111BE9 \??\C:\WINNT\system32\win32k.sys 4 0xA011F1CA \??\C:\WINNT\system32\win32k.sys 5 0xA0105C7B \??\C:\WINNT\system32\win32k.sys 6 0xA0106355 \??\C:\WINNT\system32\win32k.sys 7 0xA0102E82 \??\C:\WINNT\system32\win32k.sys 8 0xA011E911 \??\C:\WINNT\system32\win32k.sys 9 0xA004B276 \??\C:\WINNT\system32\win32k.sys a 0xA00B5F7A \??\C:\WINNT\system32\win32k.sys b 0xA005284F \??\C:\WINNT\system32\win32k.sys c 0xA00477BD \??\C:\WINNT\system32\win32k.sys d 0xA001AF74 \??\C:\WINNT\system32\win32k.sys e 0xA011EE73 \??\C:\WINNT\system32\win32k.sys f 0xA0120C7F \??\C:\WINNT\system32\win32k.sys 10 0xA00550C7 \??\C:\WINNT\system32\win32k.sys 11 0xA0120DD9 \??\C:\WINNT\system32\win32k.sys 12 0xA0077603 \??\C:\WINNT\system32\win32k.sys 13 0xA004D14B \??\C:\WINNT\system32\win32k.sys 14 0xA007A0EF \??\C:\WINNT\system32\win32k.sys 15 0xA0016344 \??\C:\WINNT\system32\win32k.sys 16 0xA004F7EF \??\C:\WINNT\system32\win32k.sys 17 0xA001E106 \??\C:\WINNT\system32\win32k.sys 18 0xA0089E93 \??\C:\WINNT\system32\win32k.sys 19 0xA004FE0F \??\C:\WINNT\system32\win32k.sys 1a 0xA0120932 \??\C:\WINNT\system32\win32k.sys 1b 0xA00761D6 \??\C:\WINNT\system32\win32k.sys 1c 0xA001D56E \??\C:\WINNT\system32\win32k.sys 1d 0xA006854C \??\C:\WINNT\system32\win32k.sys 1e 0xA0091F45 \??\C:\WINNT\system32\win32k.sys 1f 0xA009310D \??\C:\WINNT\system32\win32k.sys 20 0xA010938E \??\C:\WINNT\system32\win32k.sys 21 0xA0094717 \??\C:\WINNT\system32\win32k.sys 22 0xA00526B9 \??\C:\WINNT\system32\win32k.sys 23 0xA004CC3F \??\C:\WINNT\system32\win32k.sys 24 0xA0093FF3 \??\C:\WINNT\system32\win32k.sys 25 0xA008AD46 \??\C:\WINNT\system32\win32k.sys 26 0xA007786F \??\C:\WINNT\system32\win32k.sys 27 0xA0077E6B \??\C:\WINNT\system32\win32k.sys 28 0xA01094A3 \??\C:\WINNT\system32\win32k.sys 29 0xA00B103A \??\C:\WINNT\system32\win32k.sys 2a 0xA001DC18 \??\C:\WINNT\system32\win32k.sys 2b 0xA0123824 \??\C:\WINNT\system32\win32k.sys 2c 0xA0123BC3 \??\C:\WINNT\system32\win32k.sys 2d 0xA0123C54 \??\C:\WINNT\system32\win32k.sys 2e 0xA012402C \??\C:\WINNT\system32\win32k.sys 2f 0xA0123CC2 \??\C:\WINNT\system32\win32k.sys 30 0xA01241FE \??\C:\WINNT\system32\win32k.sys 31 0xA0127078 \??\C:\WINNT\system32\win32k.sys 32 0xA0128FDC \??\C:\WINNT\system32\win32k.sys 33 0xA00BB12D \??\C:\WINNT\system32\win32k.sys 34 0xA012875C \??\C:\WINNT\system32\win32k.sys 35 0xA0125E29 \??\C:\WINNT\system32\win32k.sys 36 0xA00A7695 \??\C:\WINNT\system32\win32k.sys 37 0xA012697A \??\C:\WINNT\system32\win32k.sys 38 0xA01278BC \??\C:\WINNT\system32\win32k.sys 39 0xA00A8397 \??\C:\WINNT\system32\win32k.sys 3a 0xA00A73F2 \??\C:\WINNT\system32\win32k.sys 3b 0xA00A73F2 \??\C:\WINNT\system32\win32k.sys 3c 0xA012811E \??\C:\WINNT\system32\win32k.sys 3d 0xA00BBF6C \??\C:\WINNT\system32\win32k.sys 3e 0xA00A647F \??\C:\WINNT\system32\win32k.sys 3f 0xA00A6BED \??\C:\WINNT\system32\win32k.sys 40 0xA01286ED \??\C:\WINNT\system32\win32k.sys 41 0xA00BAFA1 \??\C:\WINNT\system32\win32k.sys 42 0xA0126FAF \??\C:\WINNT\system32\win32k.sys 43 0xA01289C6 \??\C:\WINNT\system32\win32k.sys 44 0xA00BC55B \??\C:\WINNT\system32\win32k.sys 45 0xA0127723 \??\C:\WINNT\system32\win32k.sys 46 0xA00B01E9 \??\C:\WINNT\system32\win32k.sys 47 0xA01267AF \??\C:\WINNT\system32\win32k.sys 48 0xA00BC9E9 \??\C:\WINNT\system32\win32k.sys 49 0xA00A8962 \??\C:\WINNT\system32\win32k.sys 4a 0xA0127B83 \??\C:\WINNT\system32\win32k.sys 4b 0xA00BBE3A \??\C:\WINNT\system32\win32k.sys 4c 0xA0128598 \??\C:\WINNT\system32\win32k.sys 4d 0xA01283B5 \??\C:\WINNT\system32\win32k.sys 4e 0xA0127CC7 \??\C:\WINNT\system32\win32k.sys 4f 0xA0127E7B \??\C:\WINNT\system32\win32k.sys 50 0xA01274DD \??\C:\WINNT\system32\win32k.sys 51 0xA00A6DF5 \??\C:\WINNT\system32\win32k.sys 52 0xA012659B \??\C:\WINNT\system32\win32k.sys 53 0xA00A8CF2 \??\C:\WINNT\system32\win32k.sys 54 0xA0128E95 \??\C:\WINNT\system32\win32k.sys 55 0xA00A90B3 \??\C:\WINNT\system32\win32k.sys 56 0xA00BC940 \??\C:\WINNT\system32\win32k.sys 57 0xA0128B4E \??\C:\WINNT\system32\win32k.sys 58 0xA00510ED \??\C:\WINNT\system32\win32k.sys 59 0xA00BC44C \??\C:\WINNT\system32\win32k.sys 5a 0xA012760B \??\C:\WINNT\system32\win32k.sys 5b 0xA0129484 \??\C:\WINNT\system32\win32k.sys 5c 0xA01295F6 \??\C:\WINNT\system32\win32k.sys 5d 0xA012737F \??\C:\WINNT\system32\win32k.sys 5e 0xA00BB0B6 \??\C:\WINNT\system32\win32k.sys 5f 0xA00A6D46 \??\C:\WINNT\system32\win32k.sys 60 0xA012669E \??\C:\WINNT\system32\win32k.sys 61 0xA00BAC82 \??\C:\WINNT\system32\win32k.sys 62 0xA00BC7BB \??\C:\WINNT\system32\win32k.sys 63 0xA012A818 \??\C:\WINNT\system32\win32k.sys 64 0xA012C011 \??\C:\WINNT\system32\win32k.sys 65 0xA012A960 \??\C:\WINNT\system32\win32k.sys 66 0xA012ABB0 \??\C:\WINNT\system32\win32k.sys 67 0xA012AC1F \??\C:\WINNT\system32\win32k.sys 68 0xA012AD9E \??\C:\WINNT\system32\win32k.sys 69 0xA012AF3D \??\C:\WINNT\system32\win32k.sys 6a 0xA012B076 \??\C:\WINNT\system32\win32k.sys 6b 0xA012B18C \??\C:\WINNT\system32\win32k.sys 6c 0xA012B53D \??\C:\WINNT\system32\win32k.sys 6d 0xA012B353 \??\C:\WINNT\system32\win32k.sys 6e 0xA012B623 \??\C:\WINNT\system32\win32k.sys 6f 0xA012B7E0 \??\C:\WINNT\system32\win32k.sys 70 0xA012B8C6 \??\C:\WINNT\system32\win32k.sys 71 0xA012BEE1 \??\C:\WINNT\system32\win32k.sys 72 0xA0089E60 \??\C:\WINNT\system32\win32k.sys 73 0xA005091C \??\C:\WINNT\system32\win32k.sys 74 0xA0120BA8 \??\C:\WINNT\system32\win32k.sys 75 0xA002BF83 \??\C:\WINNT\system32\win32k.sys 76 0xA005112A \??\C:\WINNT\system32\win32k.sys 77 0xA00BE7E4 \??\C:\WINNT\system32\win32k.sys 78 0xA00BE9D7 \??\C:\WINNT\system32\win32k.sys 79 0xA008A753 \??\C:\WINNT\system32\win32k.sys 7a 0xA011EA32 \??\C:\WINNT\system32\win32k.sys 7b 0xA009D1C7 \??\C:\WINNT\system32\win32k.sys 7c 0xA0001BCE \??\C:\WINNT\system32\win32k.sys 7d 0xA009AFBB \??\C:\WINNT\system32\win32k.sys 7e 0xA009AFC9 \??\C:\WINNT\system32\win32k.sys 7f 0xA004784C \??\C:\WINNT\system32\win32k.sys 80 0xA006F50B \??\C:\WINNT\system32\win32k.sys 81 0xA006E967 \??\C:\WINNT\system32\win32k.sys 82 0xA006EC6D \??\C:\WINNT\system32\win32k.sys 83 0xA004B483 \??\C:\WINNT\system32\win32k.sys 84 0xA00AFAFE \??\C:\WINNT\system32\win32k.sys 85 0xA012F5A6 \??\C:\WINNT\system32\win32k.sys 86 0xA012F409 \??\C:\WINNT\system32\win32k.sys 87 0xA003E887 \??\C:\WINNT\system32\win32k.sys 88 0xA006A99E \??\C:\WINNT\system32\win32k.sys 89 0xA004D1E9 \??\C:\WINNT\system32\win32k.sys 8a 0xA0045846 \??\C:\WINNT\system32\win32k.sys 8b 0xA013063C \??\C:\WINNT\system32\win32k.sys 8c 0xA002C5FE \??\C:\WINNT\system32\win32k.sys 8d 0xA002754A \??\C:\WINNT\system32\win32k.sys 8e 0xA006B82B \??\C:\WINNT\system32\win32k.sys 8f 0xA0055135 \??\C:\WINNT\system32\win32k.sys 90 0xA00A4872 \??\C:\WINNT\system32\win32k.sys 91 0xA011D548 \??\C:\WINNT\system32\win32k.sys 92 0xA0017998 \??\C:\WINNT\system32\win32k.sys 93 0xA0013C16 \??\C:\WINNT\system32\win32k.sys 94 0xA011FB03 \??\C:\WINNT\system32\win32k.sys 95 0xA010958E \??\C:\WINNT\system32\win32k.sys 96 0xA00B688E \??\C:\WINNT\system32\win32k.sys 97 0xA00717C5 \??\C:\WINNT\system32\win32k.sys 98 0xA0026505 \??\C:\WINNT\system32\win32k.sys 99 0xA0071F30 \??\C:\WINNT\system32\win32k.sys 9a 0xA00A6717 \??\C:\WINNT\system32\win32k.sys 9b 0xA00A3448 \??\C:\WINNT\system32\win32k.sys 9c 0xA0072381 \??\C:\WINNT\system32\win32k.sys 9d 0xA011DB5C \??\C:\WINNT\system32\win32k.sys 9e 0xA00291A3 \??\C:\WINNT\system32\win32k.sys 9f 0xA0070506 \??\C:\WINNT\system32\win32k.sys a0 0xA007D95E \??\C:\WINNT\system32\win32k.sys a1 0xA011ECD6 \??\C:\WINNT\system32\win32k.sys a2 0xA0130F14 \??\C:\WINNT\system32\win32k.sys a3 0xA0028C95 \??\C:\WINNT\system32\win32k.sys a4 0xA0077AE4 \??\C:\WINNT\system32\win32k.sys a5 0xA0077B0A \??\C:\WINNT\system32\win32k.sys a6 0xA00D64EF \??\C:\WINNT\system32\win32k.sys a7 0xA011EF23 \??\C:\WINNT\system32\win32k.sys a8 0xA0121025 \??\C:\WINNT\system32\win32k.sys a9 0xA0041AD8 \??\C:\WINNT\system32\win32k.sys aa 0xA00932EB \??\C:\WINNT\system32\win32k.sys ab 0xA0131CC0 \??\C:\WINNT\system32\win32k.sys ac 0xA012E6BD \??\C:\WINNT\system32\win32k.sys ad 0xA009DC8C \??\C:\WINNT\system32\win32k.sys ae 0xA011F494 \??\C:\WINNT\system32\win32k.sys af 0xA011FEDD \??\C:\WINNT\system32\win32k.sys b0 0xA011FD84 \??\C:\WINNT\system32\win32k.sys b1 0xA011EB52 \??\C:\WINNT\system32\win32k.sys b2 0xA00B9BD2 \??\C:\WINNT\system32\win32k.sys b3 0xA01057C6 \??\C:\WINNT\system32\win32k.sys b4 0xA011E98A \??\C:\WINNT\system32\win32k.sys b5 0xA0110FB5 \??\C:\WINNT\system32\win32k.sys b6 0xA0037922 \??\C:\WINNT\system32\win32k.sys b7 0xA0068781 \??\C:\WINNT\system32\win32k.sys b8 0xA004F5E9 \??\C:\WINNT\system32\win32k.sys b9 0xA0070B2A \??\C:\WINNT\system32\win32k.sys ba 0xA011D95F \??\C:\WINNT\system32\win32k.sys bb 0xA0080513 \??\C:\WINNT\system32\win32k.sys bc 0xA002755E \??\C:\WINNT\system32\win32k.sys bd 0xA00D4BCB \??\C:\WINNT\system32\win32k.sys be 0xA00B5F12 \??\C:\WINNT\system32\win32k.sys bf 0xA009C898 \??\C:\WINNT\system32\win32k.sys c0 0xA003E8A2 \??\C:\WINNT\system32\win32k.sys c1 0xA00D9C5F \??\C:\WINNT\system32\win32k.sys c2 0xA00A91E3 \??\C:\WINNT\system32\win32k.sys c3 0xA0131E9E \??\C:\WINNT\system32\win32k.sys c4 0xA001C464 \??\C:\WINNT\system32\win32k.sys c5 0xA012F6FF \??\C:\WINNT\system32\win32k.sys c6 0xA0071145 \??\C:\WINNT\system32\win32k.sys c7 0xA0037BC9 \??\C:\WINNT\system32\win32k.sys c8 0xA00940E7 \??\C:\WINNT\system32\win32k.sys c9 0xA00487D0 \??\C:\WINNT\system32\win32k.sys ca 0xA007CFC2 \??\C:\WINNT\system32\win32k.sys cb 0xA0079728 \??\C:\WINNT\system32\win32k.sys cc 0xA004C407 \??\C:\WINNT\system32\win32k.sys cd 0xA011F60B \??\C:\WINNT\system32\win32k.sys ce 0xA011F6E9 \??\C:\WINNT\system32\win32k.sys cf 0xA011FEFA \??\C:\WINNT\system32\win32k.sys d0 0xA007C94F \??\C:\WINNT\system32\win32k.sys d1 0xA0114441 \??\C:\WINNT\system32\win32k.sys d2 0xA0074EFC \??\C:\WINNT\system32\win32k.sys d3 0xA0121662 \??\C:\WINNT\system32\win32k.sys d4 0xA005BFE2 \??\C:\WINNT\system32\win32k.sys d5 0xA0000461 \??\C:\WINNT\system32\win32k.sys d6 0xA002752F \??\C:\WINNT\system32\win32k.sys d7 0xA0068120 \??\C:\WINNT\system32\win32k.sys d8 0xA003F12D \??\C:\WINNT\system32\win32k.sys d9 0xA011FC87 \??\C:\WINNT\system32\win32k.sys da 0xA004CD7A \??\C:\WINNT\system32\win32k.sys db 0xA009C05D \??\C:\WINNT\system32\win32k.sys dc 0xA004C773 \??\C:\WINNT\system32\win32k.sys dd 0xA0122DE3 \??\C:\WINNT\system32\win32k.sys de 0xA011EE9F \??\C:\WINNT\system32\win32k.sys df 0xA00519CF \??\C:\WINNT\system32\win32k.sys e0 0xA003E90B \??\C:\WINNT\system32\win32k.sys e1 0xA0091951 \??\C:\WINNT\system32\win32k.sys e2 0xA0077D2A \??\C:\WINNT\system32\win32k.sys e3 0xA008AAF1 \??\C:\WINNT\system32\win32k.sys e4 0xA011D77C \??\C:\WINNT\system32\win32k.sys e5 0xA0115B0C \??\C:\WINNT\system32\win32k.sys e6 0xA011E419 \??\C:\WINNT\system32\win32k.sys e7 0xA003FB5B \??\C:\WINNT\system32\win32k.sys e8 0xA011E538 \??\C:\WINNT\system32\win32k.sys e9 0xA011F08F \??\C:\WINNT\system32\win32k.sys ea 0xA0109A34 \??\C:\WINNT\system32\win32k.sys eb 0xA009A062 \??\C:\WINNT\system32\win32k.sys ec 0xA005BFF2 \??\C:\WINNT\system32\win32k.sys ed 0xA004046D \??\C:\WINNT\system32\win32k.sys ee 0xA011EFA7 \??\C:\WINNT\system32\win32k.sys ef 0xA006B1F5 \??\C:\WINNT\system32\win32k.sys f0 0xA011F2F0 \??\C:\WINNT\system32\win32k.sys f1 0xA011F47D \??\C:\WINNT\system32\win32k.sys f2 0xA00996C4 \??\C:\WINNT\system32\win32k.sys f3 0xA0123093 \??\C:\WINNT\system32\win32k.sys f4 0xA0077470 \??\C:\WINNT\system32\win32k.sys f5 0xA00D714E \??\C:\WINNT\system32\win32k.sys f6 0xA0077480 \??\C:\WINNT\system32\win32k.sys f7 0xA00522DA \??\C:\WINNT\system32\win32k.sys f8 0xA011F9AB \??\C:\WINNT\system32\win32k.sys f9 0xA001C93D \??\C:\WINNT\system32\win32k.sys fa 0xA011EE7F \??\C:\WINNT\system32\win32k.sys fb 0xA00517DF \??\C:\WINNT\system32\win32k.sys fc 0xA00774B8 \??\C:\WINNT\system32\win32k.sys fd 0xA011EE8F \??\C:\WINNT\system32\win32k.sys fe 0xA006AC98 \??\C:\WINNT\system32\win32k.sys ff 0xA011FA75 \??\C:\WINNT\system32\win32k.sys 100 0xA007E645 \??\C:\WINNT\system32\win32k.sys 101 0xA004BE05 \??\C:\WINNT\system32\win32k.sys 102 0xA011ED4D \??\C:\WINNT\system32\win32k.sys 103 0xA00508A6 \??\C:\WINNT\system32\win32k.sys 104 0xA01213BE \??\C:\WINNT\system32\win32k.sys 105 0xA00779DD \??\C:\WINNT\system32\win32k.sys 106 0xA0001FDD \??\C:\WINNT\system32\win32k.sys 107 0xA004C93D \??\C:\WINNT\system32\win32k.sys 108 0xA004C982 \??\C:\WINNT\system32\win32k.sys 109 0xA004CF06 \??\C:\WINNT\system32\win32k.sys 10a 0xA0123599 \??\C:\WINNT\system32\win32k.sys 10b 0xA004C474 \??\C:\WINNT\system32\win32k.sys 10c 0xA004C5FD \??\C:\WINNT\system32\win32k.sys 10d 0xA011F99F \??\C:\WINNT\system32\win32k.sys 10e 0xA011F993 \??\C:\WINNT\system32\win32k.sys 10f 0xA007797F \??\C:\WINNT\system32\win32k.sys 110 0xA00806F3 \??\C:\WINNT\system32\win32k.sys 111 0xA01330C1 \??\C:\WINNT\system32\win32k.sys 112 0xA011EF8C \??\C:\WINNT\system32\win32k.sys 113 0xA011EF33 \??\C:\WINNT\system32\win32k.sys 114 0xA01322A9 \??\C:\WINNT\system32\win32k.sys 115 0xA0053FAD \??\C:\WINNT\system32\win32k.sys 116 0xA004CE7D \??\C:\WINNT\system32\win32k.sys 117 0xA004C5AF \??\C:\WINNT\system32\win32k.sys 118 0xA0099A1F \??\C:\WINNT\system32\win32k.sys 119 0xA009BA39 \??\C:\WINNT\system32\win32k.sys 11a 0xA008B08D \??\C:\WINNT\system32\win32k.sys 11b 0xA0094A44 \??\C:\WINNT\system32\win32k.sys 11c 0xA00BEB07 \??\C:\WINNT\system32\win32k.sys 11d 0xA00AA173 \??\C:\WINNT\system32\win32k.sys 11e 0xA0133294 \??\C:\WINNT\system32\win32k.sys 11f 0xA003E999 \??\C:\WINNT\system32\win32k.sys 120 0xA0119E5C \??\C:\WINNT\system32\win32k.sys 121 0xA011FB8A \??\C:\WINNT\system32\win32k.sys 122 0xA011F1C4 \??\C:\WINNT\system32\win32k.sys 123 0xA011EF80 \??\C:\WINNT\system32\win32k.sys 124 0xA012324F \??\C:\WINNT\system32\win32k.sys 125 0xA011D5DF \??\C:\WINNT\system32\win32k.sys 126 0xA005D014 \??\C:\WINNT\system32\win32k.sys 127 0xA007ED1E \??\C:\WINNT\system32\win32k.sys 128 0xA00E3183 \??\C:\WINNT\system32\win32k.sys 129 0xA007E51C \??\C:\WINNT\system32\win32k.sys 12a 0xA0029892 \??\C:\WINNT\system32\win32k.sys 12b 0xA007DB09 \??\C:\WINNT\system32\win32k.sys 12c 0xA00E1971 \??\C:\WINNT\system32\win32k.sys 12d 0xA00E329F \??\C:\WINNT\system32\win32k.sys 12e 0xA003710F \??\C:\WINNT\system32\win32k.sys 12f 0xA0054168 \??\C:\WINNT\system32\win32k.sys 130 0xA00E16C4 \??\C:\WINNT\system32\win32k.sys 131 0xA007E6A1 \??\C:\WINNT\system32\win32k.sys 132 0xA0036980 \??\C:\WINNT\system32\win32k.sys 133 0xA0000CCD \??\C:\WINNT\system32\win32k.sys 134 0xA007988D \??\C:\WINNT\system32\win32k.sys 135 0xA0079D42 \??\C:\WINNT\system32\win32k.sys 136 0xA008AF79 \??\C:\WINNT\system32\win32k.sys 137 0xA004BE5F \??\C:\WINNT\system32\win32k.sys 138 0xA0015D95 \??\C:\WINNT\system32\win32k.sys 139 0xA0015DDD \??\C:\WINNT\system32\win32k.sys 13a 0xA007950D \??\C:\WINNT\system32\win32k.sys 13b 0xA009E0DD \??\C:\WINNT\system32\win32k.sys 13c 0xA00E1B81 \??\C:\WINNT\system32\win32k.sys 13d 0xA005E8F6 \??\C:\WINNT\system32\win32k.sys 13e 0xA00A9B79 \??\C:\WINNT\system32\win32k.sys 13f 0xA007039D \??\C:\WINNT\system32\win32k.sys 140 0xA00E055D \??\C:\WINNT\system32\win32k.sys 141 0xA0067C07 \??\C:\WINNT\system32\win32k.sys 142 0xA005DB2E \??\C:\WINNT\system32\win32k.sys 143 0xA005DB79 \??\C:\WINNT\system32\win32k.sys 144 0xA005B3B9 \??\C:\WINNT\system32\win32k.sys 145 0xA006901A \??\C:\WINNT\system32\win32k.sys 146 0xA0054963 \??\C:\WINNT\system32\win32k.sys 147 0xA003E955 \??\C:\WINNT\system32\win32k.sys 148 0xA0093ECC \??\C:\WINNT\system32\win32k.sys 149 0xA007B156 \??\C:\WINNT\system32\win32k.sys 14a 0xA0005EF5 \??\C:\WINNT\system32\win32k.sys 14b 0xA00E30FE \??\C:\WINNT\system32\win32k.sys 14c 0xA0068068 \??\C:\WINNT\system32\win32k.sys 14d 0xA003300A \??\C:\WINNT\system32\win32k.sys 14e 0xA00054F6 \??\C:\WINNT\system32\win32k.sys 14f 0xA00B22A1 \??\C:\WINNT\system32\win32k.sys 150 0xA005455A \??\C:\WINNT\system32\win32k.sys 151 0xA00B1448 \??\C:\WINNT\system32\win32k.sys 152 0xA006B3C3 \??\C:\WINNT\system32\win32k.sys 153 0xA007DB49 \??\C:\WINNT\system32\win32k.sys 154 0xA007D418 \??\C:\WINNT\system32\win32k.sys 155 0xA00A9D7E \??\C:\WINNT\system32\win32k.sys 156 0xA00349EC \??\C:\WINNT\system32\win32k.sys 157 0xA00E3145 \??\C:\WINNT\system32\win32k.sys 158 0xA008B13B \??\C:\WINNT\system32\win32k.sys 159 0xA0027A44 \??\C:\WINNT\system32\win32k.sys 15a 0xA00E38C9 \??\C:\WINNT\system32\win32k.sys 15b 0xA002A916 \??\C:\WINNT\system32\win32k.sys 15c 0xA00E1809 \??\C:\WINNT\system32\win32k.sys 15d 0xA00DF42C \??\C:\WINNT\system32\win32k.sys 15e 0xA00E0838 \??\C:\WINNT\system32\win32k.sys 15f 0xA00E0911 \??\C:\WINNT\system32\win32k.sys 160 0xA005DE69 \??\C:\WINNT\system32\win32k.sys 161 0xA0077BC7 \??\C:\WINNT\system32\win32k.sys 162 0xA00E1BD7 \??\C:\WINNT\system32\win32k.sys 163 0xA0067ED6 \??\C:\WINNT\system32\win32k.sys 164 0xA0062EB6 \??\C:\WINNT\system32\win32k.sys 165 0xA0093E54 \??\C:\WINNT\system32\win32k.sys 166 0xA006B371 \??\C:\WINNT\system32\win32k.sys 167 0xA00E09DE \??\C:\WINNT\system32\win32k.sys 168 0xA00299C6 \??\C:\WINNT\system32\win32k.sys 169 0xA00A8055 \??\C:\WINNT\system32\win32k.sys 16a 0xA00A96E4 \??\C:\WINNT\system32\win32k.sys 16b 0xA00A6382 \??\C:\WINNT\system32\win32k.sys 16c 0xA00DFB3C \??\C:\WINNT\system32\win32k.sys 16d 0xA006ADC0 \??\C:\WINNT\system32\win32k.sys 16e 0xA007EC89 \??\C:\WINNT\system32\win32k.sys 16f 0xA001E3C9 \??\C:\WINNT\system32\win32k.sys 170 0xA006C0E2 \??\C:\WINNT\system32\win32k.sys 171 0xA00E3BC3 \??\C:\WINNT\system32\win32k.sys 172 0xA00E028E \??\C:\WINNT\system32\win32k.sys 173 0xA00E0211 \??\C:\WINNT\system32\win32k.sys 174 0xA00E3676 \??\C:\WINNT\system32\win32k.sys 175 0xA00795EC \??\C:\WINNT\system32\win32k.sys 176 0xA00898AB \??\C:\WINNT\system32\win32k.sys 177 0xA00E1323 \??\C:\WINNT\system32\win32k.sys 178 0xA00347EE \??\C:\WINNT\system32\win32k.sys 179 0xA0077FD1 \??\C:\WINNT\system32\win32k.sys 17a 0xA0067F8B \??\C:\WINNT\system32\win32k.sys 17b 0xA0089EF2 \??\C:\WINNT\system32\win32k.sys 17c 0xA008B0F0 \??\C:\WINNT\system32\win32k.sys 17d 0xA007AF02 \??\C:\WINNT\system32\win32k.sys 17e 0xA00E0A24 \??\C:\WINNT\system32\win32k.sys 17f 0xA00E05EB \??\C:\WINNT\system32\win32k.sys 180 0xA00DFFAF \??\C:\WINNT\system32\win32k.sys 181 0xA0073A61 \??\C:\WINNT\system32\win32k.sys 182 0xA0064BB7 \??\C:\WINNT\system32\win32k.sys 183 0xA007AE54 \??\C:\WINNT\system32\win32k.sys 184 0xA007ED93 \??\C:\WINNT\system32\win32k.sys 185 0xA00E0089 \??\C:\WINNT\system32\win32k.sys 186 0xA0018D94 \??\C:\WINNT\system32\win32k.sys 187 0xA007EE45 \??\C:\WINNT\system32\win32k.sys 188 0xA008AEF2 \??\C:\WINNT\system32\win32k.sys 189 0xA0028605 \??\C:\WINNT\system32\win32k.sys 18a 0xA00B8F27 \??\C:\WINNT\system32\win32k.sys 18b 0xA00DFE1F \??\C:\WINNT\system32\win32k.sys 18c 0xA009234F \??\C:\WINNT\system32\win32k.sys 18d 0xA0077C92 \??\C:\WINNT\system32\win32k.sys 18e 0xA00E3533 \??\C:\WINNT\system32\win32k.sys 18f 0xA00E33B4 \??\C:\WINNT\system32\win32k.sys 190 0xA00DFBE1 \??\C:\WINNT\system32\win32k.sys 191 0xA006AF30 \??\C:\WINNT\system32\win32k.sys 192 0xA00B0805 \??\C:\WINNT\system32\win32k.sys 193 0xA006CFB9 \??\C:\WINNT\system32\win32k.sys 194 0xA004B5F8 \??\C:\WINNT\system32\win32k.sys 195 0xA0078F7D \??\C:\WINNT\system32\win32k.sys 196 0xA00E005F \??\C:\WINNT\system32\win32k.sys 197 0xA00E03B7 \??\C:\WINNT\system32\win32k.sys 198 0xA00E0729 \??\C:\WINNT\system32\win32k.sys 199 0xA00AFF64 \??\C:\WINNT\system32\win32k.sys 19a 0xA001557C \??\C:\WINNT\system32\win32k.sys 19b 0xA00E0F5A \??\C:\WINNT\system32\win32k.sys 19c 0xA005B042 \??\C:\WINNT\system32\win32k.sys 19d 0xA003E974 \??\C:\WINNT\system32\win32k.sys 19e 0xA00B121A \??\C:\WINNT\system32\win32k.sys 19f 0xA005AD37 \??\C:\WINNT\system32\win32k.sys 1a0 0xA00E015E \??\C:\WINNT\system32\win32k.sys 1a1 0xA003A283 \??\C:\WINNT\system32\win32k.sys 1a2 0xA005AC7E \??\C:\WINNT\system32\win32k.sys 1a3 0xA0028D97 \??\C:\WINNT\system32\win32k.sys 1a4 0xA00DFEE0 \??\C:\WINNT\system32\win32k.sys 1a5 0xA003812E \??\C:\WINNT\system32\win32k.sys 1a6 0xA00401A8 \??\C:\WINNT\system32\win32k.sys 1a7 0xA00795BA \??\C:\WINNT\system32\win32k.sys 1a8 0xA007E0FE \??\C:\WINNT\system32\win32k.sys 1a9 0xA00D6446 \??\C:\WINNT\system32\win32k.sys 1aa 0xA00DF067 \??\C:\WINNT\system32\win32k.sys 1ab 0xA0079439 \??\C:\WINNT\system32\win32k.sys 1ac 0xA004B2C9 \??\C:\WINNT\system32\win32k.sys 1ad 0xA00E198D \??\C:\WINNT\system32\win32k.sys 1ae 0xA000F37B \??\C:\WINNT\system32\win32k.sys 1af 0xA000C517 \??\C:\WINNT\system32\win32k.sys 1b0 0xA00B612C \??\C:\WINNT\system32\win32k.sys 1b1 0xA00B8FB8 \??\C:\WINNT\system32\win32k.sys 1b2 0xA00296AD \??\C:\WINNT\system32\win32k.sys 1b3 0xA006A94B \??\C:\WINNT\system32\win32k.sys 1b4 0xA007AF50 \??\C:\WINNT\system32\win32k.sys 1b5 0xA001966F \??\C:\WINNT\system32\win32k.sys 1b6 0xA00B94A9 \??\C:\WINNT\system32\win32k.sys 1b7 0xA00008F1 \??\C:\WINNT\system32\win32k.sys 1b8 0xA00AA142 \??\C:\WINNT\system32\win32k.sys 1b9 0xA00DF336 \??\C:\WINNT\system32\win32k.sys 1ba 0xA007BF9B \??\C:\WINNT\system32\win32k.sys 1bb 0xA00E1298 \??\C:\WINNT\system32\win32k.sys 1bc 0xA0018B5E \??\C:\WINNT\system32\win32k.sys 1bd 0xA006965B \??\C:\WINNT\system32\win32k.sys 1be 0xA00E0B4A \??\C:\WINNT\system32\win32k.sys 1bf 0xA00E0A90 \??\C:\WINNT\system32\win32k.sys 1c0 0xA007E718 \??\C:\WINNT\system32\win32k.sys 1c1 0xA007D84C \??\C:\WINNT\system32\win32k.sys 1c2 0xA00E386B \??\C:\WINNT\system32\win32k.sys 1c3 0xA005ACFA \??\C:\WINNT\system32\win32k.sys 1c4 0xA00DFDC8 \??\C:\WINNT\system32\win32k.sys 1c5 0xA0067D47 \??\C:\WINNT\system32\win32k.sys 1c6 0xA0053CF8 \??\C:\WINNT\system32\win32k.sys 1c7 0xA000098D \??\C:\WINNT\system32\win32k.sys 1c8 0xA005424A \??\C:\WINNT\system32\win32k.sys 1c9 0xA005D443 \??\C:\WINNT\system32\win32k.sys 1ca 0xA0018AA8 \??\C:\WINNT\system32\win32k.sys 1cb 0xA0015799 \??\C:\WINNT\system32\win32k.sys 1cc 0xA001B951 \??\C:\WINNT\system32\win32k.sys 1cd 0xA005C576 \??\C:\WINNT\system32\win32k.sys 1ce 0xA00E13D3 \??\C:\WINNT\system32\win32k.sys 1cf 0xA00E3224 \??\C:\WINNT\system32\win32k.sys 1d0 0xA00E185C \??\C:\WINNT\system32\win32k.sys 1d1 0xA00E39AA \??\C:\WINNT\system32\win32k.sys 1d2 0xA002C7D3 \??\C:\WINNT\system32\win32k.sys 1d3 0xA00E0258 \??\C:\WINNT\system32\win32k.sys 1d4 0xA00790F1 \??\C:\WINNT\system32\win32k.sys 1d5 0xA0059D3F \??\C:\WINNT\system32\win32k.sys 1d6 0xA0000FE4 \??\C:\WINNT\system32\win32k.sys 1d7 0xA00DFD23 \??\C:\WINNT\system32\win32k.sys 1d8 0xA002B66A \??\C:\WINNT\system32\win32k.sys 1d9 0xA008B00E \??\C:\WINNT\system32\win32k.sys 1da 0xA007A5F8 \??\C:\WINNT\system32\win32k.sys 1db 0xA005D986 \??\C:\WINNT\system32\win32k.sys 1dc 0xA00B6495 \??\C:\WINNT\system32\win32k.sys 1dd 0xA00A9F51 \??\C:\WINNT\system32\win32k.sys 1de 0xA00167EC \??\C:\WINNT\system32\win32k.sys 1df 0xA0067459 \??\C:\WINNT\system32\win32k.sys 1e0 0xA007658B \??\C:\WINNT\system32\win32k.sys 1e1 0xA006B026 \??\C:\WINNT\system32\win32k.sys 1e2 0xA0091E24 \??\C:\WINNT\system32\win32k.sys 1e3 0xA00781AC \??\C:\WINNT\system32\win32k.sys 1e4 0xA001B8F0 \??\C:\WINNT\system32\win32k.sys 1e5 0xA00E3610 \??\C:\WINNT\system32\win32k.sys 1e6 0xA007875B \??\C:\WINNT\system32\win32k.sys 1e7 0xA0070CBD \??\C:\WINNT\system32\win32k.sys 1e8 0xA00E0B8F \??\C:\WINNT\system32\win32k.sys 1e9 0xA0069092 \??\C:\WINNT\system32\win32k.sys 1ea 0xA005487C \??\C:\WINNT\system32\win32k.sys 1eb 0xA005CFCF \??\C:\WINNT\system32\win32k.sys 1ec 0xA0028AAB \??\C:\WINNT\system32\win32k.sys 1ed 0xA00E115D \??\C:\WINNT\system32\win32k.sys 1ee 0xA0092078 \??\C:\WINNT\system32\win32k.sys 1ef 0xA00E079A \??\C:\WINNT\system32\win32k.sys 1f0 0xA00796A1 \??\C:\WINNT\system32\win32k.sys 1f1 0xA00B93A5 \??\C:\WINNT\system32\win32k.sys 1f2 0xA00E3482 \??\C:\WINNT\system32\win32k.sys 1f3 0xA00E36F6 \??\C:\WINNT\system32\win32k.sys 1f4 0xA005B621 \??\C:\WINNT\system32\win32k.sys 1f5 0xA005CF92 \??\C:\WINNT\system32\win32k.sys 1f6 0xA00E048C \??\C:\WINNT\system32\win32k.sys 1f7 0xA006CEC0 \??\C:\WINNT\system32\win32k.sys 1f8 0xA0006E5F \??\C:\WINNT\system32\win32k.sys 1f9 0xA00695B7 \??\C:\WINNT\system32\win32k.sys 1fa 0xA00AA0CC \??\C:\WINNT\system32\win32k.sys 1fb 0xA00AFD5C \??\C:\WINNT\system32\win32k.sys 1fc 0xA00E080E \??\C:\WINNT\system32\win32k.sys 1fd 0xA00DF0A9 \??\C:\WINNT\system32\win32k.sys 1fe 0xA007DE1D \??\C:\WINNT\system32\win32k.sys 1ff 0xA0053CDA \??\C:\WINNT\system32\win32k.sys 200 0xA007A571 \??\C:\WINNT\system32\win32k.sys 201 0xA00E0780 \??\C:\WINNT\system32\win32k.sys 202 0xA0016F12 \??\C:\WINNT\system32\win32k.sys 203 0xA000102F \??\C:\WINNT\system32\win32k.sys 204 0xA00E0BC2 \??\C:\WINNT\system32\win32k.sys 205 0xA00E110D \??\C:\WINNT\system32\win32k.sys 206 0xA006E779 \??\C:\WINNT\system32\win32k.sys 207 0xA00B08AB \??\C:\WINNT\system32\win32k.sys 208 0xA0053C7B \??\C:\WINNT\system32\win32k.sys 209 0xA00E37F1 \??\C:\WINNT\system32\win32k.sys 20a 0xA007EC20 \??\C:\WINNT\system32\win32k.sys 20b 0xA0018C55 \??\C:\WINNT\system32\win32k.sys 20c 0xA0079B77 \??\C:\WINNT\system32\win32k.sys 20d 0xA00382DE \??\C:\WINNT\system32\win32k.sys 20e 0xA004821D \??\C:\WINNT\system32\win32k.sys 20f 0xA002EAB1 \??\C:\WINNT\system32\win32k.sys 210 0xA0094217 \??\C:\WINNT\system32\win32k.sys 211 0xA0000577 \??\C:\WINNT\system32\win32k.sys 212 0xA003B694 \??\C:\WINNT\system32\win32k.sys 213 0xA0004DD8 \??\C:\WINNT\system32\win32k.sys 214 0xA0070C8A \??\C:\WINNT\system32\win32k.sys 215 0xA00DFD4D \??\C:\WINNT\system32\win32k.sys 216 0xA007946B \??\C:\WINNT\system32\win32k.sys 217 0xA006BF1A \??\C:\WINNT\system32\win32k.sys 218 0xA003764A \??\C:\WINNT\system32\win32k.sys 219 0xA005D8E1 \??\C:\WINNT\system32\win32k.sys 21a 0xA00E1420 \??\C:\WINNT\system32\win32k.sys 21b 0xA0000A36 \??\C:\WINNT\system32\win32k.sys 21c 0xA002280F \??\C:\WINNT\system32\win32k.sys 21d 0xA00B6AFA \??\C:\WINNT\system32\win32k.sys 21e 0xA006E7F2 \??\C:\WINNT\system32\win32k.sys 21f 0xA0023155 \??\C:\WINNT\system32\win32k.sys 220 0xA0066D64 \??\C:\WINNT\system32\win32k.sys 221 0xA0061046 \??\C:\WINNT\system32\win32k.sys 222 0xA00E0DF8 \??\C:\WINNT\system32\win32k.sys 223 0xA0080965 \??\C:\WINNT\system32\win32k.sys 224 0xA007B708 \??\C:\WINNT\system32\win32k.sys 225 0xA003B994 \??\C:\WINNT\system32\win32k.sys 226 0xA00DFD9C \??\C:\WINNT\system32\win32k.sys 227 0xA00E17E5 \??\C:\WINNT\system32\win32k.sys 228 0xA000087E \??\C:\WINNT\system32\win32k.sys 229 0xA005E5B8 \??\C:\WINNT\system32\win32k.sys 22a 0xA00E0EFC \??\C:\WINNT\system32\win32k.sys 22b 0xA00E31DE \??\C:\WINNT\system32\win32k.sys 22c 0xA00DFA9D \??\C:\WINNT\system32\win32k.sys 22d 0xA00A45B1 \??\C:\WINNT\system32\win32k.sys 22e 0xA00E3D00 \??\C:\WINNT\system32\win32k.sys 22f 0xA0003609 \??\C:\WINNT\system32\win32k.sys 230 0xA00E1462 \??\C:\WINNT\system32\win32k.sys 231 0xA00E1446 \??\C:\WINNT\system32\win32k.sys 232 0xA0089D91 \??\C:\WINNT\system32\win32k.sys 233 0xA007B9D9 \??\C:\WINNT\system32\win32k.sys 234 0xA0060573 \??\C:\WINNT\system32\win32k.sys 235 0xA00A9747 \??\C:\WINNT\system32\win32k.sys 236 0xA0018B39 \??\C:\WINNT\system32\win32k.sys 237 0xA00DF0A4 \??\C:\WINNT\system32\win32k.sys 238 0xA002CAD8 \??\C:\WINNT\system32\win32k.sys 239 0xA00B6ACA \??\C:\WINNT\system32\win32k.sys 23a 0xA00DEF09 \??\C:\WINNT\system32\win32k.sys 23b 0xA00DEF4F \??\C:\WINNT\system32\win32k.sys 23c 0xA00DEF98 \??\C:\WINNT\system32\win32k.sys 23d 0xA00DEFE8 \??\C:\WINNT\system32\win32k.sys 23e 0xA00DF021 \??\C:\WINNT\system32\win32k.sys 23f 0xA009B9D9 \??\C:\WINNT\system32\win32k.sys 240 0xA00AA3EE \??\C:\WINNT\system32\win32k.sys 241 0xA009B593 \??\C:\WINNT\system32\win32k.sys 242 0xA0135959 \??\C:\WINNT\system32\win32k.sys 243 0xA00436AD \??\C:\WINNT\system32\win32k.sys 244 0xA00457D5 \??\C:\WINNT\system32\win32k.sys 245 0xA013365D \??\C:\WINNT\system32\win32k.sys 246 0xA004100E \??\C:\WINNT\system32\win32k.sys 247 0xA009A713 \??\C:\WINNT\system32\win32k.sys 248 0xA013520E \??\C:\WINNT\system32\win32k.sys 249 0xA00AA49B \??\C:\WINNT\system32\win32k.sys 24a 0xA00AA39B \??\C:\WINNT\system32\win32k.sys 24b 0xA00AB04E \??\C:\WINNT\system32\win32k.sys 24c 0xA00B4691 \??\C:\WINNT\system32\win32k.sys 24d 0xA0133E02 \??\C:\WINNT\system32\win32k.sys 24e 0xA00BE93C \??\C:\WINNT\system32\win32k.sys 24f 0xA00BDF2A \??\C:\WINNT\system32\win32k.sys 250 0xA0134458 \??\C:\WINNT\system32\win32k.sys 251 0xA00BD5E7 \??\C:\WINNT\system32\win32k.sys 252 0xA01346EF \??\C:\WINNT\system32\win32k.sys 253 0xA0134876 \??\C:\WINNT\system32\win32k.sys 254 0xA0134A04 \??\C:\WINNT\system32\win32k.sys 255 0xA0134BFB \??\C:\WINNT\system32\win32k.sys 256 0xA0134E64 \??\C:\WINNT\system32\win32k.sys 257 0xA00AAE3B \??\C:\WINNT\system32\win32k.sys 258 0xA0133A74 \??\C:\WINNT\system32\win32k.sys 259 0xA0135C86 \??\C:\WINNT\system32\win32k.sys 25a 0xA0135D21 \??\C:\WINNT\system32\win32k.sys 25b 0xA0135C4F \??\C:\WINNT\system32\win32k.sys 25c 0xA01353B2 \??\C:\WINNT\system32\win32k.sys 25d 0xA013536E \??\C:\WINNT\system32\win32k.sys 25e 0xA01352EA \??\C:\WINNT\system32\win32k.sys 25f 0xA0135310 \??\C:\WINNT\system32\win32k.sys 260 0xA0135332 \??\C:\WINNT\system32\win32k.sys 261 0xA013534C \??\C:\WINNT\system32\win32k.sys 262 0xA01354C7 \??\C:\WINNT\system32\win32k.sys 263 0xA0135442 \??\C:\WINNT\system32\win32k.sys 264 0xA0135486 \??\C:\WINNT\system32\win32k.sys 265 0xA004C56A \??\C:\WINNT\system32\win32k.sys 266 0xA009AD10 \??\C:\WINNT\system32\win32k.sys 267 0xA009A930 \??\C:\WINNT\system32\win32k.sys 268 0xA00AA83C \??\C:\WINNT\system32\win32k.sys 269 0xA009A9E2 \??\C:\WINNT\system32\win32k.sys 26a 0xA00AA8A7 \??\C:\WINNT\system32\win32k.sys 26b 0xA009A627 \??\C:\WINNT\system32\win32k.sys 26c 0xA0135682 \??\C:\WINNT\system32\win32k.sys 26d 0xA013577D \??\C:\WINNT\system32\win32k.sys 26e 0xA0135B73 \??\C:\WINNT\system32\win32k.sys 26f 0xA01355D6 \??\C:\WINNT\system32\win32k.sys 270 0xA01358C5 \??\C:\WINNT\system32\win32k.sys 271 0xA009A774 \??\C:\WINNT\system32\win32k.sys 272 0xA00AA534 \??\C:\WINNT\system32\win32k.sys 273 0xA009A78A \??\C:\WINNT\system32\win32k.sys 274 0xA01358FE \??\C:\WINNT\system32\win32k.sys 275 0xA004F92E \??\C:\WINNT\system32\win32k.sys 276 0xA004F9DB \??\C:\WINNT\system32\win32k.sys 277 0xA004F9AF \??\C:\WINNT\system32\win32k.sys 278 0xA01359E0 \??\C:\WINNT\system32\win32k.sys 279 0xA0135A87 \??\C:\WINNT\system32\win32k.sys 27a 0xA0135935 \??\C:\WINNT\system32\win32k.sys 27b 0xA0135D60 \??\C:\WINNT\system32\win32k.sys 27c 0xA0135DC3 \??\C:\WINNT\system32\win32k.sys 27d 0xA0135E52 \??\C:\WINNT\system32\win32k.sys 27e 0xA01155D8 \??\C:\WINNT\system32\win32k.sys PspCidTable: 0x8046B360(46b360) 1. TABLE: 0xFCE250A8(14420a8): Table: 0xE1004000 QuotaProcess: ProcessId: 0 HandleCount: 288 CapturedHandleCount: 288 TableLevel: 2 StrictFIFO: No OBJECT: 0xFCE009E0(141d9e0) Type: 6 Thread Object Header: 0xFCE009C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000004 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCE00C60(141dc60) Type: 5 Process Object Header: 0xFCE00C48 GrantedAccess: 0 PointerCount: 43 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: System OBJECT: 0xFCE00280(141d280) Type: 6 Thread Object Header: 0xFCE00268 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000000C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF020(141c020) Type: 6 Thread Object Header: 0xFCDFF008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000010 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFFDA0(141cda0) Type: 6 Thread Object Header: 0xFCDFFD88 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000014 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFFB20(141cb20) Type: 6 Thread Object Header: 0xFCDFFB08 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000018 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF8A0(141c8a0) Type: 6 Thread Object Header: 0xFCDFF888 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000001C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF620(141c620) Type: 6 Thread Object Header: 0xFCDFF608 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000020 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF3A0(141c3a0) Type: 6 Thread Object Header: 0xFCDFF388 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000024 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFE020(141b020) Type: 6 Thread Object Header: 0xFCDFE008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000028 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFEDA0(141bda0) Type: 6 Thread Object Header: 0xFCDFED88 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000002C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFEB20(141bb20) Type: 6 Thread Object Header: 0xFCDFEB08 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000030 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFD1E0(141a1e0) Type: 6 Thread Object Header: 0xFCDFD1C8 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000034 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFC020(1419020) Type: 6 Thread Object Header: 0xFCDFC008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000038 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFCDA0(1419da0) Type: 6 Thread Object Header: 0xFCDFCD88 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000003C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFCB20(1419b20) Type: 6 Thread Object Header: 0xFCDFCB08 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000040 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFC2E0(14192e0) Type: 6 Thread Object Header: 0xFCDFC2C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000044 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDF8020(1415020) Type: 6 Thread Object Header: 0xFCDF8008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000048 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCE13020(1430020) Type: 6 Thread Object Header: 0xFCE13008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000004C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD30BC0(134dbc0) Type: 6 Thread Object Header: 0xFCD30BA8 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000050 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDC8840(13e5840) Type: 6 Thread Object Header: 0xFCDC8828 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000054 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD45020(1362020) Type: 6 Thread Object Header: 0xFCD45008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000058 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD33B20(1350b20) Type: 6 Thread Object Header: 0xFCD33B08 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000005C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC94460(12b1460) Type: 6 Thread Object Header: 0xFCC94448 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000009C.00000060 ThreadsProcess: 0xFCC992C0 OBJECT: 0xFCD619E0(137e9e0) Type: 6 Thread Object Header: 0xFCD619C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000064 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD1D8A0(133a8a0) Type: 6 Thread Object Header: 0xFCD1D888 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000068 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD1D620(133a620) Type: 6 Thread Object Header: 0xFCD1D608 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000006C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD1CDA0(1339da0) Type: 6 Thread Object Header: 0xFCD1CD88 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000070 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD61760(137e760) Type: 6 Thread Object Header: 0xFCD61748 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000074 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD614E0(137e4e0) Type: 6 Thread Object Header: 0xFCD614C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000078 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCCF07E0(130d7e0) Type: 6 Thread Object Header: 0xFCCF07C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000007C ThreadsProcess: 0xFCE00C60 OBJECT: 0x82000000 OBJECT: 0xFCC96020(12b3020) Type: 6 Thread Object Header: 0xFCC96008 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000084 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC96B20(12b3b20) Type: 6 Thread Object Header: 0xFCC96B08 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000088 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC968A0(12b38a0) Type: 6 Thread Object Header: 0xFCC96888 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000008C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC68020(1285020) Type: 6 Thread Object Header: 0xFCC68008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000090 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFCC99680(12b6680) Type: 6 Thread Object Header: 0xFCC99668 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000094 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC94D60(12b1d60) Type: 6 Thread Object Header: 0xFCC94D48 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000009C.00000098 ThreadsProcess: 0xFCC992C0 OBJECT: 0xFCC992C0(12b62c0) Type: 5 Process Object Header: 0xFCC992A8 GrantedAccess: 0 PointerCount: 12 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: smss.exe OBJECT: 0xFCC941C0(12b11c0) Type: 6 Thread Object Header: 0xFCC941A8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000009C.000000A0 ThreadsProcess: 0xFCC992C0 OBJECT: 0xFCC69D80(1286d80) Type: 6 Thread Object Header: 0xFCC69D68 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000009C.000000A4 ThreadsProcess: 0xFCC992C0 OBJECT: 0xFCC69020(1286020) Type: 6 Thread Object Header: 0xFCC69008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000009C.000000A8 ThreadsProcess: 0xFCC992C0 OBJECT: 0xFCC69A40(1286a40) Type: 6 Thread Object Header: 0xFCC69A28 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000009C.000000AC ThreadsProcess: 0xFCC992C0 OBJECT: 0xFCA28D60(1045d60) Type: 5 Process Object Header: 0xFCA28D48 GrantedAccess: 0 PointerCount: 212 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: winlogon.exe OBJECT: 0xFCC69480(1286480) Type: 5 Process Object Header: 0xFCC69468 GrantedAccess: 0 PointerCount: 146 HandleCount: 3 SecurityDescriptor: 0xE1D15998(4252998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x20c79;;;SY) ImageFileName: csrss.exe OBJECT: 0xFCC60AC0(127dac0) Type: 6 Thread Object Header: 0xFCC60AA8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000B8 ThreadsProcess: 0xFCC69480 OBJECT: 0xFCA297A0(10467a0) Type: 6 Thread Object Header: 0xFCA29788 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000BC ThreadsProcess: 0xFCC69480 OBJECT: 0xFCA293C0(10463c0) Type: 6 Thread Object Header: 0xFCA293A8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C0 ThreadsProcess: 0xFCC69480 OBJECT: 0xFCA28020(1045020) Type: 6 Thread Object Header: 0xFCA28008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C4 ThreadsProcess: 0xFCC69480 OBJECT: 0xFCA264E0(10434e0) Type: 6 Thread Object Header: 0xFCA264C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C8 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF29FD20(516dd20) Type: 6 Thread Object Header: 0xFF29FD08 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000CC ThreadsProcess: 0xFCC69480 OBJECT: 0xFF29F5E0(516d5e0) Type: 6 Thread Object Header: 0xFF29F5C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000D0 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF0EB400(6e7a400) Type: 6 Thread Object Header: 0xFF0EB3E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000000D4 ThreadsProcess: 0xFF144020 OBJECT: 0xFF29DCA0(520aca0) Type: 6 Thread Object Header: 0xFF29DC88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000D8 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF29D6C0(520a6c0) Type: 6 Thread Object Header: 0xFF29D6A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000DC ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1E3C00(61cc00) Type: 6 Thread Object Header: 0xFF1E3BE8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000E0 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF29D080(520a080) Type: 5 Process Object Header: 0xFF29D068 GrantedAccess: 0 PointerCount: 294 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xFF29CA20(5273a20) Type: 6 Thread Object Header: 0xFF29CA08 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000E8 ThreadsProcess: 0xFCA28D60 OBJECT: 0x82000000 OBJECT: 0xFF29BA80(529ea80) Type: 5 Process Object Header: 0xFF29BA68 GrantedAccess: 0 PointerCount: 117 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xFF298020(536e020) Type: 6 Thread Object Header: 0xFF298008 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000F4 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF297220(5379220) Type: 6 Thread Object Header: 0xFF297208 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000F8 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF296020(53bd020) Type: 6 Thread Object Header: 0xFF296008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000000FC ThreadsProcess: 0xFF29D080 OBJECT: 0xFF295020(5556020) Type: 6 Thread Object Header: 0xFF295008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000100 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF295BE0(5556be0) Type: 6 Thread Object Header: 0xFF295BC8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000104 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF295780(5556780) Type: 6 Thread Object Header: 0xFF295768 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000108 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF177360(40b4360) Type: 6 Thread Object Header: 0xFF177348 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.0000010C ThreadsProcess: 0xFF27E840 OBJECT: 0xFF2949E0(55679e0) Type: 6 Thread Object Header: 0xFF2949C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000110 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF294500(5567500) Type: 6 Thread Object Header: 0xFF2944E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000114 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF290720(560b720) Type: 6 Thread Object Header: 0xFF290708 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000118 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF0DAD60(414dd60) Type: 5 Process Object Header: 0xFF0DAD48 GrantedAccess: 0 PointerCount: 10 HandleCount: 3 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: dd.exe OBJECT: 0xFF28F720(575b720) Type: 6 Thread Object Header: 0xFF28F708 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000120 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF1D4020(45aa020) Type: 6 Thread Object Header: 0xFF1D4008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.00000124 ThreadsProcess: 0xFF27E840 OBJECT: 0xFF0D94A0(2d8e4a0) Type: 6 Thread Object Header: 0xFF0D9488 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000128 ThreadsProcess: 0xFF144020 OBJECT: 0xFF28EDA0(57a0da0) Type: 6 Thread Object Header: 0xFF28ED88 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.0000012C ThreadsProcess: 0xFF29BA80 OBJECT: 0x82000000 OBJECT: 0xFF17B980(2dc3980) Type: 6 Thread Object Header: 0xFF17B968 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000250.00000134 ThreadsProcess: 0xFF191640 OBJECT: 0xFF1BE020(5dc2020) Type: 6 Thread Object Header: 0xFF1BE008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000138 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF28BD60(579dd60) Type: 6 Thread Object Header: 0xFF28BD48 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000013C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF28D6C0(58b36c0) Type: 6 Thread Object Header: 0xFF28D6A8 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000140 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF144020(306020) Type: 5 Process Object Header: 0xFF144008 GrantedAccess: 0 PointerCount: 100 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: helix.exe OBJECT: 0xFF1FBDA0(d8dda0) Type: 6 Thread Object Header: 0xFF1FBD88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000148 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF28B6E0(579d6e0) Type: 6 Thread Object Header: 0xFF28B6C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000014C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1B7700(6e2700) Type: 6 Thread Object Header: 0xFF1B76E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000150 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1E7020(7e4020) Type: 6 Thread Object Header: 0xFF1E7008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000154 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF289020(58c3020) Type: 6 Thread Object Header: 0xFF289008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000158 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF286DA0(5952da0) Type: 6 Thread Object Header: 0xFF286D88 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000015C ThreadsProcess: 0xFF29D080 OBJECT: 0x82000000 OBJECT: 0xFF1CF020(682020) Type: 6 Thread Object Header: 0xFF1CF008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000164 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF2875A0(590d5a0) Type: 6 Thread Object Header: 0xFF287588 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000168 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF287240(590d240) Type: 6 Thread Object Header: 0xFF287228 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000016C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF286460(5952460) Type: 6 Thread Object Header: 0xFF286448 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000170 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF2861E0(59521e0) Type: 6 Thread Object Header: 0xFF2861C8 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000174 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF282A60(5b8da60) Type: 6 Thread Object Header: 0xFF282A48 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000178 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF281580(5bdd580) Type: 6 Thread Object Header: 0xFF281568 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000017C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF280560(5bfe560) Type: 6 Thread Object Header: 0xFF280548 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000180 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF280D40(5bfed40) Type: 6 Thread Object Header: 0xFF280D28 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000184 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF2446E0(6a776e0) Type: 6 Thread Object Header: 0xFF2446C8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000188 ThreadsProcess: 0xFF244020 OBJECT: 0xFF27F260(5ca7260) Type: 6 Thread Object Header: 0xFF27F248 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000018C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF278580(5d81580) Type: 6 Thread Object Header: 0xFF278568 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.00000190 ThreadsProcess: 0xFF27E840 OBJECT: 0xFF27E540(5bec540) Type: 6 Thread Object Header: 0xFF27E528 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.00000194 ThreadsProcess: 0xFF27E840 OBJECT: 0xFF27E840(5bec840) Type: 5 Process Object Header: 0xFF27E828 GrantedAccess: 0 PointerCount: 110 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF27C9E0(5d6f9e0) Type: 6 Thread Object Header: 0xFF27C9C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.0000019C ThreadsProcess: 0xFF27E840 OBJECT: 0xFF27BCE0(5cf0ce0) Type: 6 Thread Object Header: 0xFF27BCC8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001A0 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF27BA40(5cf0a40) Type: 6 Thread Object Header: 0xFF27BA28 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001A4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF12C020(5abe020) Type: 6 Thread Object Header: 0xFF12C008 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.000001A8 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF275960(5dcd960) Type: 6 Thread Object Header: 0xFF275948 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.000001AC ThreadsProcess: 0xFF27E840 OBJECT: 0xFF278020(5d81020) Type: 6 Thread Object Header: 0xFF278008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001B0 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF2744C0(5dce4c0) Type: 5 Process Object Header: 0xFF2744A8 GrantedAccess: 0 PointerCount: 48 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: spoolsv.exe OBJECT: 0xFF273120(5df1120) Type: 6 Thread Object Header: 0xFF273108 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001B8 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF272980(5f25980) Type: 6 Thread Object Header: 0xFF272968 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001BC ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF193020(206b020) Type: 6 Thread Object Header: 0xFF193008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.000001C0 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF1B9900(76f8900) Type: 6 Thread Object Header: 0xFF1B98E8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001C4 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF272220(5f25220) Type: 6 Thread Object Header: 0xFF272208 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001C8 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF26F6A0(61536a0) Type: 6 Thread Object Header: 0xFF26F688 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.000001CC ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF26F9E0(61539e0) Type: 5 Process Object Header: 0xFF26F9C8 GrantedAccess: 0 PointerCount: 21 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avsynmgr.exe OBJECT: 0xFF26E220(5fbb220) Type: 6 Thread Object Header: 0xFF26E208 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.000001D4 ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF26DD40(5f3ad40) Type: 6 Thread Object Header: 0xFF26DD28 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001D8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF266D00(6020d00) Type: 6 Thread Object Header: 0xFF266CE8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000001DC ThreadsProcess: 0xFF27D020 OBJECT: 0xFF27D020(5c70020) Type: 5 Process Object Header: 0xFF27D008 GrantedAccess: 0 PointerCount: 113 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF170CC0(611ecc0) Type: 6 Thread Object Header: 0xFF170CA8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000250.000001E4 ThreadsProcess: 0xFF191640 OBJECT: 0xFF264020(62d3020) Type: 6 Thread Object Header: 0xFF264008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000001E8 ThreadsProcess: 0xFF27D020 OBJECT: 0x82000000 OBJECT: 0xFF25C200(64a7200) Type: 6 Thread Object Header: 0xFF25C1E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F0 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1F95A0(e905a0) Type: 6 Thread Object Header: 0xFF1F9588 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF25BDA0(65b9da0) Type: 6 Thread Object Header: 0xFF25BD88 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF25B760(65b9760) Type: 6 Thread Object Header: 0xFF25B748 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000001FC ThreadsProcess: 0xFF27D020 OBJECT: 0xFF13F8A0(6ffc8a0) Type: 6 Thread Object Header: 0xFF13F888 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000200 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF24E7C0(66c57c0) Type: 6 Thread Object Header: 0xFF24E7A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.00000204 ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF2513E0(65f23e0) Type: 6 Thread Object Header: 0xFF2513C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000208 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF24D380(6704380) Type: 6 Thread Object Header: 0xFF24D368 GrantedAccess: 0 PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.0000020C ThreadsProcess: 0xFF244020 OBJECT: 0xFF26D9A0(5f3a9a0) Type: 6 Thread Object Header: 0xFF26D988 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.00000210 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF24B020(66ea020) Type: 6 Thread Object Header: 0xFF24B008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000214 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF24A020(6869020) Type: 6 Thread Object Header: 0xFF24A008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000021C.00000218 ThreadsProcess: 0xFF24B300 OBJECT: 0xFF24B300(66ea300) Type: 5 Process Object Header: 0xFF24B2E8 GrantedAccess: 0 PointerCount: 12 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: regsvc.exe OBJECT: 0xFF23AA40(6d9ea40) Type: 6 Thread Object Header: 0xFF23AA28 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000220 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF244DA0(6a77da0) Type: 6 Thread Object Header: 0xFF244D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000021C.00000224 ThreadsProcess: 0xFF24B300 OBJECT: 0xFF244020(6a77020) Type: 5 Process Object Header: 0xFF244008 GrantedAccess: 0 PointerCount: 90 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: MSTask.exe OBJECT: 0xFF0EEC00(5900c00) Type: 6 Thread Object Header: 0xFF0EEBE8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000022C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF23F020(6d42020) Type: 6 Thread Object Header: 0xFF23F008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000230 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF245020(6914020) Type: 6 Thread Object Header: 0xFF245008 GrantedAccess: 0 PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000234 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF23B540(6c75540) Type: 6 Thread Object Header: 0xFF23B528 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000238 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF23A6A0(6d9e6a0) Type: 6 Thread Object Header: 0xFF23A688 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.0000023C ThreadsProcess: 0xFF244020 OBJECT: 0xFF2390C0(6e890c0) Type: 6 Thread Object Header: 0xFF2390A8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000240 ThreadsProcess: 0xFF244020 OBJECT: 0xFF2372C0(6cca2c0) Type: 6 Thread Object Header: 0xFF2372A8 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000244 ThreadsProcess: 0xFF244020 OBJECT: 0xFF23A2A0(6d9e2a0) Type: 6 Thread Object Header: 0xFF23A288 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000248 ThreadsProcess: 0xFF244020 OBJECT: 0xFF114180(21c1180) Type: 6 Thread Object Header: 0xFF114168 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000458.0000024C ThreadsProcess: 0xFF119020 OBJECT: 0xFF191640(2138640) Type: 5 Process Object Header: 0xFF191628 GrantedAccess: 0 PointerCount: 15 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: dfrws2005.exe OBJECT: 0xFF2354A0(6e374a0) Type: 6 Thread Object Header: 0xFF235488 GrantedAccess: 0 PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000254 ThreadsProcess: 0xFF27D020 OBJECT: 0x82000000 OBJECT: 0xFF18B020(2b84020) Type: 6 Thread Object Header: 0xFF18B008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000025C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF231AC0(6f2dac0) Type: 6 Thread Object Header: 0xFF231AA8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000264.00000260 ThreadsProcess: 0xFF231120 OBJECT: 0xFF231120(6f2d120) Type: 5 Process Object Header: 0xFF231108 GrantedAccess: 0 PointerCount: 23 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: VsStat.exe OBJECT: 0xFF22F020(7784020) Type: 6 Thread Object Header: 0xFF22F008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000264.00000268 ThreadsProcess: 0xFF231120 OBJECT: 0xFF132020(72bf020) Type: 6 Thread Object Header: 0xFF132008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003CC.0000026C ThreadsProcess: 0xFF18A6E0 OBJECT: 0xFF22F400(7784400) Type: 6 Thread Object Header: 0xFF22F3E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000274.00000270 ThreadsProcess: 0xFF22F780 OBJECT: 0xFF22F780(7784780) Type: 5 Process Object Header: 0xFF22F768 GrantedAccess: 0 PointerCount: 18 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avconsol.exe OBJECT: 0x82000000 OBJECT: 0xFF248DA0(681bda0) Type: 6 Thread Object Header: 0xFF248D88 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000027C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF248B20(681bb20) Type: 6 Thread Object Header: 0xFF248B08 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000280 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF2488A0(681b8a0) Type: 6 Thread Object Header: 0xFF248888 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000284 ThreadsProcess: 0xFF29BA80 OBJECT: 0x82000000 OBJECT: 0xFF2475A0(679a5a0) Type: 6 Thread Object Header: 0xFF247588 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000028C ThreadsProcess: 0xFF29D080 OBJECT: 0x82000000 OBJECT: 0xFF235DA0(6e37da0) Type: 6 Thread Object Header: 0xFF235D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000294 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF2258E0(9be8e0) Type: 6 Thread Object Header: 0xFF2258C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000298 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF15B020(95f020) Type: 5 Process Object Header: 0xFF15B008 GrantedAccess: 0 PointerCount: 79 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: UMGR32.EXE OBJECT: 0xFF1F5D60(17dd60) Type: 5 Process Object Header: 0xFF1F5D48 GrantedAccess: 0 PointerCount: 47 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: WinMgmt.exe OBJECT: 0x82000000 OBJECT: 0xFF0FB1E0(7cb61e0) Type: 6 Thread Object Header: 0xFF0FB1C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000002A8 ThreadsProcess: 0xFF144020 OBJECT: 0xFF206020(daa020) Type: 6 Thread Object Header: 0xFF206008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000274.000002AC ThreadsProcess: 0xFF22F780 OBJECT: 0xFF205DA0(c91da0) Type: 6 Thread Object Header: 0xFF205D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002B0 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1FE020(381020) Type: 6 Thread Object Header: 0xFF1FE008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002B4 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1EC980(817980) Type: 6 Thread Object Header: 0xFF1EC968 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002B8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1F5AE0(17dae0) Type: 6 Thread Object Header: 0xFF1F5AC8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002A0.000002BC ThreadsProcess: 0xFF1F5D60 OBJECT: 0xFF1DF080(5449080) Type: 6 Thread Object Header: 0xFF1DF068 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002C0 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1DDB60(3d92b60) Type: 6 Thread Object Header: 0xFF1DDB48 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000002C4 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF1EF020(6e9020) Type: 6 Thread Object Header: 0xFF1EF008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002A0.000002C8 ThreadsProcess: 0xFF1F5D60 OBJECT: 0xFF26D020(5f3a020) Type: 6 Thread Object Header: 0xFF26D008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.000002CC ThreadsProcess: 0xFF17D6A0 OBJECT: 0x82000000 OBJECT: 0xFF1EDC60(81c60) Type: 6 Thread Object Header: 0xFF1EDC48 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002D4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF24A580(6869580) Type: 6 Thread Object Header: 0xFF24A568 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002D8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1EA120(294e120) Type: 6 Thread Object Header: 0xFF1EA108 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.000002DC ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF1C98E0(29658e0) Type: 6 Thread Object Header: 0xFF1C98C8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002E0 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF16D020(63f5020) Type: 6 Thread Object Header: 0xFF16D008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.000002E4 ThreadsProcess: 0xFF27E840 OBJECT: 0xFF225020(9be020) Type: 6 Thread Object Header: 0xFF225008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.000002E8 ThreadsProcess: 0xFF172C40 OBJECT: 0xFF1F5020(17d020) Type: 6 Thread Object Header: 0xFF1F5008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000002EC ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1D0020(940020) Type: 6 Thread Object Header: 0xFF1D0008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000002F0 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C38C0(938c0) Type: 6 Thread Object Header: 0xFF1C38A8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002F4 ThreadsProcess: 0xFCA28D60 OBJECT: 0x82000000 OBJECT: 0xFF19B020(5a5020) Type: 6 Thread Object Header: 0xFF19B008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.000002FC ThreadsProcess: 0xFF1BAAE0 OBJECT: 0x82000000 OBJECT: 0x82000000 OBJECT: 0x82000000 OBJECT: 0x82000000 OBJECT: 0xFF0F4DA0(6012da0) Object Header: 0xFF0F4D88 GrantedAccess: 0 PointerCount: 0 HandleCount: 0 OBJECT: 0xFF1B3880(b56880) Type: 6 Thread Object Header: 0xFF1B3868 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000031C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0x82000000 OBJECT: 0xFF17B6C0(2dc36c0) Type: 6 Thread Object Header: 0xFF17B6A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000324 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF0BA640(5a34640) Type: 6 Thread Object Header: 0xFF0BA628 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000328 ThreadsProcess: 0xFF144020 OBJECT: 0xFF191240(2138240) Type: 6 Thread Object Header: 0xFF191228 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000032C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF1BA860(3e35860) Type: 6 Thread Object Header: 0xFF1BA848 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000330 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF1BAAE0(3e35ae0) Type: 5 Process Object Header: 0xFF1BAAC8 GrantedAccess: 0 PointerCount: 118 HandleCount: 5 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Explorer.Exe OBJECT: 0xFF0E7280(225d280) Type: 6 Thread Object Header: 0xFF0E7268 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000338 ThreadsProcess: 0xFF144020 OBJECT: 0xFF1FB5E0(d8d5e0) Type: 6 Thread Object Header: 0xFF1FB5C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.0000033C ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C7560(597560) Type: 6 Thread Object Header: 0xFF1C7548 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000340 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C7DA0(597da0) Type: 6 Thread Object Header: 0xFF1C7D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000344 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C6020(2898020) Type: 6 Thread Object Header: 0xFF1C6008 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000348 ThreadsProcess: 0xFF27D020 OBJECT: 0x82000000 OBJECT: 0xFF1C70A0(5970a0) Type: 6 Thread Object Header: 0xFF1C7088 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000350 ThreadsProcess: 0xFF27D020 OBJECT: 0x82000000 OBJECT: 0xFF198140(19d1140) Type: 6 Thread Object Header: 0xFF198128 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000358 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF18CDA0(2579da0) Type: 6 Thread Object Header: 0xFF18CD88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000035C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF174900(448f900) Type: 6 Thread Object Header: 0xFF1748E8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000430.00000360 ThreadsProcess: 0xFF171B20 OBJECT: 0xFF0E7A00(225da00) Type: 6 Thread Object Header: 0xFF0E79E8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000364 ThreadsProcess: 0xFF144020 OBJECT: 0xFF183020(2df9020) Type: 6 Thread Object Header: 0xFF183008 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000368 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF264D60(62d3d60) Type: 6 Thread Object Header: 0xFF264D48 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000448.0000036C ThreadsProcess: 0xFF16E3C0 OBJECT: 0xFF18C560(2579560) Type: 6 Thread Object Header: 0xFF18C548 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000370 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF189580(2c46580) Type: 6 Thread Object Header: 0xFF189568 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000374 ThreadsProcess: 0xFF177660 OBJECT: 0xFF1C06E0(e6e6e0) Type: 6 Thread Object Header: 0xFF1C06C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000378 ThreadsProcess: 0xFF144020 OBJECT: 0xFF166DA0(582cda0) Type: 6 Thread Object Header: 0xFF166D88 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000037C ThreadsProcess: 0xFF17D6A0 OBJECT: 0x82000000 OBJECT: 0x82000000 OBJECT: 0xFF0F8CE0(22adce0) Type: 6 Thread Object Header: 0xFF0F8CC8 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000388 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF1C1020(7bfc020) Type: 6 Thread Object Header: 0xFF1C1008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000000B0.0000038C ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1577C0(c3e7c0) Type: 6 Thread Object Header: 0xFF1577A8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.00000390 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF28E020(57a0020) Type: 6 Thread Object Header: 0xFF28E008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000434.00000394 ThreadsProcess: 0xFF191C40 OBJECT: 0xFF1C89A0(3e089a0) Type: 6 Thread Object Header: 0xFF1C8988 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.00000398 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF1BB9C0(3c319c0) Type: 6 Thread Object Header: 0xFF1BB9A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.0000039C ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF1BB740(3c31740) Type: 6 Thread Object Header: 0xFF1BB728 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000003A0 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF1B81A0(11c1a0) Type: 6 Thread Object Header: 0xFF1B8188 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000003A4 ThreadsProcess: 0xFF2744C0 OBJECT: 0x82000000 OBJECT: 0xFF1F9AA0(e90aa0) Type: 6 Thread Object Header: 0xFF1F9A88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002A0.000003AC ThreadsProcess: 0xFF1F5D60 OBJECT: 0xFF1B7DA0(6e2da0) Type: 6 Thread Object Header: 0xFF1B7D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000003B0 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF1E8860(5bd860) Type: 6 Thread Object Header: 0xFF1E8848 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000003B4 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF28C020(5795020) Type: 6 Thread Object Header: 0xFF28C008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000003B8 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF18BDA0(2b84da0) Type: 6 Thread Object Header: 0xFF18BD88 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.000003BC ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF18A020(2bf8020) Type: 6 Thread Object Header: 0xFF18A008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C4.000003C0 ThreadsProcess: 0xFF18B400 OBJECT: 0xFF18B400(2b84400) Type: 5 Process Object Header: 0xFF18B3E8 GrantedAccess: 0 PointerCount: 38 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Apoint.exe OBJECT: 0xFF18A460(2bf8460) Type: 6 Thread Object Header: 0xFF18A448 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003CC.000003C8 ThreadsProcess: 0xFF18A6E0 OBJECT: 0xFF18A6E0(2bf86e0) Type: 5 Process Object Header: 0xFF18A6C8 GrantedAccess: 0 PointerCount: 13 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: HKserv.exe OBJECT: 0xFF240020(6ad8020) Type: 6 Thread Object Header: 0xFF240008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000011C.000003D0 ThreadsProcess: 0xFF0DAD60 OBJECT: 0xFF0F78C0(24b58c0) Type: 6 Thread Object Header: 0xFF0F78A8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000003D4 ThreadsProcess: 0xFF144020 OBJECT: 0xFF1885C0(2d155c0) Type: 6 Thread Object Header: 0xFF1885A8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003DC.000003D8 ThreadsProcess: 0xFF189020 OBJECT: 0xFF189020(2c46020) Type: 5 Process Object Header: 0xFF189008 GrantedAccess: 0 PointerCount: 17 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: DragDrop.exe OBJECT: 0xFF192640(206e640) Type: 6 Thread Object Header: 0xFF192628 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.000003E0 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF0C13C0(40723c0) Type: 6 Thread Object Header: 0xFF0C13A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000003E4 ThreadsProcess: 0xFF144020 OBJECT: 0xFF193700(206b700) Type: 6 Thread Object Header: 0xFF1936E8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000003E8 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF182380(2e7e380) Type: 6 Thread Object Header: 0xFF182368 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F0.000003EC ThreadsProcess: 0xFF182A20 OBJECT: 0xFF182A20(2e7ea20) Type: 5 Process Object Header: 0xFF182A08 GrantedAccess: 0 PointerCount: 10 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: alogserv.exe OBJECT: 0xFF17D6A0(30826a0) Type: 5 Process Object Header: 0xFF17D688 GrantedAccess: 0 PointerCount: 95 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: tgcmd.exe OBJECT: 0xFF1B65C0(54255c0) Type: 6 Thread Object Header: 0xFF1B65A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F0.000003F8 ThreadsProcess: 0xFF182A20 OBJECT: 0xFF271C80(5eb0c80) Type: 6 Thread Object Header: 0xFF271C68 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.000003FC ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF159320(1f1320) Type: 6 Thread Object Header: 0xFF159308 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000448.00000400 ThreadsProcess: 0xFF16E3C0 OBJECT: 0xFF18C9A0(25799a0) Type: 6 Thread Object Header: 0xFF18C988 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000404 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0x82000000 OBJECT: 0xFF0C08E0(50d38e0) Type: 6 Thread Object Header: 0xFF0C08C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000040C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF170020(611e020) Type: 6 Thread Object Header: 0xFF170008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000410 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF17B020(2dc3020) Type: 6 Thread Object Header: 0xFF17B008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000414 ThreadsProcess: 0xFF177660 OBJECT: 0xFF177660(40b4660) Type: 5 Process Object Header: 0xFF177648 GrantedAccess: 0 PointerCount: 54 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: PcfMgr.exe OBJECT: 0xFF176080(4556080) Type: 6 Thread Object Header: 0xFF176068 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C4.0000041C ThreadsProcess: 0xFF18B400 OBJECT: 0xFF173400(44ce400) Type: 6 Thread Object Header: 0xFF1733E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003CC.00000420 ThreadsProcess: 0xFF18A6E0 OBJECT: 0xFF172860(58cb860) Type: 6 Thread Object Header: 0xFF172848 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000424 ThreadsProcess: 0xFF172C40 OBJECT: 0xFF172C40(58cbc40) Type: 5 Process Object Header: 0xFF172C28 GrantedAccess: 0 PointerCount: 53 HandleCount: 2 SecurityDescriptor: 0xE1ED4B18(7911b18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;0x100201;;;SY) ImageFileName: JogServ2.exe OBJECT: 0xFF1718A0(5a598a0) Type: 6 Thread Object Header: 0xFF171888 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000430.0000042C ThreadsProcess: 0xFF171B20 OBJECT: 0xFF171B20(5a59b20) Type: 5 Process Object Header: 0xFF171B08 GrantedAccess: 0 PointerCount: 12 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Apntex.exe OBJECT: 0xFF191C40(2138c40) Type: 5 Process Object Header: 0xFF191C28 GrantedAccess: 0 PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd.exe OBJECT: 0xFF170860(611e860) Type: 6 Thread Object Header: 0xFF170848 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.00000438 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF0F23A0(71393a0) Type: 6 Thread Object Header: 0xFF0F2388 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000043C ThreadsProcess: 0xFF29D080 OBJECT: 0x82000000 OBJECT: 0xFF0E10E0(40a70e0) Type: 6 Thread Object Header: 0xFF0E10C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000046C.00000444 ThreadsProcess: 0xFF0E4D60 OBJECT: 0xFF16E3C0(625d3c0) Type: 5 Process Object Header: 0xFF16E3A8 GrantedAccess: 0 PointerCount: 62 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: nc.exe OBJECT: 0xFF166940(582c940) Type: 6 Thread Object Header: 0xFF166928 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000044C ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF166560(582c560) Type: 6 Thread Object Header: 0xFF166548 GrantedAccess: 0 PointerCount: 7 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000450 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF1662E0(582c2e0) Type: 6 Thread Object Header: 0xFF1662C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000454 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF119020(dcc020) Type: 5 Process Object Header: 0xFF119008 GrantedAccess: 0 PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd2k.exe OBJECT: 0xFF1836E0(2df96e0) Type: 6 Thread Object Header: 0xFF1836C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000045C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF15E2E0(7c1b2e0) Type: 6 Thread Object Header: 0xFF15E2C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000460 ThreadsProcess: 0xFF17D6A0 OBJECT: 0x82000000 OBJECT: 0xFF1ECDA0(817da0) Type: 6 Thread Object Header: 0xFF1ECD88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000468 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF0E4D60(6352d60) Type: 5 Process Object Header: 0xFF0E4D48 GrantedAccess: 0 PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd2k.exe OBJECT: 0xFF0E3B40(733ab40) Type: 6 Thread Object Header: 0xFF0E3B28 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000470 ThreadsProcess: 0xFF144020 OBJECT: 0xFF1468C0(2658c0) Type: 6 Thread Object Header: 0xFF1468A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000474 ThreadsProcess: 0xFF172C40 OBJECT: 0xFF145020(1987020) Type: 6 Thread Object Header: 0xFF145008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000478 ThreadsProcess: 0xFF177660 OBJECT: 0x82000000 OBJECT: 0xFF0ED6C0(58bf6c0) Object Header: 0xFF0ED6A8 GrantedAccess: 0 PointerCount: 0 HandleCount: 0 OBJECT: 0x82000000 OBJECT: 0xFF132980(72bf980) Type: 6 Thread Object Header: 0xFF132968 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000488 ThreadsProcess: 0xFF177660 Processes and threads: 288 HandleTableListHead: 0x8046BC20(46bc20) 1. TABLE: 0xFCE256E8(14426e8): Table: 0xE1002000 QuotaProcess: ProcessId: 8 HandleCount: 65 CapturedHandleCount: 65 TableLevel: 2 StrictFIFO: No OBJECT: 0xFCE00C60(141dc60) Type: 5 Process Object Header: 0xFCE00C48 GrantedAccess: 1f0fff PointerCount: 43 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: System OBJECT: 0xFCDFC2E0(14192e0) Type: 6 Thread Object Header: 0xFCDFC2C8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000044 ThreadsProcess: 0xFCE00C60 OBJECT: 0xE10087F0(15d97f0) Type: 18 Key Object Header: 0xE10087D8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 Directory: 0xFCE00850 Name: REGISTRY SecurityDescriptor: (null) Path: REGISTRY\ OBJECT: 0xE129D480(18a4480) Type: 18 Key Object Header: 0xE129D468 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\ OBJECT: 0xE12A15A0(18c45a0) Type: 18 Key Object Header: 0xE12A1588 GrantedAccess: 2001f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\Setup\ OBJECT: 0xE1008180(15d9180) Type: 18 Key Object Header: 0xE1008168 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\CurrentDockInfo\ OBJECT: 0xE1008100(15d9100) Type: 18 Key Object Header: 0xE10080E8 GrantedAccess: 20 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\Current\ OBJECT: 0xE12A13E0(18c43e0) Type: 18 Key Object Header: 0xE12A13C8 GrantedAccess: 2001f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ProductOptions\ OBJECT: 0xFCDF8A10(1415a10) Type: 8 Event Object Header: 0xFCDF89F8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCDFD730 Name: TRKWKS_EVENT SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE12A11C0(18c41c0) Type: 18 Key Object Header: 0xE12A11A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\ OBJECT: 0xE12F0A60(19b3a60) Type: 18 Key Object Header: 0xE12F0A48 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\*PNP0501\1_0_17_0_0_0\LogConf\ OBJECT: 0xFCDC8650(13e5650) Type: 2 Directory Object Header: 0xFCDC8638 GrantedAccess: f000f PointerCount: 3 HandleCount: 1 Directory: 0xFCDFD570 Name: Sbp2 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Sbp2 OBJECT: 0xFCE13020(1430020) Type: 6 Thread Object Header: 0xFCE13008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000004C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD1D8A0(133a8a0) Type: 6 Thread Object Header: 0xFCD1D888 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000068 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDC8840(13e5840) Type: 6 Thread Object Header: 0xFCDC8828 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000054 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDE0690(13fd690) Type: 8 Event Object Header: 0xFCDE0678 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCD87150 Name: VxKernel2VoldEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFCD49370(1366370) Type: 2 Directory Object Header: 0xFCD49358 GrantedAccess: f000f PointerCount: 8 HandleCount: 1 Directory: 0xFCDFD570 Name: Harddisk0 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Harddisk0 OBJECT: 0xE130F500(1a38500) Type: 18 Key Object Header: 0xE130F4E8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\HARDWARE\DEVICEMAP\Scsi\ OBJECT: 0xFCE11690(142e690) Type: 2 Directory Object Header: 0xFCE11678 GrantedAccess: f000f PointerCount: 3 HandleCount: 1 Directory: 0xFCDFD570 Name: WinDfs SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\WinDfs OBJECT: 0xFCD1D620(133a620) Type: 6 Thread Object Header: 0xFCD1D608 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000006C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD33B20(1350b20) Type: 6 Thread Object Header: 0xFCD33B08 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000005C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD1CDA0(1339da0) Type: 6 Thread Object Header: 0xFCD1CD88 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000070 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD65E30(1382e30) Type: 2 Directory Object Header: 0xFCD65E18 GrantedAccess: f000f PointerCount: 6 HandleCount: 1 Directory: 0xFCDFD570 Name: Harddisk1 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Harddisk1 OBJECT: 0xE12E3BC0(197ebc0) Type: 18 Key Object Header: 0xE12E3BA8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\cdrom\ OBJECT: 0xE12DBEC0(1982ec0) Type: 18 Key Object Header: 0xE12DBEA8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\i8042prt\ OBJECT: 0xE12F4140(19c9140) Type: 18 Key Object Header: 0xE12F4128 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mouclass\ OBJECT: 0xE12D7FA0(1954fa0) Type: 18 Key Object Header: 0xE12D7F88 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\kbdclass\ OBJECT: 0xFCC8EEA8(12abea8) Type: 26 File Object Header: 0xFCC8EE90 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\pagefile.sys OBJECT: 0xFCCA5988(12c2988) Type: 26 File Object Header: 0xFCCA5970 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFCCA8708 (12c5708) Unknown1: 0x004F0073 (1) Unknown2: 0x740070 OBJECT: 0xFCCA7548(12c4548) Type: 26 File Object Header: 0xFCCA7530 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFCCA74E8 (12c44e8) Address Object: 0xFCCA7328 (12c4328) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1FA0C8:FF1FB888} OBJECT: 0xFF236650(6b6b650) Type: 2 Directory Object Header: 0xFF236638 GrantedAccess: f000f PointerCount: 6 HandleCount: 1 Directory: 0xFCDFD570 Name: Harddisk2 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Harddisk2 OBJECT: 0xFCCA78E8(12c48e8) Type: 26 File Object Header: 0xFCCA78D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFCCA7788 (12c4788) Address Object: 0xFCCA75C8 (12c45c8) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFCCA5348(12c2348) Type: 26 File Object Header: 0xFCCA5330 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFCCA7808 (12c4808) Unknown1: 0x004F0073 (1) Unknown2: 0x740070 OBJECT: 0xFCCF07E0(130d7e0) Type: 6 Thread Object Header: 0xFCCF07C8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000007C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCCB1C68(12cec68) Type: 26 File Object Header: 0xFCCB1C50 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Gpc OBJECT: 0xFCCA7AC8(12c4ac8) Type: 26 File Object Header: 0xFCCA7AB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFCCA80A8 (12c50a8) Unknown1: 0x00530073 (1) Unknown2: 0x62006d OBJECT: 0xFF249128(667c128) Type: 26 File Object Header: 0xFF249110 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ OBJECT: 0xE1310030(1a39030) Type: 19 Port Object Header: 0xE1310018 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000094 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE12D60A0(194f0a0) Type: 18 Key Object Header: 0xE12D6088 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Parport\ OBJECT: 0xE12D9A00(1958a00) Type: 18 Key Object Header: 0xE12D99E8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Serial\ OBJECT: 0xE1339030(1ab0030) Type: 19 Port Object Header: 0xE1339018 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000094 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE13BC040(2cbd040) Type: 19 Port Object Header: 0xE13BC028 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 1 Directory: 0xFCE00850 Name: SeRmCommandPort SecurityDescriptor: 0xE13040F8(1a1d0f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 00000008.00000004 ClientThread: 0x00000000 ServerProcess: 0xFCE00C60 OBJECT: 0xFCC96330(12b3330) Type: 8 Event Object Header: 0xFCC96318 GrantedAccess: 100003 PointerCount: 5 HandleCount: 2 Directory: 0xFCE00850 Name: LanmanServerAnnounceEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF29BA80(529ea80) Type: 5 Process Object Header: 0xFF29BA68 GrantedAccess: 28 PointerCount: 117 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xFF221028(8cb028) Type: 26 File Object Header: 0xFF221010 GrantedAccess: 120116 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Mup OBJECT: 0xFF221308(8cb308) Type: 26 File Object Header: 0xFF2212F0 GrantedAccess: 20 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: LanmanRedirector OBJECT: 0xE1E60030(5c61030) Type: 4 Token Object Header: 0xE1E60018 GrantedAccess: f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-7 Attributes: Mandatory Default Enabled AuthenticationID: {0,7ba7} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: NtLmSsp {0,0} TokenFlags: 0x1 Token ID: {0,7bab} ParentToken ID: {0,0} Modified ID: {0,7baa} SessionID: 0 TokenInUse: No Groups: 1 S-1-0-0 Attributes: 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-2 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-0-0 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled OBJECT: 0xE13069F0(1a269f0) Type: 17 Section Object Header: 0xE13069D8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1EC33C8(7ce23c8) BasedAddress: 0x00000080 SizeOfSegment: 0x100000 OBJECT: 0xE1EC8F50(a13f50) Type: 19 Port Object Header: 0xE1EC8F38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000028 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF14A508(d0c508) Type: 26 File Object Header: 0xFF14A4F0 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: NTPNP_PCI0008\Wave OBJECT: 0xFF1FB908(d8d908) Type: 26 File Object Header: 0xFF1FB8F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1FC0C8 (d0b0c8) ConnectionHandle: 0x43000042 Connection Object: 0xFF1FB888 (d8d888) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCCA7328 (12c4328) ConnectionId: 0x43 AfdEndpoint: 0xFF1FBAA8 (d8daa8) ProcessId: 0x8 System TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x43000042 Address Object: 0xFCCA7328 (12c4328) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1FA0C8:FF1FB888} OBJECT: 0xFF1FA028(f6f028) Type: 26 File Object Header: 0xFF1FA010 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1FB848 (d8d848) ConnectionHandle: 0x44000043 Connection Object: 0xFF1FB188 (d8d188) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCCA7328 (12c4328) ConnectionId: 0x44 AfdEndpoint: 0xFF1FB308 (d8d308) ProcessId: 0x8 System TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x44000043 Address Object: 0xFCCA7328 (12c4328) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1FA0C8:FF1FB888} OBJECT: 0xFF1FA5E8(f6f5e8) Type: 26 File Object Header: 0xFF1FA5D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1FA588 (f6f588) ConnectionHandle: 0x45000044 Connection Object: 0xFF1FAD88 (f6fd88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCCA7328 (12c4328) ConnectionId: 0x45 AfdEndpoint: 0xFF1FA788 (f6f788) ProcessId: 0x8 System TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x45000044 Address Object: 0xFCCA7328 (12c4328) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1FA0C8:FF1FB888} OBJECT: 0xFF1F9DE8(e90de8) Type: 26 File Object Header: 0xFF1F9DD0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1FA548 (f6f548) ConnectionHandle: 0x46000045 Connection Object: 0xFF1FA0C8 (f6f0c8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCCA7328 (12c4328) ConnectionId: 0x46 AfdEndpoint: 0xFF1F9F88 (e90f88) ProcessId: 0x8 System TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x46000045 Address Object: 0xFCCA7328 (12c4328) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1FA0C8:FF1FB888} OBJECT: 0xFF126F88(250df88) Type: 26 File Object Header: 0xFF126F70 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000007\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFF14D588(caa588) Type: 26 File Object Header: 0xFF14D570 GrantedAccess: 120116 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: NTPNP_PCI0008{146F1A80-4791-11D0-A5D6-28DB04C10000}\暠᪇拎ᇏ횥섄 OBJECT: 0xFF134DA8(3d67da8) Type: 26 File Object Header: 0xFF134D90 GrantedAccess: 120116 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000007{146F1A80-4791-11D0-A5D6-28DB04C10000}\暠᪇拎ᇏ횥섄 OBJECT: 0xFF0F1CE8(749ece8) Type: 26 File Object Header: 0xFF0F1CD0 GrantedAccess: 12019f PointerCount: 5 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000007\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFF1CDE28(1914e28) Type: 26 File Object Header: 0xFF1CDE10 GrantedAccess: 120116 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000007{146F1A80-4791-11D0-A5D6-28DB04C10000}\暠᪇拎ᇏ횥섄 OBJECT: 0xFF158BE8(eb6be8) Type: 26 File Object Header: 0xFF158BD0 GrantedAccess: 120116 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000007{146F1A80-4791-11D0-A5D6-28DB04C10000}\暠᪇拎ᇏ횥섄 OBJECT: 0xFF1C0EE8(e6eee8) Type: 26 File Object Header: 0xFF1C0ED0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1C3B48 (93b48) Unknown1: 0x000001E0 (1) Unknown2: 0x9fc08 Address Object: 0xFF1C0D08 (e6ed08) Local Address: 0x0:304 0.0.0.0:1027 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF1C0C88(e6ec88) Type: 26 File Object Header: 0xFF1C0C70 GrantedAccess: 3 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF1B47C8(34f7c8) Type: 26 File Object Header: 0xFF1B47B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NTPNP_PCI0008\Topology OBJECT: 0xFCD24228(1341228) Type: 26 File Object Header: 0xFCD24210 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\CSC\00000001 OBJECT: 0xE20AC610(703610) Type: 19 Port Object Header: 0xE20AC5F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000028 ClientThread: 0x00000000 ServerProcess: 0x00000000 2. TABLE: 0xFCE25668(1442668): Table: 0xE1003000 QuotaProcess: ProcessId: 0 HandleCount: 62 CapturedHandleCount: 62 TableLevel: 2 StrictFIFO: No OBJECT: 0xFF276CC8(5f89cc8) Type: 26 File Object Header: 0xFF276CB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF276C68 (5f89c68) ConnectionHandle: 0x04000003 Connection Object: 0xFF276C08 (5f89c08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF277668 (5dc0668) ConnectionId: 0x4 AfdEndpoint: 0xFF276D48 (5f89d48) ProcessId: 0x198 svchost.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x04000003 Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} OBJECT: 0xFF276EC8(5f89ec8) Type: 26 File Object Header: 0xFF276EB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF276E68 (5f89e68) ConnectionHandle: 0x03000002 Connection Object: 0xFF276E08 (5f89e08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF277668 (5dc0668) ConnectionId: 0x3 AfdEndpoint: 0xFF276F48 (5f89f48) ProcessId: 0x198 svchost.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x03000002 Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} OBJECT: 0xFF2779E8(5dc09e8) Type: 26 File Object Header: 0xFF2779D0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF277828 (5dc0828) Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} OBJECT: 0xFF2775E8(5dc05e8) Type: 26 File Object Header: 0xFF2775D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF277588 (5dc0588) ConnectionHandle: 0x01000000 Connection Object: 0xFF27F8E8 (5ca78e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF277668 (5dc0668) ConnectionId: 0x1 AfdEndpoint: 0xFF279A88 (5d1fa88) ProcessId: 0x198 svchost.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x01000000 Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} OBJECT: 0xFF276028(5f89028) Type: 26 File Object Header: 0xFF276010 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF277068 (5dc0068) ConnectionHandle: 0x02000001 Connection Object: 0xFF279108 (5d1f108) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF277668 (5dc0668) ConnectionId: 0x2 AfdEndpoint: 0xFF2770A8 (5dc00a8) ProcessId: 0x198 svchost.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x02000001 Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} OBJECT: 0xE13E88A0(3fc78a0) Type: 18 Key Object Header: 0xE13E8888 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Power\ OBJECT: 0xFCC6C8A8(12898a8) Type: 26 File Object Header: 0xFCC6C890 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SAM.LOG OBJECT: 0xFCC6BEA8(1288ea8) Type: 26 File Object Header: 0xFCC6BE90 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SAM OBJECT: 0xFCC6BF48(1288f48) Type: 26 File Object Header: 0xFCC6BF30 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\DEFAULT.LOG OBJECT: 0xFCC6B128(1288128) Type: 26 File Object Header: 0xFCC6B110 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\DEFAULT OBJECT: 0xFCC783A8(12953a8) Type: 26 File Object Header: 0xFCC78390 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SYSTEM.ALT OBJECT: 0xFCC784E8(12954e8) Type: 26 File Object Header: 0xFCC784D0 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SYSTEM OBJECT: 0xFCC786C8(12956c8) Type: 26 File Object Header: 0xFCC786B0 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SOFTWARE.LOG OBJECT: 0xE13A8FE0(2bacfe0) Type: 18 Key Object Header: 0xE13A8FC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_REDBOOK\0000\ OBJECT: 0xFCC787E8(12957e8) Type: 26 File Object Header: 0xFCC787D0 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SOFTWARE OBJECT: 0xE12D6320(194f320) Type: 18 Key Object Header: 0xE12D6308 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CDAUDIO\ OBJECT: 0xE13A6280(2b41280) Type: 18 Key Object Header: 0xE13A6268 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_REDBOOK\ OBJECT: 0xE12D7CC0(1954cc0) Type: 18 Key Object Header: 0xE12D7CA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CDAUDIO\0000\ OBJECT: 0xFCC6C808(1289808) Type: 26 File Object Header: 0xFCC6C7F0 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\hiberfil.sys OBJECT: 0xE13A9FE0(2b93fe0) Type: 18 Key Object Header: 0xE13A9FC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_REDBOOK\0000\Control\ OBJECT: 0xFCC789C8(12959c8) Type: 26 File Object Header: 0xFCC789B0 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SECURITY.LOG OBJECT: 0xE12E7BC0(198dbc0) Type: 18 Key Object Header: 0xE12E7BA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CDAUDIO\0000\Control\ OBJECT: 0xFCC78D28(1295d28) Type: 26 File Object Header: 0xFCC78D10 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SECURITY OBJECT: 0xFF238368(6de0368) Type: 26 File Object Header: 0xFF238350 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF238308 (6de0308) ConnectionHandle: 0x39000038 Connection Object: 0xFF23C9C8 (6ab19c8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2384A8 (6de04a8) ConnectionId: 0x39 AfdEndpoint: 0xFF2383E8 (6de03e8) ProcessId: 0x228 MSTask.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x39000038 Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} OBJECT: 0xFF2386C8(6de06c8) Type: 26 File Object Header: 0xFF2386B0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF238668 (6de0668) Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} OBJECT: 0xFF237EC8(6ccaec8) Type: 26 File Object Header: 0xFF237EB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF237E68 (6ccae68) ConnectionHandle: 0x3C00003B Connection Object: 0xFF237E08 (6ccae08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2384A8 (6de04a8) ConnectionId: 0x3c AfdEndpoint: 0xFF237F48 (6ccaf48) ProcessId: 0x228 MSTask.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x3C00003B Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} OBJECT: 0xFF237CC8(6ccacc8) Type: 26 File Object Header: 0xFF237CB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF237C68 (6ccac68) ConnectionHandle: 0x3D00003C Connection Object: 0xFF237C08 (6ccac08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2384A8 (6de04a8) ConnectionId: 0x3d AfdEndpoint: 0xFF237D48 (6ccad48) ProcessId: 0x228 MSTask.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x3D00003C Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} OBJECT: 0xFF275408(5dcd408) Type: 26 File Object Header: 0xFF2753F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF2753A8 (5dcd3a8) ConnectionHandle: 0x06000005 Connection Object: 0xFF275E88 (5dcde88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF277668 (5dc0668) ConnectionId: 0x6 AfdEndpoint: 0xFF2754C8 (5dcd4c8) ProcessId: 0x198 svchost.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x06000005 Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} OBJECT: 0xFF2381C8(6de01c8) Type: 26 File Object Header: 0xFF2381B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF238168 (6de0168) ConnectionHandle: 0x3A000039 Connection Object: 0xFF23C8E8 (6ab18e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2384A8 (6de04a8) ConnectionId: 0x3a AfdEndpoint: 0xFF238248 (6de0248) ProcessId: 0x228 MSTask.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x3A000039 Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} OBJECT: 0xFF276AC8(5f89ac8) Type: 26 File Object Header: 0xFF276AB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF276A68 (5f89a68) ConnectionHandle: 0x05000004 Connection Object: 0xFF276A08 (5f89a08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF277668 (5dc0668) ConnectionId: 0x5 AfdEndpoint: 0xFF276B48 (5f89b48) ProcessId: 0x198 svchost.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x05000004 Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} OBJECT: 0xFF236F88(6b6bf88) Type: 26 File Object Header: 0xFF236F70 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF2375C8 (6cca5c8) ConnectionHandle: 0x3E00003D Connection Object: 0xFF237948 (6cca948) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2384A8 (6de04a8) ConnectionId: 0x3e AfdEndpoint: 0xFF236008 (6b6b008) ProcessId: 0x228 MSTask.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x3E00003D Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} OBJECT: 0xFF237028(6cca028) Type: 26 File Object Header: 0xFF237010 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF238068 (6de0068) ConnectionHandle: 0x3B00003A Connection Object: 0xFF263888 (60c5888) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2384A8 (6de04a8) ConnectionId: 0x3b AfdEndpoint: 0xFF2380A8 (6de00a8) ProcessId: 0x228 MSTask.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x3B00003A Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} OBJECT: 0xFF1E1448(7e42448) Type: 26 File Object Header: 0xFF1E1430 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1E4388 (7eb388) Unknown2: 0xff1e4988 Address Object: 0xFF1E1268 (7e42268) Local Address: 0x0:204 0.0.0.0:1026 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF2332A8(6c6d2a8) Type: 26 File Object Header: 0xFF233290 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1E0A28 (5183a28) Address Object: 0xFF2330C8 (6c6d0c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF163AC8(836ac8) Type: 26 File Object Header: 0xFF163AB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF163A68 (836a68) ConnectionHandle: 0x4B00004A Connection Object: 0xFF163A08 (836a08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF163E48 (836e48) ConnectionId: 0x4b AfdEndpoint: 0xFF163B48 (836b48) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x4B00004A Address Object: 0xFF163E48 (836e48) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF163608:FF164C28} OBJECT: 0xFF1C6888(2898888) Type: 26 File Object Header: 0xFF1C6870 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\ntuser.dat.LOG OBJECT: 0xFF1591E8(1f11e8) Type: 26 File Object Header: 0xFF1591D0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF140108 (4fae108) Unknown1: 0xF07AB900 (2769900) Unknown2: 0xff140108 Address Object: 0xFF12B128 (5aff128) Local Address: 0x0:904 0.0.0.0:1033 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF164828:FF164828} OBJECT: 0xFF1B8868(11c868) Type: 26 File Object Header: 0xFF1B8850 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\ntuser.dat OBJECT: 0xFF1CA328(6aab328) Type: 26 File Object Header: 0xFF1CA310 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat OBJECT: 0xFF1C5848(7b6c848) Type: 26 File Object Header: 0xFF1C5830 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG OBJECT: 0xFF1638C8(8368c8) Type: 26 File Object Header: 0xFF1638B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF163868 (836868) ConnectionHandle: 0x4C00004B Connection Object: 0xFF163808 (836808) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF163E48 (836e48) ConnectionId: 0x4c AfdEndpoint: 0xFF163948 (836948) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x4C00004B Address Object: 0xFF163E48 (836e48) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF163608:FF164C28} OBJECT: 0xFF1636C8(8366c8) Type: 26 File Object Header: 0xFF1636B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF163668 (836668) ConnectionHandle: 0x4D00004C Connection Object: 0xFF163608 (836608) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF163E48 (836e48) ConnectionId: 0x4d AfdEndpoint: 0xFF163748 (836748) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x4D00004C Address Object: 0xFF163E48 (836e48) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF163608:FF164C28} OBJECT: 0xFF164188(7c27188) Type: 26 File Object Header: 0xFF164170 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF163E08 (836e08) ConnectionHandle: 0x49000048 Connection Object: 0xFF164C28 (7c27c28) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF163E48 (836e48) ConnectionId: 0x49 AfdEndpoint: 0xFF164208 (7c27208) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x49000048 Address Object: 0xFF163E48 (836e48) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF163608:FF164C28} OBJECT: 0xFF163CC8(836cc8) Type: 26 File Object Header: 0xFF163CB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF163C68 (836c68) ConnectionHandle: 0x4A000049 Connection Object: 0xFF163C08 (836c08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF163E48 (836e48) ConnectionId: 0x4a AfdEndpoint: 0xFF163D48 (836d48) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x4A000049 Address Object: 0xFF163E48 (836e48) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF163608:FF164C28} OBJECT: 0xFF164328(7c27328) Type: 26 File Object Header: 0xFF164310 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1642C8 (7c272c8) Unknown1: 0x00740073 (1) Unknown2: 0x610072 Address Object: 0xFF163E48 (836e48) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF163608:FF164C28} OBJECT: 0xFF162028(7b35028) Type: 26 File Object Header: 0xFF162010 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1630A8 (8360a8) Unknown1: 0x0401062B (1) Unknown2: 0x2378201 Address Object: 0xFF162E48 (7b35e48) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF162548:FF1635A8} OBJECT: 0xFF162D08(7b35d08) Type: 26 File Object Header: 0xFF162CF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF163068 (836068) ConnectionHandle: 0x4E00004D Connection Object: 0xFF1635A8 (8365a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF162E48 (7b35e48) ConnectionId: 0x4e AfdEndpoint: 0xFF162D88 (7b35d88) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x4E00004D Address Object: 0xFF162E48 (7b35e48) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF162548:FF1635A8} OBJECT: 0xFF162BA8(7b35ba8) Type: 26 File Object Header: 0xFF162B90 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF162B48 (7b35b48) ConnectionHandle: 0x4F00004E Connection Object: 0xFF1646C8 (7c276c8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF162E48 (7b35e48) ConnectionId: 0x4f AfdEndpoint: 0xFF162C28 (7b35c28) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x4F00004E Address Object: 0xFF162E48 (7b35e48) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF162548:FF1635A8} OBJECT: 0xFF162A08(7b35a08) Type: 26 File Object Header: 0xFF1629F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1629A8 (7b359a8) ConnectionHandle: 0x5000004F Connection Object: 0xFF162948 (7b35948) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF162E48 (7b35e48) ConnectionId: 0x50 AfdEndpoint: 0xFF162A88 (7b35a88) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x5000004F Address Object: 0xFF162E48 (7b35e48) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF162548:FF1635A8} OBJECT: 0xFF162808(7b35808) Type: 26 File Object Header: 0xFF1627F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1627A8 (7b357a8) ConnectionHandle: 0x51000050 Connection Object: 0xFF162748 (7b35748) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF162E48 (7b35e48) ConnectionId: 0x51 AfdEndpoint: 0xFF162888 (7b35888) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x51000050 Address Object: 0xFF162E48 (7b35e48) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF162548:FF1635A8} OBJECT: 0xFF162608(7b35608) Type: 26 File Object Header: 0xFF1625F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1625A8 (7b355a8) ConnectionHandle: 0x52000051 Connection Object: 0xFF162548 (7b35548) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF162E48 (7b35e48) ConnectionId: 0x52 AfdEndpoint: 0xFF162688 (7b35688) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x52000051 Address Object: 0xFF162E48 (7b35e48) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF162548:FF1635A8} OBJECT: 0xFF1D2028(6755028) Type: 26 File Object Header: 0xFF1D2010 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF150948 (c95948) ConnectionHandle: 0x87000055 Connection Object: 0xFF28FD88 (575bd88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF17DE48 (3082e48) ConnectionId: 0x87 AfdEndpoint: 0xFF1861A8 (2daf1a8) ProcessId: 0x29c UMGR32.EXE TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x87000055 Address Object: 0xFF17DE48 (3082e48) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF15A488:FF2518A8} OBJECT: 0xFF169F88(7091f88) Type: 26 File Object Header: 0xFF169F70 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF20B6A8 (ee26a8) ConnectionHandle: 0x58000052 Connection Object: 0xFF164828 (7c27828) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF12B128 (5aff128) ConnectionId: 0x58 AfdEndpoint: 0xFF156A88 (ca1a88) ProcessId: 0xf0 lsass.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x58000052 Address Object: 0xFF12B128 (5aff128) Local Address: 0x0:904 0.0.0.0:1033 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF164828:FF164828} OBJECT: 0xFF158968(eb6968) Type: 26 File Object Header: 0xFF158950 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1271E8 (440c1e8) Unknown1: 0x206C644D (1) Unknown2: 0xff22d288 Address Object: 0xFF17DE48 (3082e48) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF15A488:FF2518A8} OBJECT: 0xFF1FC588(d0b588) Type: 26 File Object Header: 0xFF1FC570 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1D38E8 (6c098e8) ConnectionHandle: 0x86000059 Connection Object: 0xFF2518A8 (65f28a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF17DE48 (3082e48) ConnectionId: 0x86 AfdEndpoint: 0xFF12B648 (5aff648) ProcessId: 0x29c UMGR32.EXE TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x86000059 Address Object: 0xFF17DE48 (3082e48) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF15A488:FF2518A8} OBJECT: 0xFF1587A8(eb67a8) Type: 26 File Object Header: 0xFF158790 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1E7848 (7e4848) Unknown2: 0xff1e7868 Address Object: 0xFF12CCA8 (5abeca8) Local Address: 0x0:1f04 0.0.0.0:1055 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF272D88:FF272D88} OBJECT: 0xFF1CD0A8(19140a8) Type: 26 File Object Header: 0xFF1CD090 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1E7808 (7e4808) ConnectionHandle: 0x84000047 Connection Object: 0xFF272D88 (5f25d88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF12CCA8 (5abeca8) ConnectionId: 0x84 AfdEndpoint: 0xFF22CF48 (7aeff48) ProcessId: 0xf0 lsass.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x84000047 Address Object: 0xFF12CCA8 (5abeca8) Local Address: 0x0:1f04 0.0.0.0:1055 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF272D88:FF272D88} OBJECT: 0xFF1FEF08(381f08) Type: 26 File Object Header: 0xFF1FEEF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF182F88 (2e7ef88) ConnectionHandle: 0x88000053 Connection Object: 0xFF157B68 (c3eb68) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF17DE48 (3082e48) ConnectionId: 0x88 AfdEndpoint: 0xFF12AAC8 (6900ac8) ProcessId: 0x29c UMGR32.EXE TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x88000053 Address Object: 0xFF17DE48 (3082e48) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF15A488:FF2518A8} OBJECT: 0xFF1608E8(70be8e8) Type: 26 File Object Header: 0xFF1608D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF28B4C8 (579d4c8) ConnectionHandle: 0x89000056 Connection Object: 0xFF293CA8 (55dbca8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF17DE48 (3082e48) ConnectionId: 0x89 AfdEndpoint: 0xFF15F008 (7aa0008) ProcessId: 0x29c UMGR32.EXE TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x89000056 Address Object: 0xFF17DE48 (3082e48) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF15A488:FF2518A8} OBJECT: 0xFF17C3A8(2c663a8) Type: 26 File Object Header: 0xFF17C390 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1FE728 (381728) ConnectionHandle: 0xBC000054 Connection Object: 0xFF15A488 (84b488) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF17DE48 (3082e48) ConnectionId: 0xbc AfdEndpoint: 0xFF142008 (5a6f008) ProcessId: 0x29c UMGR32.EXE TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0xBC000054 Address Object: 0xFF17DE48 (3082e48) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF15A488:FF2518A8} OBJECT: 0xFF16B2C8(65d62c8) Type: 26 File Object Header: 0xFF16B2B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16B268 (65d6268) ConnectionHandle: 0xB700005F Connection Object: 0xFF1C4128 (6758128) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16B008 (65d6008) ConnectionId: 0xb7 AfdEndpoint: 0xFCA256E8 (10426e8) ProcessId: 0x448 nc.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0xB700005F Address Object: 0xFF16B008 (65d6008) Local Address: 0x0:b80b 0.0.0.0:3000 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1C4128:FF1C4128} OBJECT: 0xFF127168(440c168) Type: 26 File Object Header: 0xFF127150 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF15BD28 (95fd28) Unknown1: 0x61746F51 (1) Unknown2: 0x1900000 Address Object: 0xFF16B008 (65d6008) Local Address: 0x0:b80b 0.0.0.0:3000 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1C4128:FF1C4128} 3. TABLE: 0xFCC99228(12b6228): Table: 0xE13C1000 QuotaProcess: 0xFCC992C0 ProcessId: 9c HandleCount: 33 CapturedHandleCount: 0 TableLevel: 2 StrictFIFO: No 4. TABLE: 0xFCC6DC48(128ac48): Table: 0xE1D2D000 QuotaProcess: 0xFCC69480 ProcessId: b4 HandleCount: 332 CapturedHandleCount: 332 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12B48D0(19b28d0) Type: 17 Section Object Header: 0xE12B48B8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1317008(1ae0008) BasedAddress: 0x2EB88430 SizeOfSegment: 0x4000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\csrss.exe OBJECT: 0xFCC69320(1286320) Type: 8 Event Object Header: 0xFCC69308 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC692E0(12862e0) Type: 8 Event Object Header: 0xFCC692C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC68FE0(1285fe0) Type: 8 Event Object Header: 0xFCC68FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFCC68F48(1285f48) Type: 26 File Object Header: 0xFCC68F30 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32 OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFCA28D60(1045d60) Type: 5 Process Object Header: 0xFCA28D48 GrantedAccess: 1f0fff PointerCount: 212 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: winlogon.exe OBJECT: 0xE1317B30(1ae0b30) Type: 17 Section Object Header: 0xE1317B18 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1D15528(4252528) BasedAddress: 0x000000C0 SizeOfSegment: 0x100000 OBJECT: 0xFCC68B20(1285b20) Type: 8 Event Object Header: 0xFCC68B08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC68590(1285590) Type: 2 Directory Object Header: 0xFCC68578 GrantedAccess: f000f PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: Restricted SecurityDescriptor: 0xE1D303B8(42cb3b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCLCSWRC;;;RC) FullPath: \BaseNamedObjects\Restricted OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: f000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1f0001 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1D311A0(42ed1a0) Type: 17 Section Object Header: 0xE1D31188 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC67E00 Name: NlsSectionUnicode SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D311E8(42ed1e8) BasedAddress: 0x2EB9BCD0 SizeOfSegment: 0x15df4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\unicode.nls OBJECT: 0xE1D32E40(4275e40) Type: 17 Section Object Header: 0xE1D32E28 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC67E00 Name: NlsSectionLocale SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D32E88(4275e88) BasedAddress: 0x2EBA44D8 SizeOfSegment: 0x2eeec SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\locale.nls OBJECT: 0xE1D32C60(4275c60) Type: 17 Section Object Header: 0xE1D32C48 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC67E00 Name: NlsSectionCType SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1321408(1a71408) BasedAddress: 0x2EBA64D0 SizeOfSegment: 0x1b9e SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\ctype.nls OBJECT: 0xE1D329A0(42759a0) Type: 17 Section Object Header: 0xE1D32988 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC67E00 Name: NlsSectionSortkey SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D329E8(42759e8) BasedAddress: 0x2EBA84C8 SizeOfSegment: 0x40004 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\sortkey.nls OBJECT: 0xE1D33280(42b7280) Type: 17 Section Object Header: 0xE1D33268 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC67E00 Name: NlsSectionSortTbls SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D32BC8(4275bc8) BasedAddress: 0x2EBAA4C0 SizeOfSegment: 0x3580 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\sorttbls.nls OBJECT: 0xFCC67340(1284340) Type: 8 Event Object Header: 0xFCC67328 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC67300(1284300) Type: 8 Event Object Header: 0xFCC672E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC672C0(12842c0) Type: 8 Event Object Header: 0xFCC672A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC67280(1284280) Type: 8 Event Object Header: 0xFCC67268 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1321D60(1a71d60) Type: 18 Key Object Header: 0xE1321D48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Intel\IgfxCfg\Display1\DISPLAY\ OBJECT: 0xE131F740(1a6c740) Type: 18 Key Object Header: 0xE131F728 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Intel\IgfxCfg\Display1\DISPLAY\ OBJECT: 0xE12B4240(19b2240) Type: 18 Key Object Header: 0xE12B4228 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Intel\IgfxCfg\Display1\DISPLAY\ OBJECT: 0xE1D33D70(42b7d70) Type: 19 Port Object Header: 0xE1D33D58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC60AC0(127dac0) Type: 6 Thread Object Header: 0xFCC60AA8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000B8 ThreadsProcess: 0xFCC69480 OBJECT: 0xFCC60A40(127da40) Type: 8 Event Object Header: 0xFCC60A28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC60A00(127da00) Type: 8 Event Object Header: 0xFCC609E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC609C0(127d9c0) Type: 8 Event Object Header: 0xFCC609A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC60980(127d980) Type: 8 Event Object Header: 0xFCC60968 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC60940(127d940) Type: 8 Event Object Header: 0xFCC60928 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DB3E20(4f7ce20) Type: 19 Port Object Header: 0xE1DB3E08 GrantedAccess: 1f0001 PointerCount: 99 HandleCount: 1 Directory: 0xFCCB1690 Name: ApiPort SecurityDescriptor: 0xE1DB2378(4f7b378) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD)(A;;0x1f0001;;;RC) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0xFCC69480 OBJECT: 0xFCC605E0(127d5e0) Type: 8 Event Object Header: 0xFCC605C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D538A0(4f318a0) Type: 18 Key Object Header: 0xE1D53888 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\ OBJECT: 0xE1DB7530(4fc8530) Type: 19 Port Object Header: 0xE1DB7518 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA297A0(10467a0) Type: 6 Thread Object Header: 0xFCA29788 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000BC ThreadsProcess: 0xFCC69480 OBJECT: 0xFCA29760(1046760) Type: 8 Event Object Header: 0xFCA29748 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA293C0(10463c0) Type: 6 Thread Object Header: 0xFCA293A8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C0 ThreadsProcess: 0xFCC69480 OBJECT: 0xE1DB7440(4fc8440) Type: 19 Port Object Header: 0xE1DB7428 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCCB1690 Name: SbApiPort SecurityDescriptor: 0xE13040F8(1a1d0f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0xFCC69480 OBJECT: 0xFCA28020(1045020) Type: 6 Thread Object Header: 0xFCA28008 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C4 ThreadsProcess: 0xFCC69480 OBJECT: 0xE1DB9950(4faa950) Type: 19 Port Object Header: 0xE1DB9938 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68020(1285020) Type: 6 Thread Object Header: 0xFCC68008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000090 ThreadsProcess: 0xFCA28D60 OBJECT: 0xE1DBED30(4ff8d30) Type: 19 Port Object Header: 0xE1DBED18 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA264E0(10434e0) Type: 6 Thread Object Header: 0xFCA264C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C8 ThreadsProcess: 0xFCC69480 OBJECT: 0xFCA261C0(10431c0) Type: 8 Event Object Header: 0xFCA261A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29FFA0(516dfa0) Type: 8 Event Object Header: 0xFF29FF88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29F5A0(516d5a0) Type: 8 Event Object Header: 0xFF29F588 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29EDD0(5209dd0) Type: 8 Event Object Header: 0xFF29EDB8 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 3 Directory: 0xFCC68730 Name: WinSta0_DesktopSwitch SecurityDescriptor: 0xE1DE8458(510b458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100000;;;WD) OBJECT: 0xFF29EAA8(5209aa8) Type: 26 File Object Header: 0xFF29EA90 GrantedAccess: 100001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: 0000001c OBJECT: 0xFF29E028(5209028) Type: 26 File Object Header: 0xFF29E010 GrantedAccess: 100001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: 0000001d OBJECT: 0xFF295780(5556780) Type: 6 Thread Object Header: 0xFF295768 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000108 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF29DCA0(520aca0) Type: 6 Thread Object Header: 0xFF29DC88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000D8 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF29D6C0(520a6c0) Type: 6 Thread Object Header: 0xFF29D6A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000DC ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF29D080(520a080) Type: 5 Process Object Header: 0xFF29D068 GrantedAccess: 1f0fff PointerCount: 294 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xFF1E3C00(61cc00) Type: 6 Thread Object Header: 0xFF1E3BE8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000E0 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF29CA20(5273a20) Type: 6 Thread Object Header: 0xFF29CA08 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000E8 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF29BA80(529ea80) Type: 5 Process Object Header: 0xFF29BA68 GrantedAccess: 1f0fff PointerCount: 117 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xFF282A60(5b8da60) Type: 6 Thread Object Header: 0xFF282A48 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000178 ThreadsProcess: 0xFF29D080 OBJECT: 0xE1DECC90(5150c90) Type: 19 Port Object Header: 0xE1DECC78 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF2990A0(53680a0) Type: 8 Event Object Header: 0xFF299088 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DC7B10(50d2b10) Type: 19 Port Object Header: 0xE1DC7AF8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF297220(5379220) Type: 6 Thread Object Header: 0xFF297208 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000F8 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF296020(53bd020) Type: 6 Thread Object Header: 0xFF296008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000000FC ThreadsProcess: 0xFF29D080 OBJECT: 0xFF295020(5556020) Type: 6 Thread Object Header: 0xFF295008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000100 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF295BE0(5556be0) Type: 6 Thread Object Header: 0xFF295BC8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000104 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF290720(560b720) Type: 6 Thread Object Header: 0xFF290708 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000118 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFF2949E0(55679e0) Type: 6 Thread Object Header: 0xFF2949C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000110 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF294500(5567500) Type: 6 Thread Object Header: 0xFF2944E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000114 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF1B7DA0(6e2da0) Type: 6 Thread Object Header: 0xFF1B7D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000003B0 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF28F720(575b720) Type: 6 Thread Object Header: 0xFF28F708 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000120 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF0E7A00(225da00) Type: 6 Thread Object Header: 0xFF0E79E8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000364 ThreadsProcess: 0xFF144020 OBJECT: 0xE12E41A0(19a31a0) Type: 18 Key Object Header: 0xE12E4188 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\ OBJECT: 0xFF28EDA0(57a0da0) Type: 6 Thread Object Header: 0xFF28ED88 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.0000012C ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF0EB400(6e7a400) Type: 6 Thread Object Header: 0xFF0EB3E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000000D4 ThreadsProcess: 0xFF144020 OBJECT: 0xFF264D60(62d3d60) Type: 6 Thread Object Header: 0xFF264D48 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000448.0000036C ThreadsProcess: 0xFF16E3C0 OBJECT: 0xFF1C7560(597560) Type: 6 Thread Object Header: 0xFF1C7548 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000340 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF28BD60(579dd60) Type: 6 Thread Object Header: 0xFF28BD48 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000013C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF28D6C0(58b36c0) Type: 6 Thread Object Header: 0xFF28D6A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000140 ThreadsProcess: 0xFF29D080 OBJECT: 0xE1EB1BF0(721bf0) Type: 19 Port Object Header: 0xE1EB1BD8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF26D020(5f3a020) Type: 6 Thread Object Header: 0xFF26D008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.000002CC ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF28B6E0(579d6e0) Type: 6 Thread Object Header: 0xFF28B6C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000014C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1C1020(7bfc020) Type: 6 Thread Object Header: 0xFF1C1008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000000B0.0000038C ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1E7020(7e4020) Type: 6 Thread Object Header: 0xFF1E7008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000154 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF289020(58c3020) Type: 6 Thread Object Header: 0xFF289008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000158 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF286DA0(5952da0) Type: 6 Thread Object Header: 0xFF286D88 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000015C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF15B020(95f020) Type: 5 Process Object Header: 0xFF15B008 GrantedAccess: 1f0fff PointerCount: 79 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: UMGR32.EXE OBJECT: 0xFF1CF020(682020) Type: 6 Thread Object Header: 0xFF1CF008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000164 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF2875A0(590d5a0) Type: 6 Thread Object Header: 0xFF287588 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000168 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF287240(590d240) Type: 6 Thread Object Header: 0xFF287228 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000016C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF286460(5952460) Type: 6 Thread Object Header: 0xFF286448 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000170 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF2861E0(59521e0) Type: 6 Thread Object Header: 0xFF2861C8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000174 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF281580(5bdd580) Type: 6 Thread Object Header: 0xFF281568 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000017C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF280560(5bfe560) Type: 6 Thread Object Header: 0xFF280548 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000180 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF280D40(5bfed40) Type: 6 Thread Object Header: 0xFF280D28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000184 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF244020(6a77020) Type: 5 Process Object Header: 0xFF244008 GrantedAccess: 1f0fff PointerCount: 90 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: MSTask.exe OBJECT: 0xFF27F260(5ca7260) Type: 6 Thread Object Header: 0xFF27F248 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000018C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF278580(5d81580) Type: 6 Thread Object Header: 0xFF278568 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.00000190 ThreadsProcess: 0xFF27E840 OBJECT: 0xFF27E840(5bec840) Type: 5 Process Object Header: 0xFF27E828 GrantedAccess: 1f0fff PointerCount: 110 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF27E540(5bec540) Type: 6 Thread Object Header: 0xFF27E528 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.00000194 ThreadsProcess: 0xFF27E840 OBJECT: 0xE1E62C90(5d23c90) Type: 19 Port Object Header: 0xE1E62C78 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF27C9E0(5d6f9e0) Type: 6 Thread Object Header: 0xFF27C9C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.0000019C ThreadsProcess: 0xFF27E840 OBJECT: 0xFF27BCE0(5cf0ce0) Type: 6 Thread Object Header: 0xFF27BCC8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001A0 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF27BA40(5cf0a40) Type: 6 Thread Object Header: 0xFF27BA28 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001A4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF240020(6ad8020) Type: 6 Thread Object Header: 0xFF240008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000011C.000003D0 ThreadsProcess: 0xFF0DAD60 OBJECT: 0xFF275960(5dcd960) Type: 6 Thread Object Header: 0xFF275948 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.000001AC ThreadsProcess: 0xFF27E840 OBJECT: 0xFF2744C0(5dce4c0) Type: 5 Process Object Header: 0xFF2744A8 GrantedAccess: 1f0fff PointerCount: 48 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: spoolsv.exe OBJECT: 0xFF278020(5d81020) Type: 6 Thread Object Header: 0xFF278008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001B0 ThreadsProcess: 0xFF2744C0 OBJECT: 0xE1E68030(5ec3030) Type: 19 Port Object Header: 0xE1E68018 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF273120(5df1120) Type: 6 Thread Object Header: 0xFF273108 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001B8 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF272980(5f25980) Type: 6 Thread Object Header: 0xFF272968 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001BC ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF193020(206b020) Type: 6 Thread Object Header: 0xFF193008 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.000001C0 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF1B9900(76f8900) Type: 6 Thread Object Header: 0xFF1B98E8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001C4 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF272220(5f25220) Type: 6 Thread Object Header: 0xFF272208 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001C8 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF26F9E0(61539e0) Type: 5 Process Object Header: 0xFF26F9C8 GrantedAccess: 1f0fff PointerCount: 21 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avsynmgr.exe OBJECT: 0xFF26F6A0(61536a0) Type: 6 Thread Object Header: 0xFF26F688 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.000001CC ThreadsProcess: 0xFF26F9E0 OBJECT: 0xE1E6C6D0(5f356d0) Type: 19 Port Object Header: 0xE1E6C6B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF26E220(5fbb220) Type: 6 Thread Object Header: 0xFF26E208 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.000001D4 ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF26DD40(5f3ad40) Type: 6 Thread Object Header: 0xFF26DD28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001D8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF27D020(5c70020) Type: 5 Process Object Header: 0xFF27D008 GrantedAccess: 1f0fff PointerCount: 113 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF266D00(6020d00) Type: 6 Thread Object Header: 0xFF266CE8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000001DC ThreadsProcess: 0xFF27D020 OBJECT: 0xE1E70DF0(5f7edf0) Type: 19 Port Object Header: 0xE1E70DD8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF159320(1f1320) Type: 6 Thread Object Header: 0xFF159308 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000448.00000400 ThreadsProcess: 0xFF16E3C0 OBJECT: 0xFF264020(62d3020) Type: 6 Thread Object Header: 0xFF264008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000001E8 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF0E4D60(6352d60) Type: 5 Process Object Header: 0xFF0E4D48 GrantedAccess: 1f0fff PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd2k.exe OBJECT: 0xFF25C200(64a7200) Type: 6 Thread Object Header: 0xFF25C1E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F0 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1F95A0(e905a0) Type: 6 Thread Object Header: 0xFF1F9588 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF25BDA0(65b9da0) Type: 6 Thread Object Header: 0xFF25BD88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF25B760(65b9760) Type: 6 Thread Object Header: 0xFF25B748 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000001FC ThreadsProcess: 0xFF27D020 OBJECT: 0xFF13F8A0(6ffc8a0) Type: 6 Thread Object Header: 0xFF13F888 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000200 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF24E7C0(66c57c0) Type: 6 Thread Object Header: 0xFF24E7A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.00000204 ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF2513E0(65f23e0) Type: 6 Thread Object Header: 0xFF2513C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000208 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF2488A0(681b8a0) Type: 6 Thread Object Header: 0xFF248888 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000284 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF26D9A0(5f3a9a0) Type: 6 Thread Object Header: 0xFF26D988 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.00000210 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF24D380(6704380) Type: 6 Thread Object Header: 0xFF24D368 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.0000020C ThreadsProcess: 0xFF244020 OBJECT: 0xFF24B020(66ea020) Type: 6 Thread Object Header: 0xFF24B008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000214 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF24B300(66ea300) Type: 5 Process Object Header: 0xFF24B2E8 GrantedAccess: 1f0fff PointerCount: 12 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: regsvc.exe OBJECT: 0xFF24A020(6869020) Type: 6 Thread Object Header: 0xFF24A008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000021C.00000218 ThreadsProcess: 0xFF24B300 OBJECT: 0xFF25DC40(639bc40) Type: 8 Event Object Header: 0xFF25DC28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E8AAD0(6a73ad0) Type: 19 Port Object Header: 0xE1E8AAB8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF23AA40(6d9ea40) Type: 6 Thread Object Header: 0xFF23AA28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000220 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF244DA0(6a77da0) Type: 6 Thread Object Header: 0xFF244D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000021C.00000224 ThreadsProcess: 0xFF24B300 OBJECT: 0xFF2446E0(6a776e0) Type: 6 Thread Object Header: 0xFF2446C8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000188 ThreadsProcess: 0xFF244020 OBJECT: 0xE1E97E90(6ac1e90) Type: 19 Port Object Header: 0xE1E97E78 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF23F020(6d42020) Type: 6 Thread Object Header: 0xFF23F008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000230 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF245020(6914020) Type: 6 Thread Object Header: 0xFF245008 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000234 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF23B540(6c75540) Type: 6 Thread Object Header: 0xFF23B528 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000238 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF23A6A0(6d9e6a0) Type: 6 Thread Object Header: 0xFF23A688 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.0000023C ThreadsProcess: 0xFF244020 OBJECT: 0xFF2390C0(6e890c0) Type: 6 Thread Object Header: 0xFF2390A8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000240 ThreadsProcess: 0xFF244020 OBJECT: 0xFF2372C0(6cca2c0) Type: 6 Thread Object Header: 0xFF2372A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000244 ThreadsProcess: 0xFF244020 OBJECT: 0xFF23A2A0(6d9e2a0) Type: 6 Thread Object Header: 0xFF23A288 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000248 ThreadsProcess: 0xFF244020 OBJECT: 0xFF0E7280(225d280) Type: 6 Thread Object Header: 0xFF0E7268 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000338 ThreadsProcess: 0xFF144020 OBJECT: 0xFF2354A0(6e374a0) Type: 6 Thread Object Header: 0xFF235488 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000254 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1FB5E0(d8d5e0) Type: 6 Thread Object Header: 0xFF1FB5C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.0000033C ThreadsProcess: 0xFF27D020 OBJECT: 0xFF191240(2138240) Type: 6 Thread Object Header: 0xFF191228 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000032C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF231120(6f2d120) Type: 5 Process Object Header: 0xFF231108 GrantedAccess: 1f0fff PointerCount: 23 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: VsStat.exe OBJECT: 0xFF231AC0(6f2dac0) Type: 6 Thread Object Header: 0xFF231AA8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000264.00000260 ThreadsProcess: 0xFF231120 OBJECT: 0xE1EB3F50(753af50) Type: 19 Port Object Header: 0xE1EB3F38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF22F020(7784020) Type: 6 Thread Object Header: 0xFF22F008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000264.00000268 ThreadsProcess: 0xFF231120 OBJECT: 0xFF132020(72bf020) Type: 6 Thread Object Header: 0xFF132008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003CC.0000026C ThreadsProcess: 0xFF18A6E0 OBJECT: 0xFF22F780(7784780) Type: 5 Process Object Header: 0xFF22F768 GrantedAccess: 1f0fff PointerCount: 18 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avconsol.exe OBJECT: 0xFF22F400(7784400) Type: 6 Thread Object Header: 0xFF22F3E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000274.00000270 ThreadsProcess: 0xFF22F780 OBJECT: 0xE1EAE6B0(71076b0) Type: 19 Port Object Header: 0xE1EAE698 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF233460(6c6d460) Type: 8 Event Object Header: 0xFF233448 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17B980(2dc3980) Type: 6 Thread Object Header: 0xFF17B968 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000250.00000134 ThreadsProcess: 0xFF191640 OBJECT: 0xFF2475A0(679a5a0) Type: 6 Thread Object Header: 0xFF247588 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000028C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1577C0(c3e7c0) Type: 6 Thread Object Header: 0xFF1577A8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.00000390 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF235DA0(6e37da0) Type: 6 Thread Object Header: 0xFF235D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000294 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF2258E0(9be8e0) Type: 6 Thread Object Header: 0xFF2258C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000298 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF0EEC00(5900c00) Type: 6 Thread Object Header: 0xFF0EEBE8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000022C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xE1E1D550(54c9550) Type: 19 Port Object Header: 0xE1E1D538 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1D0020(940020) Type: 6 Thread Object Header: 0xFF1D0008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000002F0 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF206020(daa020) Type: 6 Thread Object Header: 0xFF206008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000274.000002AC ThreadsProcess: 0xFF22F780 OBJECT: 0xFF205DA0(c91da0) Type: 6 Thread Object Header: 0xFF205D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002B0 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1FE020(381020) Type: 6 Thread Object Header: 0xFF1FE008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002B4 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1DF080(5449080) Type: 6 Thread Object Header: 0xFF1DF068 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002C0 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1F5D60(17dd60) Type: 5 Process Object Header: 0xFF1F5D48 GrantedAccess: 1f0fff PointerCount: 47 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: WinMgmt.exe OBJECT: 0xFF1F5AE0(17dae0) Type: 6 Thread Object Header: 0xFF1F5AC8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002A0.000002BC ThreadsProcess: 0xFF1F5D60 OBJECT: 0xE1E74510(60a4510) Type: 19 Port Object Header: 0xE1E744F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1EF020(6e9020) Type: 6 Thread Object Header: 0xFF1EF008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002A0.000002C8 ThreadsProcess: 0xFF1F5D60 OBJECT: 0xFF1ECDA0(817da0) Type: 6 Thread Object Header: 0xFF1ECD88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000468 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1FBDA0(d8dda0) Type: 6 Thread Object Header: 0xFF1FBD88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000148 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1EDC60(81c60) Type: 6 Thread Object Header: 0xFF1EDC48 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002D4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1EC980(817980) Type: 6 Thread Object Header: 0xFF1EC968 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002B8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF24A580(6869580) Type: 6 Thread Object Header: 0xFF24A568 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002D8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1EA120(294e120) Type: 6 Thread Object Header: 0xFF1EA108 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.000002DC ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF1C98E0(29658e0) Type: 6 Thread Object Header: 0xFF1C98C8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002E0 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF16D020(63f5020) Type: 6 Thread Object Header: 0xFF16D008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.000002E4 ThreadsProcess: 0xFF27E840 OBJECT: 0xFF225020(9be020) Type: 6 Thread Object Header: 0xFF225008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.000002E8 ThreadsProcess: 0xFF172C40 OBJECT: 0xFF1F5020(17d020) Type: 6 Thread Object Header: 0xFF1F5008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000002EC ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C38C0(938c0) Type: 6 Thread Object Header: 0xFF1C38A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002F4 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF0DAD60(414dd60) Type: 5 Process Object Header: 0xFF0DAD48 GrantedAccess: 1f0fff PointerCount: 10 HandleCount: 3 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: dd.exe OBJECT: 0xFF1DDB60(3d92b60) Type: 6 Thread Object Header: 0xFF1DDB48 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000002C4 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF1E8860(5bd860) Type: 6 Thread Object Header: 0xFF1E8848 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000003B4 ThreadsProcess: 0xFCA28D60 OBJECT: 0xE1EB2870(9a4870) Type: 19 Port Object Header: 0xE1EB2858 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1BE020(5dc2020) Type: 6 Thread Object Header: 0xFF1BE008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000138 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF114180(21c1180) Type: 6 Thread Object Header: 0xFF114168 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000458.0000024C ThreadsProcess: 0xFF119020 OBJECT: 0xFF0F23A0(71393a0) Type: 6 Thread Object Header: 0xFF0F2388 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000043C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1BA860(3e35860) Type: 6 Thread Object Header: 0xFF1BA848 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000330 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF170CC0(611ecc0) Type: 6 Thread Object Header: 0xFF170CA8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000250.000001E4 ThreadsProcess: 0xFF191640 OBJECT: 0xFF12BD20(5affd20) Type: 8 Event Object Header: 0xFF12BD08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0C12E0(40722e0) Type: 8 Event Object Header: 0xFF0C12C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BAAE0(3e35ae0) Type: 5 Process Object Header: 0xFF1BAAC8 GrantedAccess: 1f0fff PointerCount: 118 HandleCount: 5 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Explorer.Exe OBJECT: 0xFF1C7DA0(597da0) Type: 6 Thread Object Header: 0xFF1C7D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000344 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C6020(2898020) Type: 6 Thread Object Header: 0xFF1C6008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000348 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1B7700(6e2700) Type: 6 Thread Object Header: 0xFF1B76E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000150 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1C70A0(5970a0) Type: 6 Thread Object Header: 0xFF1C7088 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000350 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF0C13C0(40723c0) Type: 6 Thread Object Header: 0xFF0C13A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000003E4 ThreadsProcess: 0xFF144020 OBJECT: 0xFF198140(19d1140) Type: 6 Thread Object Header: 0xFF198128 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000358 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xE12D70C0(19540c0) Type: 18 Key Object Header: 0xE12D70A8 GrantedAccess: 20006 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\Control Panel\International\ OBJECT: 0xFF12A9E0(69009e0) Type: 8 Event Object Header: 0xFF12A9C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF177360(40b4360) Type: 6 Thread Object Header: 0xFF177348 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.0000010C ThreadsProcess: 0xFF27E840 OBJECT: 0xFF134BE0(3d67be0) Type: 8 Event Object Header: 0xFF134BC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF133D40(2b40d40) Type: 8 Event Object Header: 0xFF133D28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xE12DDF60(1966f60) Type: 18 Key Object Header: 0xE12DDF48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\Control Panel\International\ OBJECT: 0xFF0FB1E0(7cb61e0) Type: 6 Thread Object Header: 0xFF0FB1C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000002A8 ThreadsProcess: 0xFF144020 OBJECT: 0xFF166DA0(582cda0) Type: 6 Thread Object Header: 0xFF166D88 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000037C ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF16E3C0(625d3c0) Type: 5 Process Object Header: 0xFF16E3A8 GrantedAccess: 1f0fff PointerCount: 62 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: nc.exe OBJECT: 0xFF12A800(6900800) Type: 8 Event Object Header: 0xFF12A7E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28E020(57a0020) Type: 6 Thread Object Header: 0xFF28E008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000434.00000394 ThreadsProcess: 0xFF191C40 OBJECT: 0xFF28C020(5795020) Type: 6 Thread Object Header: 0xFF28C008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000003B8 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF1C89A0(3e089a0) Type: 6 Thread Object Header: 0xFF1C8988 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.00000398 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF1BB9C0(3c319c0) Type: 6 Thread Object Header: 0xFF1BB9A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.0000039C ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF1BB740(3c31740) Type: 6 Thread Object Header: 0xFF1BB728 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000003A0 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF1B81A0(11c1a0) Type: 6 Thread Object Header: 0xFF1B8188 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000003A4 ThreadsProcess: 0xFF2744C0 OBJECT: 0xE1EE57D0(8627d0) Type: 19 Port Object Header: 0xE1EE57B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF0BA640(5a34640) Type: 6 Thread Object Header: 0xFF0BA628 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000328 ThreadsProcess: 0xFF144020 OBJECT: 0xFF1F9AA0(e90aa0) Type: 6 Thread Object Header: 0xFF1F9A88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002A0.000003AC ThreadsProcess: 0xFF1F5D60 OBJECT: 0xFF1B3880(b56880) Type: 6 Thread Object Header: 0xFF1B3868 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000031C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xE1E28240(53f2240) Type: 18 Key Object Header: 0xE1E28228 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\ OBJECT: 0xFF19B020(5a5020) Type: 6 Thread Object Header: 0xFF19B008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.000002FC ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF1D3440(6c09440) Type: 8 Event Object Header: 0xFF1D3428 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1FB4830(4fa2830) Type: 19 Port Object Header: 0xE1FB4818 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF191C40(2138c40) Type: 5 Process Object Header: 0xFF191C28 GrantedAccess: 1f0fff PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd.exe OBJECT: 0xFF18CDA0(2579da0) Type: 6 Thread Object Header: 0xFF18CD88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000035C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF17D6A0(30826a0) Type: 5 Process Object Header: 0xFF17D688 GrantedAccess: 1f0fff PointerCount: 95 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: tgcmd.exe OBJECT: 0xFF183020(2df9020) Type: 6 Thread Object Header: 0xFF183008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000368 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xE1EE14D0(713e4d0) Type: 19 Port Object Header: 0xE1EE14B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF18C560(2579560) Type: 6 Thread Object Header: 0xFF18C548 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000370 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xE1307220(1a2e220) Type: 18 Key Object Header: 0xE1307208 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\ OBJECT: 0xFF18B020(2b84020) Type: 6 Thread Object Header: 0xFF18B008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000025C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF18BDA0(2b84da0) Type: 6 Thread Object Header: 0xFF18BD88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.000003BC ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF18B400(2b84400) Type: 5 Process Object Header: 0xFF18B3E8 GrantedAccess: 1f0fff PointerCount: 38 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Apoint.exe OBJECT: 0xFF18A020(2bf8020) Type: 6 Thread Object Header: 0xFF18A008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C4.000003C0 ThreadsProcess: 0xFF18B400 OBJECT: 0xFF18A6E0(2bf86e0) Type: 5 Process Object Header: 0xFF18A6C8 GrantedAccess: 1f0fff PointerCount: 13 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: HKserv.exe OBJECT: 0xFF18A460(2bf8460) Type: 6 Thread Object Header: 0xFF18A448 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003CC.000003C8 ThreadsProcess: 0xFF18A6E0 OBJECT: 0xFF1D3480(6c09480) Type: 8 Event Object Header: 0xFF1D3468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D3500(6c09500) Type: 8 Event Object Header: 0xFF1D34E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF189020(2c46020) Type: 5 Process Object Header: 0xFF189008 GrantedAccess: 1f0fff PointerCount: 17 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: DragDrop.exe OBJECT: 0xFF1885C0(2d155c0) Type: 6 Thread Object Header: 0xFF1885A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003DC.000003D8 ThreadsProcess: 0xFF189020 OBJECT: 0xE1EF65B0(cd35b0) Type: 19 Port Object Header: 0xE1EF6598 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE21154D0(53de4d0) Type: 19 Port Object Header: 0xE21154B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1CD3E0(19143e0) Type: 8 Event Object Header: 0xFF1CD3C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF193700(206b700) Type: 6 Thread Object Header: 0xFF1936E8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000003E8 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF182A20(2e7ea20) Type: 5 Process Object Header: 0xFF182A08 GrantedAccess: 1f0fff PointerCount: 10 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: alogserv.exe OBJECT: 0xFF182380(2e7e380) Type: 6 Thread Object Header: 0xFF182368 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F0.000003EC ThreadsProcess: 0xFF182A20 OBJECT: 0xE135FF10(22a1f10) Type: 19 Port Object Header: 0xE135FEF8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1364F50(231ef50) Type: 19 Port Object Header: 0xE1364F38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1B65C0(54255c0) Type: 6 Thread Object Header: 0xFF1B65A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F0.000003F8 ThreadsProcess: 0xFF182A20 OBJECT: 0xFF0E10E0(40a70e0) Type: 6 Thread Object Header: 0xFF0E10C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000046C.00000444 ThreadsProcess: 0xFF0E4D60 OBJECT: 0xFF1C06E0(e6e6e0) Type: 6 Thread Object Header: 0xFF1C06C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000378 ThreadsProcess: 0xFF144020 OBJECT: 0xFF17B6C0(2dc36c0) Type: 6 Thread Object Header: 0xFF17B6A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000324 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF144020(306020) Type: 5 Process Object Header: 0xFF144008 GrantedAccess: 1f0fff PointerCount: 100 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: helix.exe OBJECT: 0xFF0C08E0(50d38e0) Type: 6 Thread Object Header: 0xFF0C08C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000040C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1D34C0(6c094c0) Type: 8 Event Object Header: 0xFF1D34A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xE1F429D0(40e19d0) Type: 19 Port Object Header: 0xE1F429B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF18C9A0(25799a0) Type: 6 Thread Object Header: 0xFF18C988 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000404 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF0E3B40(733ab40) Type: 6 Thread Object Header: 0xFF0E3B28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000470 ThreadsProcess: 0xFF144020 OBJECT: 0xE1FAF930(4491930) Type: 19 Port Object Header: 0xE1FAF918 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF177660(40b4660) Type: 5 Process Object Header: 0xFF177648 GrantedAccess: 1f0fff PointerCount: 54 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: PcfMgr.exe OBJECT: 0xFF17B020(2dc3020) Type: 6 Thread Object Header: 0xFF17B008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000414 ThreadsProcess: 0xFF177660 OBJECT: 0xFF176080(4556080) Type: 6 Thread Object Header: 0xFF176068 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C4.0000041C ThreadsProcess: 0xFF18B400 OBJECT: 0xFF170020(611e020) Type: 6 Thread Object Header: 0xFF170008 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000410 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF174900(448f900) Type: 6 Thread Object Header: 0xFF1748E8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000430.00000360 ThreadsProcess: 0xFF171B20 OBJECT: 0xFF173400(44ce400) Type: 6 Thread Object Header: 0xFF1733E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003CC.00000420 ThreadsProcess: 0xFF18A6E0 OBJECT: 0xFF172C40(58cbc40) Type: 5 Process Object Header: 0xFF172C28 GrantedAccess: 1f0fff PointerCount: 53 HandleCount: 2 SecurityDescriptor: 0xE1ED4B18(7911b18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;0x100201;;;SY) ImageFileName: JogServ2.exe OBJECT: 0xFF172860(58cb860) Type: 6 Thread Object Header: 0xFF172848 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000424 ThreadsProcess: 0xFF172C40 OBJECT: 0xE1FE1990(567a990) Type: 19 Port Object Header: 0xE1FE1978 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF171B20(5a59b20) Type: 5 Process Object Header: 0xFF171B08 GrantedAccess: 1f0fff PointerCount: 12 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Apntex.exe OBJECT: 0xFF1718A0(5a598a0) Type: 6 Thread Object Header: 0xFF171888 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000430.0000042C ThreadsProcess: 0xFF171B20 OBJECT: 0xFF0F78C0(24b58c0) Type: 6 Thread Object Header: 0xFF0F78A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000003D4 ThreadsProcess: 0xFF144020 OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFF170C40(611ec40) Type: 8 Event Object Header: 0xFF170C28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF170B68(611eb68) Type: 26 File Object Header: 0xFF170B50 GrantedAccess: 120089 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\ega.cpi OBJECT: 0xFF18AAA0(2bf8aa0) Type: 8 Event Object Header: 0xFF18AA88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1718A0(5a598a0) Type: 6 Thread Object Header: 0xFF171888 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000430.0000042C ThreadsProcess: 0xFF171B20 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFF170860(611e860) Type: 6 Thread Object Header: 0xFF170848 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.00000438 ThreadsProcess: 0xFCC69480 OBJECT: 0xFF1707E0(611e7e0) Type: 8 Event Object Header: 0xFF1707C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D3680(6c09680) Type: 8 Event Object Header: 0xFF1D3668 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298ED8(536eed8) Type: 16 Desktop Object Header: 0xFF298EC0 GrantedAccess: f00cf PointerCount: 344 HandleCount: 10 Directory: 0x00000000 Name: Default OBJECT: 0xFF12C020(5abe020) Type: 6 Thread Object Header: 0xFF12C008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.000001A8 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF0D94A0(2d8e4a0) Type: 6 Thread Object Header: 0xFF0D9488 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000128 ThreadsProcess: 0xFF144020 OBJECT: 0xE1F844D0(26834d0) Type: 19 Port Object Header: 0xE1F844B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF189580(2c46580) Type: 6 Thread Object Header: 0xFF189568 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000374 ThreadsProcess: 0xFF177660 OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFF0E10E0(40a70e0) Type: 6 Thread Object Header: 0xFF0E10C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000046C.00000444 ThreadsProcess: 0xFF0E4D60 OBJECT: 0xFF0C37E0(52bc7e0) Type: 8 Event Object Header: 0xFF0C37C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF166940(582c940) Type: 6 Thread Object Header: 0xFF166928 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000044C ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF166560(582c560) Type: 6 Thread Object Header: 0xFF166548 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000450 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF1662E0(582c2e0) Type: 6 Thread Object Header: 0xFF1662C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000454 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF14F740(ec2740) Type: 8 Event Object Header: 0xFF14F728 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1836E0(2df96e0) Type: 6 Thread Object Header: 0xFF1836C8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000045C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF15E2E0(7c1b2e0) Type: 6 Thread Object Header: 0xFF15E2C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000460 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF191640(2138640) Type: 5 Process Object Header: 0xFF191628 GrantedAccess: 1f0fff PointerCount: 15 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: dfrws2005.exe OBJECT: 0xFF28E020(57a0020) Type: 6 Thread Object Header: 0xFF28E008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000434.00000394 ThreadsProcess: 0xFF191C40 OBJECT: 0xFF0C3860(52bc860) Type: 8 Event Object Header: 0xFF0C3848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0D6620(3236620) Type: 8 Event Object Header: 0xFF0D6608 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF1468C0(2658c0) Type: 6 Thread Object Header: 0xFF1468A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000474 ThreadsProcess: 0xFF172C40 OBJECT: 0xFF145020(1987020) Type: 6 Thread Object Header: 0xFF145008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000478 ThreadsProcess: 0xFF177660 OBJECT: 0xFF1D4020(45aa020) Type: 6 Thread Object Header: 0xFF1D4008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.00000124 ThreadsProcess: 0xFF27E840 OBJECT: 0xFF119020(dcc020) Type: 5 Process Object Header: 0xFF119008 GrantedAccess: 1f0fff PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd2k.exe OBJECT: 0xE1E3C410(240e410) Type: 19 Port Object Header: 0xE1E3C3F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF132980(72bf980) Type: 6 Thread Object Header: 0xFF132968 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000488 ThreadsProcess: 0xFF177660 OBJECT: 0xE2101F50(208cf50) Type: 19 Port Object Header: 0xE2101F38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFF114180(21c1180) Type: 6 Thread Object Header: 0xFF114168 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000458.0000024C ThreadsProcess: 0xFF119020 OBJECT: 0xFF0CCC00(4680c00) Type: 8 Event Object Header: 0xFF0CCBE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF199480(8be480) Type: 8 Event Object Header: 0xFF199468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF10A900(462c900) Type: 8 Event Object Header: 0xFF10A8E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 3 SecurityDescriptor: (null) OBJECT: 0xFF0E21A0(4fd31a0) Type: 8 Event Object Header: 0xFF0E2188 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF161860(916860) Type: 8 Event Object Header: 0xFF161848 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0ED6C0(58bf6c0) Object Header: 0xFF0ED6A8 GrantedAccess: 1f03ff PointerCount: 0 HandleCount: 0 OBJECT: 0xE2121ED0(5507ed0) Type: 19 Port Object Header: 0xE2121EB8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF0F4DA0(6012da0) Object Header: 0xFF0F4D88 GrantedAccess: 1f03ff PointerCount: 0 HandleCount: 0 5. TABLE: 0xFCC68BC8(1285bc8): Table: 0xE1DBB000 QuotaProcess: 0xFCA28D60 ProcessId: b0 HandleCount: 352 CapturedHandleCount: 352 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12F7E50(19e9e50) Type: 17 Section Object Header: 0xE12F7E38 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1DBAEC8(4fb1ec8) BasedAddress: 0x2E8C3430 SizeOfSegment: 0x2d000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\winlogon.exe OBJECT: 0xFCC95B40(12b2b40) Type: 8 Event Object Header: 0xFCC95B28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC95B00(12b2b00) Type: 8 Event Object Header: 0xFCC95AE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC95AC0(12b2ac0) Type: 8 Event Object Header: 0xFCC95AA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF1C0460(e6e460) Type: 8 Event Object Header: 0xFF1C0448 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFCA26780(1043780) Type: 8 Event Object Header: 0xFCA26768 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DBD3D0(4fd73d0) Type: 19 Port Object Header: 0xE1DBD3B8 GrantedAccess: 1f0001 PointerCount: 17 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B0.00000090 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFCA26240(1043240) Type: 8 Event Object Header: 0xFCA26228 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DBD2E0(4fd72e0) Type: 18 Key Object Header: 0xE1DBD2C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFCA260E0(10430e0) Type: 8 Event Object Header: 0xFCA260C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFCA25FF0(1042ff0) Type: 8 Event Object Header: 0xFCA25FD8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC68730 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFCA258C0(10428c0) Type: 8 Event Object Header: 0xFCA258A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25820(1042820) Type: 8 Event Object Header: 0xFCA25808 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E750(5209750) Type: 8 Event Object Header: 0xFF29E738 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCDFD730 Name: NetworkProviderLoad SecurityDescriptor: 0xE132AD18(1a97d18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;BA) OBJECT: 0xFF29ECD8(5209cd8) Type: 16 Desktop Object Header: 0xFF29ECC0 GrantedAccess: f01ff PointerCount: 34 HandleCount: 1 Directory: 0x00000000 Name: Winlogon OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFF29DF20(520af20) Type: 13 Timer Object Header: 0xFF29DF08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE130A720(1a33720) Type: 18 Key Object Header: 0xE130A708 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Winlogon\Notify\crypt32chain\ OBJECT: 0xE12AB7A0(18cd7a0) Type: 18 Key Object Header: 0xE12AB788 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Winlogon\Notify\cryptnet\ OBJECT: 0xFF28A5F0(58445f0) Type: 8 Event Object Header: 0xFF28A5D8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 1 Directory: 0xFCC68730 Name: jjCSCSharedEvent_UM_KM SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1361FA0(229cfa0) Type: 18 Key Object Header: 0xE1361F88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Winlogon\Notify\sclgntfy\ OBJECT: 0xFF1D0368(940368) Type: 26 File Object Header: 0xFF1D0350 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\winlogonrpc OBJECT: 0xE135F240(22a1240) Type: 18 Key Object Header: 0xE135F228 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\ OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFF29DCA0(520aca0) Type: 6 Thread Object Header: 0xFF29DC88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000D8 ThreadsProcess: 0xFCA28D60 OBJECT: 0xE1E280E0(53f20e0) Type: 18 Key Object Header: 0xE1E280C8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Winlogon\ OBJECT: 0xFF29DBA0(520aba0) Type: 8 Event Object Header: 0xFF29DB88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29DB60(520ab60) Type: 8 Event Object Header: 0xFF29DB48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29DB20(520ab20) Type: 8 Event Object Header: 0xFF29DB08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29E780(5209780) Type: 25 IoCompletion Object Header: 0xFF29E768 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 2 Waiting Thread: 0xFF29D6C0 Process: 0xFCA28D60 APCProcess: 0xFCA28D60 OBJECT: 0xFF29E780(5209780) Type: 25 IoCompletion Object Header: 0xFF29E768 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 2 Waiting Thread: 0xFF29D6C0 Process: 0xFCA28D60 APCProcess: 0xFCA28D60 OBJECT: 0xFF29E7E8(52097e8) Type: 26 File Object Header: 0xFF29E7D0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\InitShutdown OBJECT: 0xFF29D9E8(520a9e8) Type: 26 File Object Header: 0xFF29D9D0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\InitShutdown OBJECT: 0xFF29D940(520a940) Type: 8 Event Object Header: 0xFF29D928 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29D6C0(520a6c0) Type: 6 Thread Object Header: 0xFF29D6A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000DC ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF1E51C8(3f071c8) Type: 26 File Object Header: 0xFF1E51B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\winlogonrpc OBJECT: 0xFF29D080(520a080) Type: 5 Process Object Header: 0xFF29D068 GrantedAccess: 1f0fff PointerCount: 294 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xFF29BA80(529ea80) Type: 5 Process Object Header: 0xFF29BA68 GrantedAccess: 1f0fff PointerCount: 117 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xE12CDEE0(1932ee0) Type: 18 Key Object Header: 0xE12CDEC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF29CA20(5273a20) Type: 6 Thread Object Header: 0xFF29CA08 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000E8 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF29C8E0(52738e0) Type: 13 Timer Object Header: 0xFF29C8C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29E120(5209120) Type: 8 Event Object Header: 0xFF29E108 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12C4CE0(1910ce0) Type: 18 Key Object Header: 0xE12C4CC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE12C4F20(1910f20) Type: 18 Key Object Header: 0xE12C4F08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE12C7080(191e080) Type: 18 Key Object Header: 0xE12C7068 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF293A60(55dba60) Type: 8 Event Object Header: 0xFF293A48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF292340(5572340) Type: 10 Mutant Object Header: 0xFF292328 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF292380(5572380) Type: 10 Mutant Object Header: 0xFF292368 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2DFC0(5657fc0) Type: 18 Key Object Header: 0xE1E2DFA8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Winlogon\ OBJECT: 0xFF28D640(58b3640) Type: 8 Event Object Header: 0xFF28D628 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF292180(5572180) Type: 8 Event Object Header: 0xFF292168 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E3E7B0(571a7b0) Type: 19 Port Object Header: 0xE1E3E798 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B0.00000090 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1E2DF80(5657f80) Type: 18 Key Object Header: 0xE1E2DF68 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFF2911E0(562c1e0) Type: 8 Event Object Header: 0xFF2911C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EB44B0(755b4b0) Type: 4 Token Object Header: 0xE1EB4498 GrantedAccess: f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,bf72} ParentToken ID: {0,0} Modified ID: {0,bf74} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege OBJECT: 0xFF290720(560b720) Type: 6 Thread Object Header: 0xFF290708 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000118 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF28FA20(575ba20) Type: 10 Mutant Object Header: 0xFF28FA08 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28FB00(575bb00) Type: 8 Event Object Header: 0xFF28FAE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28F9E0(575b9e0) Type: 8 Event Object Header: 0xFF28F9C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28F9A0(575b9a0) Type: 10 Mutant Object Header: 0xFF28F988 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28F280(575b280) Type: 8 Event Object Header: 0xFF28F268 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC68020(1285020) Type: 6 Thread Object Header: 0xFCC68008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000090 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF28E9E0(57a09e0) Type: 8 Event Object Header: 0xFF28E9C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: 8b PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFF1F6570(35c570) Type: 8 Event Object Header: 0xFF1F6558 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: AgentToWkssvcEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF25B230(65b9230) Type: 8 Event Object Header: 0xFF25B218 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: WkssvcToAgentStopEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF28E3C0(57a03c0) Type: 8 Event Object Header: 0xFF28E3A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF290720(560b720) Type: 6 Thread Object Header: 0xFF290708 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000118 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF28AEE0(5844ee0) Type: 8 Event Object Header: 0xFF28AEC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FAFF0(f6fff0) Type: 8 Event Object Header: 0xFF1FAFD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: WkssvcToAgentStartEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF295780(5556780) Type: 6 Thread Object Header: 0xFF295768 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000108 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF28D600(58b3600) Type: 8 Event Object Header: 0xFF28D5E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28D568(58b3568) Type: 26 File Object Header: 0xFF28D550 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF28A5B0(58445b0) Type: 8 Event Object Header: 0xFF28A598 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: AgentExistsEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF25EF80(6397f80) Type: 8 Event Object Header: 0xFF25EF68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25EDE8(6397de8) Type: 26 File Object Header: 0xFF25EDD0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF25ED70(6397d70) Type: 10 Mutant Object Header: 0xFF25ED58 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: GuardMutexmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D31CB8(42edcb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x100000;;;WD) OBJECT: 0xFF25ED30(6397d30) Type: 8 Event Object Header: 0xFF25ED18 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: GuardEventmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D30A58(42cba58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xFF25ECD0(6397cd0) Type: 12 Semaphore Object Header: 0xFF25ECB8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: GuardSemmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D30A58(42cba58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xE1D30A00(42cba00) Type: 17 Section Object Header: 0xE1D309E8 GrantedAccess: f0007 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: mmGlobalPnpInfo SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E78748(6449748) BasedAddress: 0x00000080 SizeOfSegment: 0x40000 OBJECT: 0xFF24BC50(66eac50) Type: 10 Mutant Object Header: 0xFF24BC38 GrantedAccess: 100000 PointerCount: 9 HandleCount: 8 Directory: 0xFCC68730 Name: mxrapi SecurityDescriptor: 0xE1EC0298(7a1f298) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xFF241108(692e108) Type: 26 File Object Header: 0xFF2410F0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000001\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFF235D20(6e37d20) Type: 8 Event Object Header: 0xFF235D08 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 3 SecurityDescriptor: (null) OBJECT: 0xFF25E420(6397420) Type: 8 Event Object Header: 0xFF25E408 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25B280(65b9280) Type: 8 Event Object Header: 0xFF25B268 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24A2F0(68692f0) Type: 8 Event Object Header: 0xFF24A2D8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: WFP_IDLE_TRIGGER SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF25EA60(6397a60) Type: 10 Mutant Object Header: 0xFF25EA48 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25EAA0(6397aa0) Type: 8 Event Object Header: 0xFF25EA88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13911C0(295b1c0) Type: 17 Section Object Header: 0xE13911A8 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: WDMAUD_Device_Interface_Path SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E82588(6611588) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1325300(1a8a300) Type: 18 Key Object Header: 0xE13252E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xFF29EDD0(5209dd0) Type: 8 Event Object Header: 0xFF29EDB8 GrantedAccess: 100000 PointerCount: 6 HandleCount: 3 Directory: 0xFCC68730 Name: WinSta0_DesktopSwitch SecurityDescriptor: 0xE1DE8458(510b458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100000;;;WD) OBJECT: 0xFF24BC50(66eac50) Type: 10 Mutant Object Header: 0xFF24BC38 GrantedAccess: 1f0001 PointerCount: 9 HandleCount: 8 Directory: 0xFCC68730 Name: mxrapi SecurityDescriptor: 0xE1EC0298(7a1f298) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xFF21ED20(9fdd20) Type: 8 Event Object Header: 0xFF21ED08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24AD20(6869d20) Type: 8 Event Object Header: 0xFF24AD08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24A320(6869320) Type: 8 Event Object Header: 0xFF24A308 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24ABC0(6869bc0) Type: 8 Event Object Header: 0xFF24ABA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2344A0(6c5d4a0) Type: 8 Event Object Header: 0xFF234488 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27C448(5d6f448) Type: 26 File Object Header: 0xFF27C430 GrantedAccess: 160001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\dllcache OBJECT: 0xFF290AF0(560baf0) Type: 8 Event Object Header: 0xFF290AD8 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 4 Directory: 0xFCC68730 Name: crypt32LogoffEvent SecurityDescriptor: 0xE1372438(2799438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100000;;;WD) OBJECT: 0xFF234460(6c5d460) Type: 8 Event Object Header: 0xFF234448 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23F7C0(6d427c0) Type: 10 Mutant Object Header: 0xFF23F7A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23F780(6d42780) Type: 8 Event Object Header: 0xFF23F768 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23F740(6d42740) Type: 10 Mutant Object Header: 0xFF23F728 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23F700(6d42700) Type: 8 Event Object Header: 0xFF23F6E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23F6C0(6d426c0) Type: 8 Event Object Header: 0xFF23F6A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21EE08(9fde08) Type: 26 File Object Header: 0xFF21EDF0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\inetsrv OBJECT: 0xFF21F248(94d248) Type: 26 File Object Header: 0xFF21F230 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_aut OBJECT: 0xFF21E028(9fd028) Type: 26 File Object Header: 0xFF21E010 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_aut OBJECT: 0xFF232CA8(70d3ca8) Type: 26 File Object Header: 0xFF232C90 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_adm OBJECT: 0xFF21F2E8(94d2e8) Type: 26 File Object Header: 0xFF21F2D0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32 OBJECT: 0xFF23CE48(6ab1e48) Type: 26 File Object Header: 0xFF23CE30 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_adm OBJECT: 0xE131F7C0(1a6c7c0) Type: 18 Key Object Header: 0xE131F7A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xFF2617E0(615b7e0) Type: 8 Event Object Header: 0xFF2617C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2421E8(697f1e8) Type: 26 File Object Header: 0xFF2421D0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF21E6E8(9fd6e8) Type: 26 File Object Header: 0xFF21E6D0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\outlook express OBJECT: 0xE1327080(1a8e080) Type: 18 Key Object Header: 0xE1327068 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\SystemCertificates\Root\ OBJECT: 0xE136EFC0(27a7fc0) Type: 17 Section Object Header: 0xE136EFA8 GrantedAccess: f0007 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: WDMAUD_Callbacks SecurityDescriptor: 0xE1E5D3B8(59fc3b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;DCLC;;;WD) Segment: 0xE1E7DC48(6857c48) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: f0007 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E74E00(60a4e00) Type: 18 Key Object Header: 0xE1E74DE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\SystemCertificates\ca\ OBJECT: 0xE1E1F6C0(540d6c0) Type: 18 Key Object Header: 0xE1E1F6A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EnterpriseCertificates\Root\ OBJECT: 0xE1302020(19fb020) Type: 18 Key Object Header: 0xE1302008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE13026C0(19fb6c0) Type: 18 Key Object Header: 0xE13026A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\SystemCertificates\ca\ OBJECT: 0xE134BB20(1aeab20) Type: 18 Key Object Header: 0xE134BB08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EnterpriseCertificates\ca\ OBJECT: 0xE12F2F20(19e8f20) Type: 18 Key Object Header: 0xE12F2F08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\SystemCertificates\Trust\ OBJECT: 0xE1E21EA0(53b1ea0) Type: 18 Key Object Header: 0xE1E21E88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE12D9160(1958160) Type: 18 Key Object Header: 0xE12D9148 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\SystemCertificates\Trust\ OBJECT: 0xE12CF760(191b760) Type: 18 Key Object Header: 0xE12CF748 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EnterpriseCertificates\Trust\ OBJECT: 0xE12A56C0(18b06c0) Type: 18 Key Object Header: 0xE12A56A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\SystemCertificates\ca\ OBJECT: 0xE132A8E0(1a978e0) Type: 18 Key Object Header: 0xE132A8C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE1340580(1ac8580) Type: 18 Key Object Header: 0xE1340568 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\SystemCertificates\ca\ OBJECT: 0xE12DD220(1966220) Type: 18 Key Object Header: 0xE12DD208 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EnterpriseCertificates\ca\ OBJECT: 0xE12ACBC0(19ecbc0) Type: 18 Key Object Header: 0xE12ACBA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\SystemCertificates\my\ OBJECT: 0xFF235C40(6e37c40) Type: 8 Event Object Header: 0xFF235C28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22D660(7b03660) Type: 8 Event Object Header: 0xFF22D648 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C38C0(938c0) Type: 6 Thread Object Header: 0xFF1C38A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002F4 ThreadsProcess: 0xFCA28D60 OBJECT: 0xE1ECA250(a16250) Type: 19 Port Object Header: 0xE1ECA238 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B0.00000154 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF22D5E0(7b035e0) Type: 8 Event Object Header: 0xFF22D5C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22D5A0(7b035a0) Type: 8 Event Object Header: 0xFF22D588 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2473C0(679a3c0) Type: 8 Event Object Header: 0xFF2473A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF247380(679a380) Type: 8 Event Object Header: 0xFF247368 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2472D0(679a2d0) Type: 8 Event Object Header: 0xFF2472B8 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 3 Directory: 0xFCC68730 Name: userenv: Machine Group Policy has been applied SecurityDescriptor: 0xE1DEE6F8(519c6f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) OBJECT: 0xFF2258E0(9be8e0) Type: 6 Thread Object Header: 0xFF2258C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000298 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF2258A0(9be8a0) Type: 8 Event Object Header: 0xFF225888 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13013E0(1a133e0) Type: 18 Key Object Header: 0xE13013C8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Policies\MICROSOFT\SystemCertificates\ OBJECT: 0xFF1BCE50(1a8de50) Type: 8 Event Object Header: 0xFF1BCE38 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: AUTOENRL:TriggerMachineEnrollment SecurityDescriptor: 0xE1DEE6F8(519c6f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) OBJECT: 0xFF1CBF50(ae9f50) Type: 13 Timer Object Header: 0xFF1CBF38 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: AUTOENRL: machine refresh timer for 176:736 SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF225820(9be820) Type: 8 Event Object Header: 0xFF225808 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF224BC0(a41bc0) Type: 8 Event Object Header: 0xFF224BA8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21C960(c00960) Type: 8 Event Object Header: 0xFF21C948 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EE520(74f520) Type: 8 Event Object Header: 0xFF1EE508 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF224B40(a41b40) Type: 8 Event Object Header: 0xFF224B28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF224A40(a41a40) Type: 8 Event Object Header: 0xFF224A28 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2472D0(679a2d0) Type: 8 Event Object Header: 0xFF2472B8 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 3 Directory: 0xFCC68730 Name: userenv: Machine Group Policy has been applied SecurityDescriptor: 0xE1DEE6F8(519c6f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) OBJECT: 0xFF1E8860(5bd860) Type: 6 Thread Object Header: 0xFF1E8848 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000003B4 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF2249C0(a419c0) Type: 8 Event Object Header: 0xFF2249A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF2248A0(a418a0) Type: 8 Event Object Header: 0xFF224888 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF224860(a41860) Type: 8 Event Object Header: 0xFF224848 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF224830(a41830) Type: 8 Event Object Header: 0xFF224818 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 3 Directory: 0xFCC68730 Name: userenv: User Group Policy has been applied SecurityDescriptor: 0xE1DEE6F8(519c6f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) OBJECT: 0xE1350E60(1b0ae60) Type: 18 Key Object Header: 0xE1350E48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\MICROSOFT\SystemCertificates\ OBJECT: 0xFF2249C0(a419c0) Type: 8 Event Object Header: 0xFF2249A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF235D20(6e37d20) Type: 8 Event Object Header: 0xFF235D08 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 3 SecurityDescriptor: (null) OBJECT: 0xFF2247A0(a417a0) Type: 8 Event Object Header: 0xFF224788 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF224760(a41760) Type: 8 Event Object Header: 0xFF224748 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E9340(7f5340) Type: 8 Event Object Header: 0xFF1E9328 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E92D0(7f52d0) Type: 8 Event Object Header: 0xFF1E92B8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: userenv: machine policy refresh event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF2246E0(a416e0) Type: 8 Event Object Header: 0xFF2246C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BCDC0(1a8ddc0) Type: 8 Event Object Header: 0xFF1BCDA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2246A0(a416a0) Type: 8 Event Object Header: 0xFF224688 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF224660(a41660) Type: 8 Event Object Header: 0xFF224648 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E9EFA0(6a52fa0) Type: 18 Key Object Header: 0xE1E9EF88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFF1E9C30(7f5c30) Type: 8 Event Object Header: 0xFF1E9C18 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: winlogon: machine GPO Event 34810 SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF2245E0(a415e0) Type: 8 Event Object Header: 0xFF2245C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF224480(a41480) Type: 8 Event Object Header: 0xFF224468 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F26850(288850) Type: 4 Token Object Header: 0xE1F26838 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,bd64} ParentToken ID: {0,0} Modified ID: {0,6cf5} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege Enabled 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled OBJECT: 0xE1DBACD0(4fb1cd0) Type: 4 Token Object Header: 0xE1DBACB8 GrantedAccess: e PointerCount: 16 HandleCount: 1 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,48ce} ParentToken ID: {0,0} Modified ID: {0,c512} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege Enabled 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF223FE0(8e6fe0) Type: 8 Event Object Header: 0xFF223FC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF2245A0(a415a0) Type: 8 Event Object Header: 0xFF224588 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF224560(a41560) Type: 8 Event Object Header: 0xFF224548 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE131C0C0(1a650c0) Type: 18 Key Object Header: 0xE131C0A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\MICROSOFT\SystemCertificates\ OBJECT: 0xFF223FE0(8e6fe0) Type: 8 Event Object Header: 0xFF223FC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF235D20(6e37d20) Type: 8 Event Object Header: 0xFF235D08 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 3 SecurityDescriptor: (null) OBJECT: 0xFF223E60(8e6e60) Type: 8 Event Object Header: 0xFF223E48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF223FA0(8e6fa0) Type: 8 Event Object Header: 0xFF223F88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BD7C0(f0c7c0) Type: 10 Mutant Object Header: 0xFF1BD7A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22C930(7aef930) Type: 13 Timer Object Header: 0xFF22C918 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: userenv: refresh timer for 176:948 SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF223F20(8e6f20) Type: 8 Event Object Header: 0xFF223F08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C98E0(29658e0) Type: 6 Thread Object Header: 0xFF1C98C8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002E0 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF223EE0(8e6ee0) Type: 8 Event Object Header: 0xFF223EC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF223CC0(8e6cc0) Type: 8 Event Object Header: 0xFF223CA8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E9F88(7f5f88) Type: 26 File Object Header: 0xFF1E9F70 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ProfMapApi OBJECT: 0xFF1E9028(7f5028) Type: 26 File Object Header: 0xFF1E9010 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ProfMapApi OBJECT: 0xFF223C40(8e6c40) Type: 8 Event Object Header: 0xFF223C28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF223E20(8e6e20) Type: 8 Event Object Header: 0xFF223E08 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BD790(f0c790) Type: 8 Event Object Header: 0xFF1BD778 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: SENS Started Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF2329F0(70d39f0) Type: 8 Event Object Header: 0xFF2329D8 GrantedAccess: 1f0003 PointerCount: 10 HandleCount: 4 Directory: 0xFCC68730 Name: hardwaremixercallback SecurityDescriptor: 0xE1340458(1ac8458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xFF21EB48(9fdb48) Type: 26 File Object Header: 0xFF21EB30 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\bin OBJECT: 0xFF21D8A8(bbe8a8) Type: 26 File Object Header: 0xFF21D890 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt OBJECT: 0xFF21D608(bbe608) Type: 26 File Object Header: 0xFF21D5F0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\fonts OBJECT: 0xFF21D368(bbe368) Type: 26 File Object Header: 0xFF21D350 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\inf OBJECT: 0xFF21D0E8(bbe0e8) Type: 26 File Object Header: 0xFF21D0D0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\drivers OBJECT: 0xFF21CE48(c00e48) Type: 26 File Object Header: 0xFF21CE30 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\servsupp OBJECT: 0xFF21C380(c00380) Type: 25 IoCompletion Object Header: 0xFF21C368 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 OBJECT: 0xFF247B00(679ab00) Type: 8 Event Object Header: 0xFF247AE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21BDC8(c44dc8) Type: 26 File Object Header: 0xFF21BDB0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\microsoft frontpage\version3.0\bin OBJECT: 0xFF21CBC8(c00bc8) Type: 26 File Object Header: 0xFF21CBB0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\bots\vinavbar OBJECT: 0xFF21B128(c44128) Type: 26 File Object Header: 0xFF21B110 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\isapi OBJECT: 0xFF21B088(c44088) Type: 26 File Object Header: 0xFF21B070 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\bin\1033 OBJECT: 0xFF21AF88(ac6f88) Type: 26 File Object Header: 0xFF21AF70 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\speechengines\tts OBJECT: 0xFF21FAE8(94dae8) Type: 26 File Object Header: 0xFF21FAD0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\_vti_bin OBJECT: 0xFF217E88(95ce88) Type: 26 File Object Header: 0xFF217E70 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\speech OBJECT: 0xFF217A08(95ca08) Type: 26 File Object Header: 0xFF2179F0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\dao OBJECT: 0xFF215968(b1f968) Type: 26 File Object Header: 0xFF215950 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\windows media player OBJECT: 0xFF2151E8(b1f1e8) Type: 26 File Object Header: 0xFF2151D0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\system\msadc OBJECT: 0xFF214888(cc1888) Type: 26 File Object Header: 0xFF214870 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\system\ado OBJECT: 0xFF2147E8(cc17e8) Type: 26 File Object Header: 0xFF2147D0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\system\ole db OBJECT: 0xFF214748(cc1748) Type: 26 File Object Header: 0xFF214730 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\twain_32\miitwain OBJECT: 0xFF2104A8(b124a8) Type: 26 File Object Header: 0xFF210490 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\msagent OBJECT: 0xFF210228(b12228) Type: 26 File Object Header: 0xFF210210 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\msagent\intl OBJECT: 0xFF20F028(a0b028) Type: 26 File Object Header: 0xFF20F010 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system OBJECT: 0xFF20FE68(a0be68) Type: 26 File Object Header: 0xFF20FE50 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\help OBJECT: 0xFF20F868(a0b868) Type: 26 File Object Header: 0xFF20F850 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\netmeeting OBJECT: 0xFF20E3E8(a2b3e8) Type: 26 File Object Header: 0xFF20E3D0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\wbem OBJECT: 0xFF20D128(d14128) Type: 26 File Object Header: 0xFF20D110 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\com OBJECT: 0xFF20CE48(ec8e48) Type: 26 File Object Header: 0xFF20CE30 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\setup OBJECT: 0xFF20CDA8(ec8da8) Type: 26 File Object Header: 0xFF20CD90 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\triedit OBJECT: 0xFF20C9A8(ec89a8) Type: 26 File Object Header: 0xFF20C990 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\windows nt OBJECT: 0xFF20C908(ec8908) Type: 26 File Object Header: 0xFF20C8F0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\drivers\disdn OBJECT: 0xFF20C868(ec8868) Type: 26 File Object Header: 0xFF20C850 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\system OBJECT: 0xFF20C7C8(ec87c8) Type: 26 File Object Header: 0xFF20C7B0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\os2\dll OBJECT: 0xFF20BC08(ee2c08) Type: 26 File Object Header: 0xFF20BBF0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\export OBJECT: 0xFF20B888(ee2888) Type: 26 File Object Header: 0xFF20B870 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\twain_32\fjscan\fcpa OBJECT: 0xFF20B088(ee2088) Type: 26 File Object Header: 0xFF20B070 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\admcgi\scripts OBJECT: 0xFF20AB08(c6ab08) Type: 26 File Object Header: 0xFF20AAF0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\admisapi\scripts OBJECT: 0xFF20A748(c6a748) Type: 26 File Object Header: 0xFF20A730 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\mui\0009 OBJECT: 0xFF20A568(c6a568) Type: 26 File Object Header: 0xFF20A550 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\internet explorer OBJECT: 0xFF20A288(c6a288) Type: 26 File Object Header: 0xFF20A270 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\internet explorer\connection wizard OBJECT: 0xFF209028(c59028) Type: 26 File Object Header: 0xFF209010 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\msinfo OBJECT: 0xFF209D48(c59d48) Type: 26 File Object Header: 0xFF209D30 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\twain_32\logiscan OBJECT: 0xFF208308(def308) Type: 26 File Object Header: 0xFF2082F0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\mww32\manager OBJECT: 0xFF208228(def228) Type: 26 File Object Header: 0xFF208210 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\mww32\modem OBJECT: 0xFF2071C8(cfd1c8) Type: 26 File Object Header: 0xFF2071B0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\npp OBJECT: 0xFF206F48(daaf48) Type: 26 File Object Header: 0xFF206F30 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee} OBJECT: 0xFF206D68(daad68) Type: 26 File Object Header: 0xFF206D50 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\rocket OBJECT: 0xFF206CC8(daacc8) Type: 26 File Object Header: 0xFF206CB0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\windows nt\pinball OBJECT: 0xFF206AE8(daaae8) Type: 26 File Object Header: 0xFF206AD0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\rpcproxy OBJECT: 0xFF2067A8(daa7a8) Type: 26 File Object Header: 0xFF206790 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\spool\prtprocs\w32x86 OBJECT: 0xFF20A428(c6a428) Type: 26 File Object Header: 0xFF20A410 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\apppatch OBJECT: 0xFF20AF88(c6af88) Type: 26 File Object Header: 0xFF20AF70 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\spool\drivers\color OBJECT: 0xFF20B748(ee2748) Type: 26 File Object Header: 0xFF20B730 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\vgx OBJECT: 0xFF20BAC8(ee2ac8) Type: 26 File Object Header: 0xFF20BAB0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\windows nt\accessories\imagevue OBJECT: 0xFF2102E8(b122e8) Type: 26 File Object Header: 0xFF2102D0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\windows nt\accessories OBJECT: 0xFF205DA0(c91da0) Type: 6 Thread Object Header: 0xFF205D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002B0 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF292020(5572020) Type: 8 Event Object Header: 0xFF292008 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF212420(9ec420) Type: 8 Event Object Header: 0xFF212408 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21BF40(c44f40) Type: 8 Event Object Header: 0xFF21BF28 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21BF00(c44f00) Type: 8 Event Object Header: 0xFF21BEE8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2063A0(daa3a0) Type: 8 Event Object Header: 0xFF206388 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF206360(daa360) Type: 8 Event Object Header: 0xFF206348 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF206320(daa320) Type: 8 Event Object Header: 0xFF206308 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2062E0(daa2e0) Type: 8 Event Object Header: 0xFF2062C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF205A20(c91a20) Type: 8 Event Object Header: 0xFF205A08 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF205840(c91840) Type: 8 Event Object Header: 0xFF205828 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF205660(c91660) Type: 8 Event Object Header: 0xFF205648 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF205480(c91480) Type: 8 Event Object Header: 0xFF205468 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2052A0(c912a0) Type: 8 Event Object Header: 0xFF205288 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF205260(c91260) Type: 8 Event Object Header: 0xFF205248 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF205220(c91220) Type: 8 Event Object Header: 0xFF205208 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2051E0(c911e0) Type: 8 Event Object Header: 0xFF2051C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2051A0(c911a0) Type: 8 Event Object Header: 0xFF205188 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF204960(e18960) Type: 8 Event Object Header: 0xFF204948 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF204780(e18780) Type: 8 Event Object Header: 0xFF204768 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2045A0(e185a0) Type: 8 Event Object Header: 0xFF204588 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2043C0(e183c0) Type: 8 Event Object Header: 0xFF2043A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2041E0(e181e0) Type: 8 Event Object Header: 0xFF2041C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF203FE0(df9fe0) Type: 8 Event Object Header: 0xFF203FC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF203E00(df9e00) Type: 8 Event Object Header: 0xFF203DE8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF203C20(df9c20) Type: 8 Event Object Header: 0xFF203C08 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF203A40(df9a40) Type: 8 Event Object Header: 0xFF203A28 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF203860(df9860) Type: 8 Event Object Header: 0xFF203848 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF203680(df9680) Type: 8 Event Object Header: 0xFF203668 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2034A0(df94a0) Type: 8 Event Object Header: 0xFF203488 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2032C0(df92c0) Type: 8 Event Object Header: 0xFF2032A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF203280(df9280) Type: 8 Event Object Header: 0xFF203268 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF203240(df9240) Type: 8 Event Object Header: 0xFF203228 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF203200(df9200) Type: 8 Event Object Header: 0xFF2031E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF202B00(37ab00) Type: 8 Event Object Header: 0xFF202AE8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF202920(37a920) Type: 8 Event Object Header: 0xFF202908 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF202740(37a740) Type: 8 Event Object Header: 0xFF202728 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF202560(37a560) Type: 8 Event Object Header: 0xFF202548 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF202380(37a380) Type: 8 Event Object Header: 0xFF202368 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF201020(f5b020) Type: 8 Event Object Header: 0xFF201008 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF201E40(f5be40) Type: 8 Event Object Header: 0xFF201E28 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF201C60(f5bc60) Type: 8 Event Object Header: 0xFF201C48 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF201A80(f5ba80) Type: 8 Event Object Header: 0xFF201A68 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2018A0(f5b8a0) Type: 8 Event Object Header: 0xFF201888 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2016C0(f5b6c0) Type: 8 Event Object Header: 0xFF2016A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2014E0(f5b4e0) Type: 8 Event Object Header: 0xFF2014C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF201300(f5b300) Type: 8 Event Object Header: 0xFF2012E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF201120(f5b120) Type: 8 Event Object Header: 0xFF201108 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2010E0(f5b0e0) Type: 8 Event Object Header: 0xFF2010C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2010A0(f5b0a0) Type: 8 Event Object Header: 0xFF201088 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF200CA0(c3cca0) Type: 8 Event Object Header: 0xFF200C88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF200AC0(c3cac0) Type: 8 Event Object Header: 0xFF200AA8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2008E0(c3c8e0) Type: 8 Event Object Header: 0xFF2008C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF200700(c3c700) Type: 8 Event Object Header: 0xFF2006E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF200520(c3c520) Type: 8 Event Object Header: 0xFF200508 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF200340(c3c340) Type: 8 Event Object Header: 0xFF200328 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF200300(c3c300) Type: 8 Event Object Header: 0xFF2002E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2002C0(c3c2c0) Type: 8 Event Object Header: 0xFF2002A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF200280(c3c280) Type: 8 Event Object Header: 0xFF200268 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF200240(c3c240) Type: 8 Event Object Header: 0xFF200228 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF200200(c3c200) Type: 8 Event Object Header: 0xFF2001E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FF7C0(ddd7c0) Type: 8 Event Object Header: 0xFF1FF7A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21BF88(c44f88) Type: 26 File Object Header: 0xFF21BF70 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\SfcApi OBJECT: 0xFF1FF388(ddd388) Type: 26 File Object Header: 0xFF1FF370 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\SfcApi OBJECT: 0xFF1FE020(381020) Type: 6 Thread Object Header: 0xFF1FE008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002B4 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF24B830(66ea830) Type: 8 Event Object Header: 0xFF24B818 GrantedAccess: 1f0003 PointerCount: 9 HandleCount: 4 Directory: 0xFCC68730 Name: mixercallback SecurityDescriptor: 0xE1340458(1ac8458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xE1EB1030(721030) Type: 4 Token Object Header: 0xE1EB1018 GrantedAccess: f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,c23a} ParentToken ID: {0,0} Modified ID: {0,bf74} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege OBJECT: 0xFF21D7D0(bbe7d0) Type: 8 Event Object Header: 0xFF21D7B8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: winlogon: User GPO Event 85442 SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1C1020(7bfc020) Type: 6 Thread Object Header: 0xFF1C1008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000000B0.0000038C ThreadsProcess: 0xFCA28D60 OBJECT: 0xE1EB1830(721830) Type: 4 Token Object Header: 0xE1EB1818 GrantedAccess: 200ee PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1F0D4F8(b2a4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;DCLCSWWPDTLORC;;;S-1-5-5-0-48542) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,c45a} ParentToken ID: {0,0} Modified ID: {0,bf74} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege OBJECT: 0xFF21DA40(bbea40) Type: 8 Event Object Header: 0xFF21DA28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D6D10(58a0d10) Type: 8 Event Object Header: 0xFF1D6CF8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: userenv: user policy refresh event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF224830(a41830) Type: 8 Event Object Header: 0xFF224818 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 3 Directory: 0xFCC68730 Name: userenv: User Group Policy has been applied SecurityDescriptor: 0xE1DEE6F8(519c6f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) OBJECT: 0xFF1B7700(6e2700) Type: 6 Thread Object Header: 0xFF1B76E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000150 ThreadsProcess: 0xFCA28D60 OBJECT: 0xE1EFB5D0(70585d0) Type: 4 Token Object Header: 0xE1EFB5B8 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,c1bb} ParentToken ID: {0,0} Modified ID: {0,bf74} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege OBJECT: 0xFF21DB50(bbeb50) Type: 8 Event Object Header: 0xFF21DB38 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: AUTOENRL:TriggerUserEnrollment SecurityDescriptor: 0xE1DEE6F8(519c6f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) OBJECT: 0xFF1BE550(5dc2550) Type: 13 Timer Object Header: 0xFF1BE538 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: AUTOENRL: user refresh timer for 176:212 SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1D4AE0(45aaae0) Type: 8 Event Object Header: 0xFF1D4AC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E8A810(6a73810) Type: 19 Port Object Header: 0xE1E8A7F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B0.00000338 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF15CAF0(b14af0) Type: 13 Timer Object Header: 0xFF15CAD8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: userenv: refresh timer for 176:336 SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1EB1D70(721d70) Type: 4 Token Object Header: 0xE1EB1D58 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,c23c} ParentToken ID: {0,0} Modified ID: {0,bf74} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege OBJECT: 0xFF1D5D80(6a89d80) Type: 8 Event Object Header: 0xFF1D5D68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2A2DE0(517bde0) Type: 8 Event Object Header: 0xFF2A2DC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C2B68(6f7db68) Type: 26 File Object Header: 0xFF1C2B50 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32 OBJECT: 0xFF1B8108(11c108) Type: 26 File Object Header: 0xFF1B80F0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF1C3860(93860) Type: 10 Mutant Object Header: 0xFF1C3848 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C0680(e6e680) Type: 8 Event Object Header: 0xFF1C0668 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C3F00(93f00) Type: 8 Event Object Header: 0xFF1C3EE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF12BA20(5affa20) Type: 8 Event Object Header: 0xFF12BA08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE134F7E0(1b047e0) Type: 19 Port Object Header: 0xE134F7C8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCC93030 Name: OLE6 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000000B0.000000D4 ClientThread: 0x00000000 ServerProcess: 0xFCA28D60 OBJECT: 0xFF1E7020(7e4020) Type: 6 Thread Object Header: 0xFF1E7008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000154 ThreadsProcess: 0xFCA28D60 OBJECT: 0xFF20A3E0(c6a3e0) Type: 8 Event Object Header: 0xFF20A3C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E8860(5bd860) Type: 6 Thread Object Header: 0xFF1E8848 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000003B4 ThreadsProcess: 0xFCA28D60 6. TABLE: 0xFF29E868(5209868): Table: 0xE1E12000 QuotaProcess: 0xFF29D080 ProcessId: e4 HandleCount: 570 CapturedHandleCount: 570 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1330FD0(1ac2fd0) Type: 17 Section Object Header: 0xE1330FB8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1DC7848(50d2848) BasedAddress: 0x0884C430 SizeOfSegment: 0x18000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\services.exe OBJECT: 0xFF29C9A0(52739a0) Type: 8 Event Object Header: 0xFF29C988 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29C8A0(52738a0) Type: 8 Event Object Header: 0xFF29C888 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29C840(5273840) Type: 8 Event Object Header: 0xFF29C828 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF29C7A8(52737a8) Type: 26 File Object Header: 0xFF29C790 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF299CE0(5368ce0) Type: 8 Event Object Header: 0xFF299CC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1DC7CD0(50d2cd0) Type: 19 Port Object Header: 0xE1DC7CB8 GrantedAccess: 1f0001 PointerCount: 34 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.000000E0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE135DDA0(2210da0) Type: 18 Key Object Header: 0xE135DD88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF299B80(5368b80) Type: 8 Event Object Header: 0xFF299B68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF299AE0(5368ae0) Type: 8 Event Object Header: 0xFF299AC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF299AA0(5368aa0) Type: 8 Event Object Header: 0xFF299A88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF1DF080(5449080) Type: 6 Thread Object Header: 0xFF1DF068 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002C0 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF298ED8(536eed8) Type: 16 Desktop Object Header: 0xFF298EC0 GrantedAccess: f01ff PointerCount: 344 HandleCount: 10 Directory: 0x00000000 Name: Default OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation Object Header: 0xFF29A440 GrantedAccess: f037f PointerCount: 28 HandleCount: 17 Directory: 0xFCC663D0 Name: Service-0x0-3e7$ OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation Object Header: 0xFF29A440 GrantedAccess: f037f PointerCount: 28 HandleCount: 17 Directory: 0xFCC663D0 Name: Service-0x0-3e7$ OBJECT: 0xFF298AA0(536eaa0) Type: 8 Event Object Header: 0xFF298A88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE132A500(1a97500) Type: 18 Key Object Header: 0xE132A4E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\ OBJECT: 0xE132B020(1a98020) Type: 18 Key Object Header: 0xE132B008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ OBJECT: 0xE132ABC0(1a97bc0) Type: 18 Key Object Header: 0xE132ABA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CLASS\ OBJECT: 0xFF298A60(536ea60) Type: 8 Event Object Header: 0xFF298A48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298A20(536ea20) Type: 10 Mutant Object Header: 0xFF298A08 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2989E0(536e9e0) Type: 8 Event Object Header: 0xFF2989C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2989A0(536e9a0) Type: 10 Mutant Object Header: 0xFF298988 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298960(536e960) Type: 8 Event Object Header: 0xFF298948 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298920(536e920) Type: 10 Mutant Object Header: 0xFF298908 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2988E0(536e8e0) Type: 8 Event Object Header: 0xFF2988C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2988A0(536e8a0) Type: 10 Mutant Object Header: 0xFF298888 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298860(536e860) Type: 8 Event Object Header: 0xFF298848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298820(536e820) Type: 10 Mutant Object Header: 0xFF298808 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2987E0(536e7e0) Type: 8 Event Object Header: 0xFF2987C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2987A0(536e7a0) Type: 10 Mutant Object Header: 0xFF298788 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298760(536e760) Type: 8 Event Object Header: 0xFF298748 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298720(536e720) Type: 10 Mutant Object Header: 0xFF298708 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2986E0(536e6e0) Type: 8 Event Object Header: 0xFF2986C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2986A0(536e6a0) Type: 10 Mutant Object Header: 0xFF298688 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298660(536e660) Type: 8 Event Object Header: 0xFF298648 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298620(536e620) Type: 10 Mutant Object Header: 0xFF298608 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2985E0(536e5e0) Type: 8 Event Object Header: 0xFF2985C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2985A0(536e5a0) Type: 10 Mutant Object Header: 0xFF298588 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298560(536e560) Type: 8 Event Object Header: 0xFF298548 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298520(536e520) Type: 10 Mutant Object Header: 0xFF298508 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2984E0(536e4e0) Type: 8 Event Object Header: 0xFF2984C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2984A0(536e4a0) Type: 10 Mutant Object Header: 0xFF298488 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298460(536e460) Type: 8 Event Object Header: 0xFF298448 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298420(536e420) Type: 10 Mutant Object Header: 0xFF298408 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2983E0(536e3e0) Type: 8 Event Object Header: 0xFF2983C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2983A0(536e3a0) Type: 10 Mutant Object Header: 0xFF298388 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298360(536e360) Type: 8 Event Object Header: 0xFF298348 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF298320(536e320) Type: 10 Mutant Object Header: 0xFF298308 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2982E0(536e2e0) Type: 8 Event Object Header: 0xFF2982C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297020(5379020) Type: 10 Mutant Object Header: 0xFF297008 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297FE0(5379fe0) Type: 8 Event Object Header: 0xFF297FC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297FA0(5379fa0) Type: 10 Mutant Object Header: 0xFF297F88 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297F60(5379f60) Type: 8 Event Object Header: 0xFF297F48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297F20(5379f20) Type: 10 Mutant Object Header: 0xFF297F08 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297EE0(5379ee0) Type: 8 Event Object Header: 0xFF297EC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297EA0(5379ea0) Type: 10 Mutant Object Header: 0xFF297E88 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297E60(5379e60) Type: 8 Event Object Header: 0xFF297E48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297E20(5379e20) Type: 10 Mutant Object Header: 0xFF297E08 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297DE0(5379de0) Type: 8 Event Object Header: 0xFF297DC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297DA0(5379da0) Type: 10 Mutant Object Header: 0xFF297D88 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297D60(5379d60) Type: 8 Event Object Header: 0xFF297D48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297D20(5379d20) Type: 10 Mutant Object Header: 0xFF297D08 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297CE0(5379ce0) Type: 8 Event Object Header: 0xFF297CC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297CA0(5379ca0) Type: 10 Mutant Object Header: 0xFF297C88 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297C60(5379c60) Type: 8 Event Object Header: 0xFF297C48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297C20(5379c20) Type: 10 Mutant Object Header: 0xFF297C08 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297BE0(5379be0) Type: 8 Event Object Header: 0xFF297BC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297BA0(5379ba0) Type: 10 Mutant Object Header: 0xFF297B88 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297B60(5379b60) Type: 8 Event Object Header: 0xFF297B48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297B20(5379b20) Type: 10 Mutant Object Header: 0xFF297B08 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297AE0(5379ae0) Type: 8 Event Object Header: 0xFF297AC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297AA0(5379aa0) Type: 10 Mutant Object Header: 0xFF297A88 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297A60(5379a60) Type: 8 Event Object Header: 0xFF297A48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297A20(5379a20) Type: 10 Mutant Object Header: 0xFF297A08 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2979E0(53799e0) Type: 8 Event Object Header: 0xFF2979C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2979A0(53799a0) Type: 10 Mutant Object Header: 0xFF297988 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297960(5379960) Type: 8 Event Object Header: 0xFF297948 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297920(5379920) Type: 10 Mutant Object Header: 0xFF297908 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2978E0(53798e0) Type: 8 Event Object Header: 0xFF2978C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2978A0(53798a0) Type: 10 Mutant Object Header: 0xFF297888 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297860(5379860) Type: 8 Event Object Header: 0xFF297848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297820(5379820) Type: 10 Mutant Object Header: 0xFF297808 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFCA25FF0(1042ff0) Type: 8 Event Object Header: 0xFCA25FD8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC68730 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE1E175E0(53325e0) Type: 18 Key Object Header: 0xE1E175C8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\ OBJECT: 0xE1E17620(5332620) Type: 18 Key Object Header: 0xE1E17608 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\ OBJECT: 0xE1E15320(52c6320) Type: 18 Key Object Header: 0xE1E15308 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\ OBJECT: 0xE1E18EA0(541aea0) Type: 18 Key Object Header: 0xE1E18E88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\Order\ OBJECT: 0xFF2971B0(53791b0) Type: 8 Event Object Header: 0xFF297198 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: SC_AutoStartComplete SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF2974A0(53794a0) Type: 8 Event Object Header: 0xFF297488 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF296020(53bd020) Type: 6 Thread Object Header: 0xFF296008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000000FC ThreadsProcess: 0xFF29D080 OBJECT: 0xFF296BD0(53bdbd0) Type: 8 Event Object Header: 0xFF296BB8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: SvcctrlStartEvent_A3752DX SecurityDescriptor: 0xE1E1ABD8(537cbd8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-18 G: S-1-5-18 D:(A;;0x100000;;;WD)(A;;0x1f0003;;;SY) OBJECT: 0xFF296F20(53bdf20) Type: 13 Timer Object Header: 0xFF296F08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF296AE0(53bdae0) Type: 12 Semaphore Object Header: 0xFF296AC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF296B20(53bdb20) Type: 10 Mutant Object Header: 0xFF296B08 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF296AA0(53bdaa0) Type: 12 Semaphore Object Header: 0xFF296A88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF296A60(53bda60) Type: 12 Semaphore Object Header: 0xFF296A48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF296A20(53bda20) Type: 12 Semaphore Object Header: 0xFF296A08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2969E0(53bd9e0) Type: 12 Semaphore Object Header: 0xFF2969C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2969A0(53bd9a0) Type: 12 Semaphore Object Header: 0xFF296988 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12D3E20(1945e20) Type: 18 Key Object Header: 0xE12D3E08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder\ OBJECT: 0xE1E3E5F0(571a5f0) Type: 19 Port Object Header: 0xE1E3E5D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.000000E0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF296940(53bd940) Type: 8 Event Object Header: 0xFF296928 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28F140(575b140) Type: 8 Event Object Header: 0xFF28F128 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28EB00(57a0b00) Type: 8 Event Object Header: 0xFF28EAE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28EAC0(57a0ac0) Type: 8 Event Object Header: 0xFF28EAA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28EA60(57a0a60) Type: 25 IoCompletion Object Header: 0xFF28EA48 GrantedAccess: 1f0003 PointerCount: 42 HandleCount: 2 Waiting Thread: 0xFF28D6C0 Process: 0xFF29D080 APCProcess: 0xFF29D080 Waiting Thread: 0xFF28BD60 Process: 0xFF29D080 APCProcess: 0xFF29D080 Waiting Thread: 0xFF25BDA0 Process: 0xFF29D080 APCProcess: 0xFF29D080 Waiting Thread: 0xFF235DA0 Process: 0xFF29D080 APCProcess: 0xFF29D080 OBJECT: 0xFF28EA60(57a0a60) Type: 25 IoCompletion Object Header: 0xFF28EA48 GrantedAccess: 1f0003 PointerCount: 42 HandleCount: 2 Waiting Thread: 0xFF28D6C0 Process: 0xFF29D080 APCProcess: 0xFF29D080 Waiting Thread: 0xFF28BD60 Process: 0xFF29D080 APCProcess: 0xFF29D080 Waiting Thread: 0xFF25BDA0 Process: 0xFF29D080 APCProcess: 0xFF29D080 Waiting Thread: 0xFF235DA0 Process: 0xFF29D080 APCProcess: 0xFF29D080 OBJECT: 0xFF1DC460(3f19460) Type: 8 Event Object Header: 0xFF1DC448 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28B6E0(579d6e0) Type: 6 Thread Object Header: 0xFF28B6C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000014C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF28E660(57a0660) Type: 8 Event Object Header: 0xFF28E648 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28D0C0(58b30c0) Type: 8 Event Object Header: 0xFF28D0A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF293B10(55dbb10) Type: 8 Event Object Header: 0xFF293AF8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: ScNetDrvMsg SecurityDescriptor: 0xE1E26858(546d858) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;DC;;;WD)(A;;0x1f0003;;;SY) OBJECT: 0xFF28C5E0(57955e0) Type: 8 Event Object Header: 0xFF28C5C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E41040(57dd040) Type: 19 Port Object Header: 0xE1E41028 GrantedAccess: 1f0001 PointerCount: 14 HandleCount: 1 Directory: 0xFCC93030 Name: ntsvcs SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000000E4.000000E0 ClientThread: 0x00000000 ServerProcess: 0xFF29D080 OBJECT: 0xFF293B40(55dbb40) Type: 8 Event Object Header: 0xFF293B28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28BD60(579dd60) Type: 6 Thread Object Header: 0xFF28BD48 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000013C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF28E5C8(57a05c8) Type: 26 File Object Header: 0xFF28E5B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF28BC28(579dc28) Type: 26 File Object Header: 0xFF28BC10 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF28BBE0(579dbe0) Type: 8 Event Object Header: 0xFF28BBC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28D6C0(58b36c0) Type: 6 Thread Object Header: 0xFF28D6A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000140 ThreadsProcess: 0xFF29D080 OBJECT: 0xE1E3E210(571a210) Type: 19 Port Object Header: 0xE1E3E1F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.000000E0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF28D6C0(58b36c0) Type: 6 Thread Object Header: 0xFF28D6A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000140 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF28BB20(579db20) Type: 13 Timer Object Header: 0xFF28BB08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF291360(562c360) Type: 8 Event Object Header: 0xFF291348 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28DAA0(58b3aa0) Type: 8 Event Object Header: 0xFF28DA88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28E4E8(57a04e8) Type: 26 File Object Header: 0xFF28E4D0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\scerpc OBJECT: 0xFF28D488(58b3488) Type: 26 File Object Header: 0xFF28D470 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\scerpc OBJECT: 0xFF110C00(7a9ec00) Type: 8 Event Object Header: 0xFF110BE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1BEB270(3e26270) Type: 4 Token Object Header: 0xE1BEB258 GrantedAccess: c PointerCount: 3 HandleCount: 3 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x8 Token ID: {0,8ee8} ParentToken ID: {0,0} Modified ID: {0,8eea} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default 5 0x4 SeLockMemoryPrivilege Default 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default 9 0x16 SeCreatePermanentPrivilege Default 10 0x20 SeDebugPrivilege Default 11 0x21 SeAuditPrivilege Default 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege OBJECT: 0xFF28B6E0(579d6e0) Type: 6 Thread Object Header: 0xFF28B6C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000014C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF28C400(5795400) Type: 25 IoCompletion Object Header: 0xFF28C3E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Waiting Thread: 0xFF13F8A0 Process: 0xFF29D080 APCProcess: 0xFF29D080 OBJECT: 0xFF1BA020(3e35020) Type: 5 Process Object Header: 0xFF1BA008 GrantedAccess: 1f0fff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: userinit.exe OBJECT: 0xFF1B8D80(11cd80) Type: 8 Event Object Header: 0xFF1B8D68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28AE20(5844e20) Type: 8 Event Object Header: 0xFF28AE08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28E828(57a0828) Type: 26 File Object Header: 0xFF28E810 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xE1E274C0(540f4c0) Type: 18 Key Object Header: 0xE1E274A8 GrantedAccess: 2 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent\ OBJECT: 0xFF28AA00(5844a00) Type: 8 Event Object Header: 0xFF28A9E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28A228(5844228) Type: 26 File Object Header: 0xFF28A210 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe1 OBJECT: 0xFF28A108(5844108) Type: 26 File Object Header: 0xFF28A0F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF28AEA0(5844ea0) Type: 8 Event Object Header: 0xFF28AE88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF289308(58c3308) Type: 26 File Object Header: 0xFF2892F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe1 OBJECT: 0xFF28BA00(579da00) Type: 8 Event Object Header: 0xFF28B9E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF289020(58c3020) Type: 6 Thread Object Header: 0xFF289008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000158 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF289488(58c3488) Type: 26 File Object Header: 0xFF289470 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xE1E585D0(59ba5d0) Type: 19 Port Object Header: 0xE1E585B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.00000148 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF289B28(58c3b28) Type: 26 File Object Header: 0xFF289B10 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF17EFA0(2ff4fa0) Type: 8 Event Object Header: 0xFF17EF88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF287020(590d020) Type: 12 Semaphore Object Header: 0xFF287008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12E3920(197e920) Type: 18 Key Object Header: 0xE12E3908 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\ OBJECT: 0xFF2898A0(58c38a0) Type: 12 Semaphore Object Header: 0xFF289888 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288BE0(5891be0) Type: 12 Semaphore Object Header: 0xFF288BC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF289808(58c3808) Type: 26 File Object Header: 0xFF2897F0 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\config\AppEvent.Evt OBJECT: 0xE12DD630(1966630) Type: 17 Section Object Header: 0xE12DD618 GrantedAccess: 17 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE12E33C8(197e3c8) BasedAddress: 0x0898C4C0 SizeOfSegment: 0x100000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\config\AppEvent.Evt OBJECT: 0xFF288A80(5891a80) Type: 12 Semaphore Object Header: 0xFF288A68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2889A0(58919a0) Type: 12 Semaphore Object Header: 0xFF288988 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288908(5891908) Type: 26 File Object Header: 0xFF2888F0 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\config\SecEvent.Evt OBJECT: 0xE1344530(1add530) Type: 17 Section Object Header: 0xE1344518 GrantedAccess: 17 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1E57EE8(5951ee8) BasedAddress: 0x089894C8 SizeOfSegment: 0x100000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\config\SecEvent.Evt OBJECT: 0xFF287B20(590db20) Type: 12 Semaphore Object Header: 0xFF287B08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF287AE0(590dae0) Type: 12 Semaphore Object Header: 0xFF287AC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2889E8(58919e8) Type: 26 File Object Header: 0xFF2889D0 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\config\SysEvent.Evt OBJECT: 0xE132C9D0(1a969d0) Type: 17 Section Object Header: 0xE132C9B8 GrantedAccess: 17 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1344468(1add468) BasedAddress: 0x089A64C8 SizeOfSegment: 0x100000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\config\SysEvent.Evt OBJECT: 0xFF287820(590d820) Type: 12 Semaphore Object Header: 0xFF287808 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2875A0(590d5a0) Type: 6 Thread Object Header: 0xFF287588 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000168 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF2874E0(590d4e0) Type: 8 Event Object Header: 0xFF2874C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28BA60(579da60) Type: 8 Event Object Header: 0xFF28BA48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E57B40(5951b40) Type: 19 Port Object Header: 0xE1E57B28 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCE00850 Name: ErrorLogPort SecurityDescriptor: 0xE13040F8(1a1d0f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000E4.00000168 ClientThread: 0x00000000 ServerProcess: 0xFF29D080 OBJECT: 0xFF287240(590d240) Type: 6 Thread Object Header: 0xFF287228 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000016C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF288F60(5891f60) Type: 8 Event Object Header: 0xFF288F48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282EE0(5b8dee0) Type: 10 Mutant Object Header: 0xFF282EC8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282F20(5b8df20) Type: 8 Event Object Header: 0xFF282F08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF283AE0(5a9dae0) Type: 8 Event Object Header: 0xFF283AC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D575A0(45cc5a0) Type: 18 Key Object Header: 0xE1D57588 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE12E9680(1994680) Type: 18 Key Object Header: 0xE12E9668 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF283A60(5a9da60) Type: 8 Event Object Header: 0xFF283A48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2839C0(5a9d9c0) Type: 8 Event Object Header: 0xFF2839A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12DACA0(19e0ca0) Type: 18 Key Object Header: 0xE12DAC88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE12EF4A0(19b04a0) Type: 18 Key Object Header: 0xE12EF488 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF283920(5a9d920) Type: 8 Event Object Header: 0xFF283908 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12E7DC0(198ddc0) Type: 18 Key Object Header: 0xE12E7DA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF283880(5a9d880) Type: 8 Event Object Header: 0xFF283868 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12BC660(18ef660) Type: 18 Key Object Header: 0xE12BC648 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF2837E0(5a9d7e0) Type: 8 Event Object Header: 0xFF2837C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12E9F40(1994f40) Type: 18 Key Object Header: 0xE12E9F28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF283740(5a9d740) Type: 8 Event Object Header: 0xFF283728 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2836A0(5a9d6a0) Type: 8 Event Object Header: 0xFF283688 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12E9E80(1994e80) Type: 18 Key Object Header: 0xE12E9E68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF283600(5a9d600) Type: 8 Event Object Header: 0xFF2835E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12DAA60(19e0a60) Type: 18 Key Object Header: 0xE12DAA48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF283560(5a9d560) Type: 8 Event Object Header: 0xFF283548 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12E1C00(1971c00) Type: 18 Key Object Header: 0xE12E1BE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF2834C0(5a9d4c0) Type: 8 Event Object Header: 0xFF2834A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF283B28(5a9db28) Type: 26 File Object Header: 0xFF283B10 GrantedAccess: 120089 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: f0005 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE12E18A0(19718a0) Type: 18 Key Object Header: 0xE12E1888 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF282EA0(5b8dea0) Type: 8 Event Object Header: 0xFF282E88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282E60(5b8de60) Type: 10 Mutant Object Header: 0xFF282E48 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1346820(1ae6820) Type: 18 Key Object Header: 0xE1346808 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xFF282E20(5b8de20) Type: 8 Event Object Header: 0xFF282E08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282DE0(5b8dde0) Type: 10 Mutant Object Header: 0xFF282DC8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282DA0(5b8dda0) Type: 12 Semaphore Object Header: 0xFF282D88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282D60(5b8dd60) Type: 12 Semaphore Object Header: 0xFF282D48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282D20(5b8dd20) Type: 8 Event Object Header: 0xFF282D08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282CE0(5b8dce0) Type: 8 Event Object Header: 0xFF282CC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2829E0(5b8d9e0) Type: 12 Semaphore Object Header: 0xFF2829C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2829A0(5b8d9a0) Type: 12 Semaphore Object Header: 0xFF282988 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12C4740(1910740) Type: 18 Key Object Header: 0xE12C4728 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF282960(5b8d960) Type: 8 Event Object Header: 0xFF282948 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288630(5891630) Type: 10 Mutant Object Header: 0xFF288618 GrantedAccess: 1f0001 PointerCount: 11 HandleCount: 10 Directory: 0xFCC68730 Name: RasPbFile SecurityDescriptor: 0xE1E5D318(59fc318) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF2828A0(5b8d8a0) Type: 8 Event Object Header: 0xFF282888 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282860(5b8d860) Type: 8 Event Object Header: 0xFF282848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282820(5b8d820) Type: 8 Event Object Header: 0xFF282808 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2827E0(5b8d7e0) Type: 12 Semaphore Object Header: 0xFF2827C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2827A0(5b8d7a0) Type: 12 Semaphore Object Header: 0xFF282788 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282760(5b8d760) Type: 8 Event Object Header: 0xFF282748 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2826C8(5b8d6c8) Type: 26 File Object Header: 0xFF2826B0 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF282668 (5b8d668) OBJECT: 0xFF2825E8(5b8d5e8) Type: 26 File Object Header: 0xFF2825D0 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF282588 (5b8d588) OBJECT: 0xFF282508(5b8d508) Type: 26 File Object Header: 0xFF2824F0 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF282468(5b8d468) Type: 26 File Object Header: 0xFF282450 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF2823C8(5b8d3c8) Type: 26 File Object Header: 0xFF2823B0 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE12F5C60(19d2c60) Type: 18 Key Object Header: 0xE12F5C48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xE12BEC20(18f5c20) Type: 18 Key Object Header: 0xE12BEC08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE12BD900(18f3900) Type: 18 Key Object Header: 0xE12BD8E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE12D74A0(19544a0) Type: 18 Key Object Header: 0xE12D7488 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xFF281D60(5bddd60) Type: 8 Event Object Header: 0xFF281D48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF286DA0(5952da0) Type: 6 Thread Object Header: 0xFF286D88 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000015C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF281C80(5bddc80) Type: 8 Event Object Header: 0xFF281C68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12EF260(19b0260) Type: 18 Key Object Header: 0xE12EF248 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF281C00(5bddc00) Type: 8 Event Object Header: 0xFF281BE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12D9840(1958840) Type: 18 Key Object Header: 0xE12D9828 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xFF281B60(5bddb60) Type: 8 Event Object Header: 0xFF281B48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF281B20(5bddb20) Type: 8 Event Object Header: 0xFF281B08 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF281AE0(5bddae0) Type: 8 Event Object Header: 0xFF281AC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF281AA0(5bddaa0) Type: 8 Event Object Header: 0xFF281A88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF281A60(5bdda60) Type: 8 Event Object Header: 0xFF281A48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF286DA0(5952da0) Type: 6 Thread Object Header: 0xFF286D88 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000015C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF2861E0(59521e0) Type: 6 Thread Object Header: 0xFF2861C8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000174 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF2811E0(5bdd1e0) Type: 8 Event Object Header: 0xFF2811C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF281148(5bdd148) Type: 26 File Object Header: 0xFF281130 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF281A20(5bdda20) Type: 8 Event Object Header: 0xFF281A08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12E7A60(198da60) Type: 18 Key Object Header: 0xE12E7A48 GrantedAccess: f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\ OBJECT: 0xE12E6880(198a880) Type: 18 Key Object Header: 0xE12E6868 GrantedAccess: f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE12EF6E0(19b06e0) Type: 18 Key Object Header: 0xE12EF6C8 GrantedAccess: f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\ OBJECT: 0xE12EF6A0(19b06a0) Type: 18 Key Object Header: 0xE12EF688 GrantedAccess: f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ OBJECT: 0xFF281900(5bdd900) Type: 13 Timer Object Header: 0xFF2818E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2818C0(5bdd8c0) Type: 8 Event Object Header: 0xFF2818A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF281880(5bdd880) Type: 8 Event Object Header: 0xFF281868 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF281810(5bdd810) Type: 8 Event Object Header: 0xFF2817F8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: DHCPNEWIPADDRESS SecurityDescriptor: 0xE1E5FB18(5bbcb18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100002;;;WD) OBJECT: 0xFF281840(5bdd840) Type: 8 Event Object Header: 0xFF281828 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF281CC8(5bddcc8) Type: 26 File Object Header: 0xFF281CB0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\DhcpClient OBJECT: 0xFF281580(5bdd580) Type: 6 Thread Object Header: 0xFF281568 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000017C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF281248(5bdd248) Type: 26 File Object Header: 0xFF281230 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF281528 (5bdd528) OBJECT: 0xFF281308(5bdd308) Type: 26 File Object Header: 0xFF2812F0 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBt_Wins_Export OBJECT: 0xFF285D00(5a1ad00) Type: 8 Event Object Header: 0xFF285CE8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF285CC0(5a1acc0) Type: 8 Event Object Header: 0xFF285CA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF280028(5bfe028) Type: 26 File Object Header: 0xFF280010 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBt_Wins_Export OBJECT: 0xFF281500(5bdd500) Type: 8 Event Object Header: 0xFF2814E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF280560(5bfe560) Type: 6 Thread Object Header: 0xFF280548 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000180 ThreadsProcess: 0xFF29D080 OBJECT: 0xE12DB8E0(19828e0) Type: 18 Key Object Header: 0xE12DB8C8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters\ OBJECT: 0xFF2814C0(5bdd4c0) Type: 8 Event Object Header: 0xFF2814A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF285C80(5a1ac80) Type: 8 Event Object Header: 0xFF285C68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF285C40(5a1ac40) Type: 8 Event Object Header: 0xFF285C28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF280100(5bfe100) Type: 8 Event Object Header: 0xFF2800E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27FA00(5ca7a00) Type: 8 Event Object Header: 0xFF27F9E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27FCE0(5ca7ce0) Type: 8 Event Object Header: 0xFF27FCC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27FBA8(5ca7ba8) Type: 26 File Object Header: 0xFF27FB90 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF1FBDA0(d8dda0) Type: 6 Thread Object Header: 0xFF1FBD88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000148 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF27EF88(5becf88) Type: 26 File Object Header: 0xFF27EF70 GrantedAccess: 100001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\drivers\etc OBJECT: 0xFF27F180(5ca7180) Type: 8 Event Object Header: 0xFF27F168 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF280D40(5bfed40) Type: 6 Thread Object Header: 0xFF280D28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000184 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF27E028(5bec028) Type: 26 File Object Header: 0xFF27E010 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF27F0E8 (5ca70e8) Unknown1: 0x00000001 (1) Unknown2: 0xff27f108 OBJECT: 0xFF27FA40(5ca7a40) Type: 8 Event Object Header: 0xFF27FA28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25C200(64a7200) Type: 6 Thread Object Header: 0xFF25C1E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F0 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF280C20(5bfec20) Type: 8 Event Object Header: 0xFF280C08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF286460(5952460) Type: 6 Thread Object Header: 0xFF286448 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000170 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF27F260(5ca7260) Type: 6 Thread Object Header: 0xFF27F248 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000018C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF27F220(5ca7220) Type: 8 Event Object Header: 0xFF27F208 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27F1E0(5ca71e0) Type: 8 Event Object Header: 0xFF27F1C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF280300(5bfe300) Type: 12 Semaphore Object Header: 0xFF2802E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27CCC0(5d6fcc0) Type: 8 Event Object Header: 0xFF27CCA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27E840(5bec840) Type: 5 Process Object Header: 0xFF27E828 GrantedAccess: 1f0fff PointerCount: 110 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF27DD20(5c70d20) Type: 8 Event Object Header: 0xFF27DD08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27CD88(5d6fd88) Type: 26 File Object Header: 0xFF27CD70 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF27DF48(5c70f48) Type: 26 File Object Header: 0xFF27DF30 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe2 OBJECT: 0xFF27DCE0(5c70ce0) Type: 8 Event Object Header: 0xFF27DCC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27DCB0(5c70cb0) Type: 8 Event Object Header: 0xFF27DC98 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: PnP_No_Pending_Install_Events SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF285E10(5a1ae10) Type: 10 Mutant Object Header: 0xFF285DF8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: PnP_Init_Mutex SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF2738A0(5df18a0) Type: 8 Event Object Header: 0xFF273888 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2761C8(5f891c8) Type: 26 File Object Header: 0xFF2761B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF2408C8(6ad88c8) Type: 26 File Object Header: 0xFF2408B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF244020(6a77020) Type: 5 Process Object Header: 0xFF244008 GrantedAccess: 1f0fff PointerCount: 90 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: MSTask.exe OBJECT: 0xFF26E628(5fbb628) Type: 26 File Object Header: 0xFF26E610 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF2743A8(5dce3a8) Type: 26 File Object Header: 0xFF274390 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe3 OBJECT: 0xFF26F9E0(61539e0) Type: 5 Process Object Header: 0xFF26F9C8 GrantedAccess: 1f0fff PointerCount: 21 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avsynmgr.exe OBJECT: 0xFF2744C0(5dce4c0) Type: 5 Process Object Header: 0xFF2744A8 GrantedAccess: 1f0fff PointerCount: 48 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: spoolsv.exe OBJECT: 0xFF280340(5bfe340) Type: 8 Event Object Header: 0xFF280328 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26F5C8(61535c8) Type: 26 File Object Header: 0xFF26F5B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe4 OBJECT: 0xFF26E500(5fbb500) Type: 8 Event Object Header: 0xFF26E4E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF265460(5f0b460) Type: 8 Event Object Header: 0xFF265448 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27D020(5c70020) Type: 5 Process Object Header: 0xFF27D008 GrantedAccess: 1f0fff PointerCount: 113 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF265868(5f0b868) Type: 26 File Object Header: 0xFF265850 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF266C28(6020c28) Type: 26 File Object Header: 0xFF266C10 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe5 OBJECT: 0xFF26DD40(5f3ad40) Type: 6 Thread Object Header: 0xFF26DD28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001D8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF2645C0(62d35c0) Type: 8 Event Object Header: 0xFF2645A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF264580(62d3580) Type: 8 Event Object Header: 0xFF264568 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E73AB0(6103ab0) Type: 19 Port Object Header: 0xE1E73A98 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.00000148 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1E74F50(60a4f50) Type: 19 Port Object Header: 0xE1E74F38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.000001D8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF264520(62d3520) Type: 8 Event Object Header: 0xFF264508 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF264420(62d3420) Type: 8 Event Object Header: 0xFF264408 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF264308(62d3308) Type: 26 File Object Header: 0xFF2642F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF264488(62d3488) Type: 26 File Object Header: 0xFF264470 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF262E88(6296e88) Type: 26 File Object Header: 0xFF262E70 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF261630(615b630) Type: 8 Event Object Header: 0xFF261618 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: ReSyncKernel SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF261670(615b670) Type: 8 Event Object Header: 0xFF261658 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: DmioLoaded SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF2615D0(615b5d0) Type: 8 Event Object Header: 0xFF2615B8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: DmAdminStop SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF261590(615b590) Type: 8 Event Object Header: 0xFF261578 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: LDMAdmin SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFCDE0690(13fd690) Type: 8 Event Object Header: 0xFCDE0678 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCD87150 Name: VxKernel2VoldEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF25E3E0(63973e0) Type: 8 Event Object Header: 0xFF25E3C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25E960(6397960) Type: 8 Event Object Header: 0xFF25E948 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF250C20(6797c20) Type: 8 Event Object Header: 0xFF250C08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF280380(5bfe380) Type: 12 Semaphore Object Header: 0xFF280368 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF251100(65f2100) Type: 8 Event Object Header: 0xFF2510E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF280960(5bfe960) Type: 8 Event Object Header: 0xFF280948 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25BDA0(65b9da0) Type: 6 Thread Object Header: 0xFF25BD88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF25F888(628f888) Type: 26 File Object Header: 0xFF25F870 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe0 OBJECT: 0xFF24B300(66ea300) Type: 5 Process Object Header: 0xFF24B2E8 GrantedAccess: 1f0fff PointerCount: 12 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: regsvc.exe OBJECT: 0xFF250F88(6797f88) Type: 26 File Object Header: 0xFF250F70 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF24B020(66ea020) Type: 6 Thread Object Header: 0xFF24B008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000214 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF24CEA8(65cbea8) Type: 26 File Object Header: 0xFF24CE90 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe6 OBJECT: 0xFF245328(6914328) Type: 26 File Object Header: 0xFF245310 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF2454A8(69144a8) Type: 26 File Object Header: 0xFF245490 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe7 OBJECT: 0xFF243600(6985600) Type: 12 Semaphore Object Header: 0xFF2435E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2435C0(69855c0) Type: 12 Semaphore Object Header: 0xFF2435A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF243580(6985580) Type: 8 Event Object Header: 0xFF243568 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F53A0(17d3a0) Type: 8 Event Object Header: 0xFF1F5388 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF225F00(9bef00) Type: 8 Event Object Header: 0xFF225EE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E954D0(683c4d0) Type: 19 Port Object Header: 0xE1E954B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.000001F4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF225B68(9beb68) Type: 26 File Object Header: 0xFF225B50 GrantedAccess: 100000 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: LanmanRedirector OBJECT: 0xFF2425E0(697f5e0) Type: 8 Event Object Header: 0xFF2425C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF242570(697f570) Type: 8 Event Object Header: 0xFF242558 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: PS_SERVICE_STARTED SecurityDescriptor: 0xE1DE8458(510b458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100000;;;WD) OBJECT: 0xFF2413C8(692e3c8) Type: 26 File Object Header: 0xFF2413B0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF240D08(6ad8d08) Type: 26 File Object Header: 0xFF240CF0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF290AF0(560baf0) Type: 8 Event Object Header: 0xFF290AD8 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 4 Directory: 0xFCC68730 Name: crypt32LogoffEvent SecurityDescriptor: 0xE1372438(2799438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100000;;;WD) OBJECT: 0xFF243700(6985700) Type: 8 Event Object Header: 0xFF2436E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23FA20(6d42a20) Type: 8 Event Object Header: 0xFF23FA08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA0990(6c61990) Type: 19 Port Object Header: 0xE1EA0978 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.0000020C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1EA34B0(6c0f4b0) Type: 19 Port Object Header: 0xE1EA3498 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.00000148 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF237A08(6ccaa08) Type: 26 File Object Header: 0xFF2379F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF236580(6b6b580) Type: 8 Event Object Header: 0xFF236568 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2365C0(6b6b5c0) Type: 25 IoCompletion Object Header: 0xFF2365A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Waiting Thread: 0xFF23F020 Process: 0xFF29D080 APCProcess: 0xFF29D080 OBJECT: 0xFF23F020(6d42020) Type: 6 Thread Object Header: 0xFF23F008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000230 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF250280(6797280) Type: 8 Event Object Header: 0xFF250268 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF236448(6b6b448) Type: 26 File Object Header: 0xFF236430 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\SecondaryLogon OBJECT: 0xFF23F528(6d42528) Type: 26 File Object Header: 0xFF23F510 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF2344E0(6c5d4e0) Type: 8 Event Object Header: 0xFF2344C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2323A0(70d33a0) Type: 8 Event Object Header: 0xFF232388 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22D9E0(7b039e0) Type: 8 Event Object Header: 0xFF22D9C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF22C5C8(7aef5c8) Type: 26 File Object Header: 0xFF22C5B0 GrantedAccess: f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: LanmanServer OBJECT: 0xFF248500(681b500) Type: 12 Semaphore Object Header: 0xFF2484E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2484C0(681b4c0) Type: 12 Semaphore Object Header: 0xFF2484A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF247FE0(679afe0) Type: 8 Event Object Header: 0xFF247FC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23F820(6d42820) Type: 8 Event Object Header: 0xFF23F808 GrantedAccess: 100003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13631C0(22dc1c0) Type: 19 Port Object Header: 0xE13631A8 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 1 Directory: 0xFCE00850 Name: XactSrvLpcPort SecurityDescriptor: 0xE13040F8(1a1d0f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000E4.000001F0 ClientThread: 0x00000000 ServerProcess: 0xFF29D080 OBJECT: 0xE12AC1E0(19ec1e0) Type: 18 Key Object Header: 0xE12AC1C8 GrantedAccess: 10 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Parameters\ OBJECT: 0xE1E6FC50(602fc50) Type: 19 Port Object Header: 0xE1E6FC38 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.000001F0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF2485A0(681b5a0) Type: 8 Event Object Header: 0xFF248588 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF225328(9be328) Type: 26 File Object Header: 0xFF225310 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFCC96330(12b3330) Type: 8 Event Object Header: 0xFCC96318 GrantedAccess: 100003 PointerCount: 5 HandleCount: 2 Directory: 0xFCE00850 Name: LanmanServerAnnounceEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF247400(679a400) Type: 8 Event Object Header: 0xFF2473E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF235DA0(6e37da0) Type: 6 Thread Object Header: 0xFF235D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000294 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF232C00(70d3c00) Type: 12 Semaphore Object Header: 0xFF232BE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF222308(831308) Type: 26 File Object Header: 0xFF2222F0 GrantedAccess: 100000 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: LanmanDatagramReceiver OBJECT: 0xFF232B60(70d3b60) Type: 12 Semaphore Object Header: 0xFF232B48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EEE00(74fe00) Type: 8 Event Object Header: 0xFF1EEDE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD7DDC8(139adc8) Type: 26 File Object Header: 0xFCD7DDB0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF224C20(a41c20) Type: 8 Event Object Header: 0xFF224C08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EDC60(81c60) Type: 6 Thread Object Header: 0xFF1EDC48 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002D4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1FAFF0(f6fff0) Type: 8 Event Object Header: 0xFF1FAFD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: WkssvcToAgentStartEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF25B1E0(65b91e0) Type: 8 Event Object Header: 0xFF25B1C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF208580(def580) Type: 13 Timer Object Header: 0xFF208568 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F61E0(35c1e0) Type: 8 Event Object Header: 0xFF1F61C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F5D60(17dd60) Type: 5 Process Object Header: 0xFF1F5D48 GrantedAccess: 1f0fff PointerCount: 47 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: WinMgmt.exe OBJECT: 0xFF1F5A48(17da48) Type: 26 File Object Header: 0xFF1F5A30 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe8 OBJECT: 0xFF1F65C0(35c5c0) Type: 20 WaitablePort Object Header: 0xFF1F65A8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCDFD730 Name: TRKWKS_PORT OBJECT: 0xFCDF8A10(1415a10) Type: 8 Event Object Header: 0xFCDF89F8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCDFD730 Name: TRKWKS_EVENT SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1EEE80(74fe80) Type: 8 Event Object Header: 0xFF1EEE68 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF1F6520(35c520) Type: 8 Event Object Header: 0xFF1F6508 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EDC60(81c60) Type: 6 Thread Object Header: 0xFF1EDC48 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002D4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF25B230(65b9230) Type: 8 Event Object Header: 0xFF25B218 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: WkssvcToAgentStopEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1F6570(35c570) Type: 8 Event Object Header: 0xFF1F6558 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: AgentToWkssvcEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1EE810(74f810) Type: 8 Event Object Header: 0xFF1EE7F8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: wkssvc: MUP finished initializing event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1F53E0(17d3e0) Type: 8 Event Object Header: 0xFF1F53C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F5460(17d460) Type: 8 Event Object Header: 0xFF1F5448 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xE1E85960(67d4960) Type: 18 Key Object Header: 0xE1E85948 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation\Parameters\ OBJECT: 0xFF1F54A0(17d4a0) Type: 8 Event Object Header: 0xFF1F5488 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F95A0(e905a0) Type: 6 Thread Object Header: 0xFF1F9588 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF225EC0(9beec0) Type: 8 Event Object Header: 0xFF225EA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E3760(61c760) Type: 8 Event Object Header: 0xFF1E3748 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DE860(3eca860) Type: 8 Event Object Header: 0xFF1DE848 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF225E00(9bee00) Type: 12 Semaphore Object Header: 0xFF225DE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF225E40(9bee40) Type: 12 Semaphore Object Header: 0xFF225E28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25B148(65b9148) Type: 26 File Object Header: 0xFF25B130 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: Netbios OBJECT: 0xFF1ED9E0(819e0) Type: 8 Event Object Header: 0xFF1ED9C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ED9A0(819a0) Type: 8 Event Object Header: 0xFF1ED988 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ED960(81960) Type: 8 Event Object Header: 0xFF1ED948 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ED920(81920) Type: 8 Event Object Header: 0xFF1ED908 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ED8E0(818e0) Type: 8 Event Object Header: 0xFF1ED8C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EC980(817980) Type: 6 Thread Object Header: 0xFF1EC968 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002B8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1EED48(74fd48) Type: 26 File Object Header: 0xFF1EED30 GrantedAccess: 100000 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: LanmanDatagramReceiver OBJECT: 0xFF1ED860(81860) Type: 12 Semaphore Object Header: 0xFF1ED848 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EBA20(3e43a20) Type: 13 Timer Object Header: 0xFF1EBA08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24A580(6869580) Type: 6 Thread Object Header: 0xFF24A568 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002D8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF13E268(763d268) Type: 26 File Object Header: 0xFF13E250 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF1EB860(3e43860) Type: 12 Semaphore Object Header: 0xFF1EB848 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EC1E0(8171e0) Type: 12 Semaphore Object Header: 0xFF1EC1C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21D4A0(bbe4a0) Type: 8 Event Object Header: 0xFF21D488 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2861E0(59521e0) Type: 6 Thread Object Header: 0xFF2861C8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000174 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF191640(2138640) Type: 5 Process Object Header: 0xFF191628 GrantedAccess: 1f0fff PointerCount: 15 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: dfrws2005.exe OBJECT: 0xFF1C4C88(6758c88) Type: 26 File Object Header: 0xFF1C4C70 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe9 OBJECT: 0xE1EA9D90(6e68d90) Type: 19 Port Object Header: 0xE1EA9D78 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.00000148 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF280560(5bfe560) Type: 6 Thread Object Header: 0xFF280548 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000180 ThreadsProcess: 0xFF29D080 OBJECT: 0xFCC66188(1283188) Type: 26 File Object Header: 0xFCC66170 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF28B6E0(579d6e0) Type: 6 Thread Object Header: 0xFF28B6C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000014C ThreadsProcess: 0xFF29D080 OBJECT: 0xE1EB1650(721650) Type: 19 Port Object Header: 0xE1EB1638 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.00000168 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF28CD08(5795d08) Type: 26 File Object Header: 0xFF28CCF0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\WMIEP_1e0 OBJECT: 0xFF190100(214a100) Type: 8 Event Object Header: 0xFF1900E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF270020(6069020) Type: 8 Event Object Header: 0xFF270008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF257B80(656cb80) Type: 8 Event Object Header: 0xFF257B68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0F1E80(749ee80) Type: 10 Mutant Object Header: 0xFF0F1E68 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FC6A0(d0b6a0) Type: 8 Event Object Header: 0xFF1FC688 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27BA40(5cf0a40) Type: 6 Thread Object Header: 0xFF27BA28 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001A4 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF15C4A0(b144a0) Type: 8 Event Object Header: 0xFF15C488 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0F23A0(71393a0) Type: 6 Thread Object Header: 0xFF0F2388 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000043C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF126960(250d960) Type: 8 Event Object Header: 0xFF126948 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14E020(dbe020) Type: 8 Event Object Header: 0xFF14E008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF11E620(7071620) Type: 10 Mutant Object Header: 0xFF11E608 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF11AA20(2cc1a20) Type: 10 Mutant Object Header: 0xFF11AA08 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF11AD80(2cc1d80) Type: 8 Event Object Header: 0xFF11AD68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF11A1A0(2cc11a0) Type: 8 Event Object Header: 0xFF11A188 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF119CA0(dccca0) Type: 8 Event Object Header: 0xFF119C88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E9AE8(7f5ae8) Type: 26 File Object Header: 0xFF1E9AD0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF0D4500(50ab500) Type: 8 Event Object Header: 0xFF0D44E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1BEB270(3e26270) Type: 4 Token Object Header: 0xE1BEB258 GrantedAccess: c PointerCount: 3 HandleCount: 3 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x8 Token ID: {0,8ee8} ParentToken ID: {0,0} Modified ID: {0,8eea} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default 5 0x4 SeLockMemoryPrivilege Default 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default 9 0x16 SeCreatePermanentPrivilege Default 10 0x20 SeDebugPrivilege Default 11 0x21 SeAuditPrivilege Default 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege OBJECT: 0xFF0E2FA0(4fd3fa0) Type: 8 Event Object Header: 0xFF0E2F88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE21B3180(3400180) Type: 18 Key Object Header: 0xE21B3168 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xE21BDE40(59d3e40) Type: 18 Key Object Header: 0xE21BDE28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EnterpriseCertificates\Root\ OBJECT: 0xE131F540(1a6c540) Type: 18 Key Object Header: 0xE131F528 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE21D8A80(4fdba80) Type: 18 Key Object Header: 0xE21D8A68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\SystemCertificates\Root\ OBJECT: 0xE1E32A80(5595a80) Type: 18 Key Object Header: 0xE1E32A68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\SystemCertificates\ca\ OBJECT: 0xE1E69020(5df9020) Type: 18 Key Object Header: 0xE1E69008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\SystemCertificates\ca\ OBJECT: 0xE1C05D80(5820d80) Type: 18 Key Object Header: 0xE1C05D68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EnterpriseCertificates\ca\ OBJECT: 0xE2056E60(279fe60) Type: 18 Key Object Header: 0xE2056E48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\SystemCertificates\Trust\ OBJECT: 0xE12D6820(194f820) Type: 18 Key Object Header: 0xE12D6808 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE1BFFEA0(6dbbea0) Type: 18 Key Object Header: 0xE1BFFE88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\SystemCertificates\Trust\ OBJECT: 0xE2126B20(2556b20) Type: 18 Key Object Header: 0xE2126B08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EnterpriseCertificates\Trust\ OBJECT: 0xE200B0A0(ab50a0) Type: 18 Key Object Header: 0xE200B088 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\SystemCertificates\ca\ OBJECT: 0xE21B5340(4664340) Type: 18 Key Object Header: 0xE21B5328 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE1F51DE0(1d05de0) Type: 18 Key Object Header: 0xE1F51DC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\SystemCertificates\ca\ OBJECT: 0xE21CA740(332b740) Type: 18 Key Object Header: 0xE21CA728 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EnterpriseCertificates\ca\ OBJECT: 0xE21AE340(5191340) Type: 18 Key Object Header: 0xE21AE328 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF178020(4075020) Type: 8 Event Object Header: 0xFF178008 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 13 SecurityDescriptor: (null) OBJECT: 0xE1EE3DC0(7bc0dc0) Type: 18 Key Object Header: 0xE1EE3DA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\SystemCertificates\my\ OBJECT: 0xFF12C400(5abe400) Type: 8 Event Object Header: 0xFF12C3E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFCC67400(1284400) Type: 8 Event Object Header: 0xFCC673E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12C400(5abe400) Type: 8 Event Object Header: 0xFF12C3E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF178020(4075020) Type: 8 Event Object Header: 0xFF178008 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 13 SecurityDescriptor: (null) OBJECT: 0xFF23BCE0(6c75ce0) Type: 8 Event Object Header: 0xFF23BCC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF27B1A0(5cf01a0) Type: 8 Event Object Header: 0xFF27B188 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD1E7A0(133b7a0) Type: 8 Event Object Header: 0xFCD1E788 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF199E60(8bee60) Type: 8 Event Object Header: 0xFF199E48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2472D0(679a2d0) Type: 8 Event Object Header: 0xFF2472B8 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 3 Directory: 0xFCC68730 Name: userenv: Machine Group Policy has been applied SecurityDescriptor: 0xE1DEE6F8(519c6f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) OBJECT: 0xFF0C08E0(50d38e0) Type: 6 Thread Object Header: 0xFF0C08C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000040C ThreadsProcess: 0xFF29D080 OBJECT: 0xE21D8600(4fdb600) Type: 18 Key Object Header: 0xE21D85E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Policies\MICROSOFT\SystemCertificates\ OBJECT: 0xFF23BCE0(6c75ce0) Type: 8 Event Object Header: 0xFF23BCC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF178020(4075020) Type: 8 Event Object Header: 0xFF178008 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 13 SecurityDescriptor: (null) OBJECT: 0xFF25E0A0(63970a0) Type: 8 Event Object Header: 0xFF25E088 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF1DD240(3d92240) Type: 8 Event Object Header: 0xFF1DD228 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25E0A0(63970a0) Type: 8 Event Object Header: 0xFF25E088 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF178020(4075020) Type: 8 Event Object Header: 0xFF178008 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 13 SecurityDescriptor: (null) OBJECT: 0xFF232160(70d3160) Type: 8 Event Object Header: 0xFF232148 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF129FA0(6601fa0) Type: 8 Event Object Header: 0xFF129F88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232160(70d3160) Type: 8 Event Object Header: 0xFF232148 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF178020(4075020) Type: 8 Event Object Header: 0xFF178008 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 13 SecurityDescriptor: (null) OBJECT: 0xFF1E1B40(7e42b40) Type: 8 Event Object Header: 0xFF1E1B28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFCD78860(1395860) Type: 8 Event Object Header: 0xFCD78848 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BEA80(5dc2a80) Type: 8 Event Object Header: 0xFF1BEA68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF224830(a41830) Type: 8 Event Object Header: 0xFF224818 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 3 Directory: 0xFCC68730 Name: userenv: User Group Policy has been applied SecurityDescriptor: 0xE1DEE6F8(519c6f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) OBJECT: 0xE13671A0(24ef1a0) Type: 18 Key Object Header: 0xE1367188 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\MICROSOFT\SystemCertificates\ OBJECT: 0xFF1E1B40(7e42b40) Type: 8 Event Object Header: 0xFF1E1B28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF178020(4075020) Type: 8 Event Object Header: 0xFF178008 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 13 SecurityDescriptor: (null) OBJECT: 0xFF20DC00(d14c00) Type: 8 Event Object Header: 0xFF20DBE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF1556C0(dd86c0) Type: 8 Event Object Header: 0xFF1556A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF20DC00(d14c00) Type: 8 Event Object Header: 0xFF20DBE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF178020(4075020) Type: 8 Event Object Header: 0xFF178008 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 13 SecurityDescriptor: (null) OBJECT: 0xFF103800(3e4a800) Type: 8 Event Object Header: 0xFF1037E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF103800(3e4a800) Type: 8 Event Object Header: 0xFF1037E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF103880(3e4a880) Type: 8 Event Object Header: 0xFF103868 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFCD1F0C0(133c0c0) Type: 8 Event Object Header: 0xFCD1F0A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF103880(3e4a880) Type: 8 Event Object Header: 0xFF103868 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF178020(4075020) Type: 8 Event Object Header: 0xFF178008 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 13 SecurityDescriptor: (null) OBJECT: 0xFF154C60(9acc60) Type: 8 Event Object Header: 0xFF154C48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF2338A0(6c6d8a0) Type: 8 Event Object Header: 0xFF233888 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF154C60(9acc60) Type: 8 Event Object Header: 0xFF154C48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF178020(4075020) Type: 8 Event Object Header: 0xFF178008 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 13 SecurityDescriptor: (null) OBJECT: 0xFF28F680(575b680) Type: 8 Event Object Header: 0xFF28F668 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF169360(7091360) Type: 8 Event Object Header: 0xFF169348 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14ECE0(dbece0) Type: 8 Event Object Header: 0xFF14ECC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F4EAC0(436fac0) Type: 18 Key Object Header: 0xE1F4EAA8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\MICROSOFT\SystemCertificates\ OBJECT: 0xFF28F680(575b680) Type: 8 Event Object Header: 0xFF28F668 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF178020(4075020) Type: 8 Event Object Header: 0xFF178008 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 13 SecurityDescriptor: (null) OBJECT: 0xFF258C00(652bc00) Type: 8 Event Object Header: 0xFF258BE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF1D6860(58a0860) Type: 8 Event Object Header: 0xFF1D6848 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF258C00(652bc00) Type: 8 Event Object Header: 0xFF258BE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF178020(4075020) Type: 8 Event Object Header: 0xFF178008 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 13 SecurityDescriptor: (null) OBJECT: 0xFF0BC4A0(15b24a0) Type: 8 Event Object Header: 0xFF0BC488 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF0BC4A0(15b24a0) Type: 8 Event Object Header: 0xFF0BC488 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF258340(652b340) Type: 8 Event Object Header: 0xFF258328 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF114580(21c1580) Type: 8 Event Object Header: 0xFF114568 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF258340(652b340) Type: 8 Event Object Header: 0xFF258328 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF178020(4075020) Type: 8 Event Object Header: 0xFF178008 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 13 SecurityDescriptor: (null) OBJECT: 0xFF1FA180(f6f180) Type: 8 Event Object Header: 0xFF1FA168 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF0F48C0(60128c0) Type: 8 Event Object Header: 0xFF0F48A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FA180(f6f180) Type: 8 Event Object Header: 0xFF1FA168 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF178020(4075020) Type: 8 Event Object Header: 0xFF178008 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 13 SecurityDescriptor: (null) OBJECT: 0xFF14BAA8(1f6aa8) Type: 26 File Object Header: 0xFF14BA90 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\WMIEP_334 OBJECT: 0xFF0F8C20(22adc20) Type: 8 Event Object Header: 0xFF0F8C08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28D308(58b3308) Type: 26 File Object Header: 0xFF28D2F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF1485A0(19b45a0) Type: 8 Event Object Header: 0xFF148588 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF136BE8(19bcbe8) Type: 26 File Object Header: 0xFF136BD0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xE1E27130(540f130) Type: 19 Port Object Header: 0xE1E27118 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.00000144 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF24A400(6869400) Type: 8 Event Object Header: 0xFF24A3E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F24780(ea4780) Type: 18 Key Object Header: 0xE1F24768 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Browser\Parameters\ OBJECT: 0xFF24A500(6869500) Type: 8 Event Object Header: 0xFF24A4E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18E500(2499500) Type: 8 Event Object Header: 0xFF18E4E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF149680(eb2680) Type: 8 Event Object Header: 0xFF149668 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21E0E0(9fd0e0) Type: 8 Event Object Header: 0xFF21E0C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24A580(6869580) Type: 6 Thread Object Header: 0xFF24A568 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002D8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1E4AE8(7ebae8) Type: 26 File Object Header: 0xFF1E4AD0 GrantedAccess: 160089 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: Mailslot\messngr OBJECT: 0xFF1E4428(7eb428) Type: 26 File Object Header: 0xFF1E4410 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xE1EB2A30(9a4a30) Type: 4 Token Object Header: 0xE1EB2A18 GrantedAccess: f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: 0xE1F08E18(c3be18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,c503} ParentToken ID: {0,0} Modified ID: {0,c70e} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF17DA20(3082a20) Type: 8 Event Object Header: 0xFF17DA08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EC148(817148) Type: 26 File Object Header: 0xFF1EC130 GrantedAccess: 1f01ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF1E26C8 (40016c8) Type: 0xafd1 Process: 0xFF29D080 services.exe EndpointLinks: {0xFF234638:FF2333D8} AfdTransportAddress: 0xFF27B968 (5cf0968) DeviceString: \Device\Udp OBJECT: 0xFF1E49E0(7eb9e0) Type: 8 Event Object Header: 0xFF1E49C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25BDA0(65b9da0) Type: 6 Thread Object Header: 0xFF25BD88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001F8 ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1E14E8(7e424e8) Type: 26 File Object Header: 0xFF1E14D0 GrantedAccess: 160089 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\Winsock2\CatalogChangeListener-e4-0 OBJECT: 0xE1350F50(1b0af50) Type: 19 Port Object Header: 0xE1350F38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.00000150 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1E1448(7e42448) Type: 26 File Object Header: 0xFF1E1430 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1E4388 (7eb388) Unknown2: 0xff1e4988 Address Object: 0xFF1E1268 (7e42268) Local Address: 0x0:204 0.0.0.0:1026 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF1DE8A0(3eca8a0) Type: 12 Semaphore Object Header: 0xFF1DE888 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2999A0(53689a0) Type: 12 Semaphore Object Header: 0xFF299988 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1BE60E0(29710e0) Type: 18 Key Object Header: 0xE1BE60C8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASADHLP\ OBJECT: 0xFF1E36E0(61c6e0) Type: 8 Event Object Header: 0xFF1E36C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E36A0(61c6a0) Type: 8 Event Object Header: 0xFF1E3688 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E45E8(7eb5e8) Type: 26 File Object Header: 0xFF1E45D0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: WMIServiceDevice OBJECT: 0xE1BEB270(3e26270) Type: 4 Token Object Header: 0xE1BEB258 GrantedAccess: f01ff PointerCount: 3 HandleCount: 3 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x8 Token ID: {0,8ee8} ParentToken ID: {0,0} Modified ID: {0,8eea} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default 5 0x4 SeLockMemoryPrivilege Default 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default 9 0x16 SeCreatePermanentPrivilege Default 10 0x20 SeDebugPrivilege Default 11 0x21 SeAuditPrivilege Default 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege OBJECT: 0xFF1DDDE0(3d92de0) Type: 8 Event Object Header: 0xFF1DDDC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF173C40(44cec40) Type: 8 Event Object Header: 0xFF173C28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF219E60(c94e60) Type: 8 Event Object Header: 0xFF219E48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0DCFE0(44cafe0) Type: 8 Event Object Header: 0xFF0DCFC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6968(2898968) Type: 26 File Object Header: 0xFF1C6950 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF26D828(5f3a828) Type: 26 File Object Header: 0xFF26D810 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF15C980(b14980) Type: 8 Event Object Header: 0xFF15C968 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BD568(f0c568) Type: 26 File Object Header: 0xFF1BD550 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF28BD60(579dd60) Type: 6 Thread Object Header: 0xFF28BD48 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000013C ThreadsProcess: 0xFF29D080 OBJECT: 0xFF1D3020(6c09020) Type: 8 Event Object Header: 0xFF1D3008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0D2560(2b72560) Type: 8 Event Object Header: 0xFF0D2548 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 7. TABLE: 0xFF29B9E8(529e9e8): Table: 0xE1E14000 QuotaProcess: 0xFF29BA80 ProcessId: f0 HandleCount: 280 CapturedHandleCount: 280 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12A5110(18b0110) Type: 17 Section Object Header: 0xE12A50F8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE135E728(2219728) BasedAddress: 0x08862430 SizeOfSegment: 0xa000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\lsass.exe OBJECT: 0xFF29B660(529e660) Type: 8 Event Object Header: 0xFF29B648 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29B560(529e560) Type: 8 Event Object Header: 0xFF29B548 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29B500(529e500) Type: 8 Event Object Header: 0xFF29B4E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF29B468(529e468) Type: 26 File Object Header: 0xFF29B450 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF298CA0(536eca0) Type: 8 Event Object Header: 0xFF298C88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1DC7BF0(50d2bf0) Type: 19 Port Object Header: 0xE1DC7BD8 GrantedAccess: 1f0001 PointerCount: 14 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.000000EC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFF298B60(536eb60) Type: 8 Event Object Header: 0xFF298B48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE132B260(1a98260) Type: 18 Key Object Header: 0xE132B248 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF285D00(5a1ad00) Type: 8 Event Object Header: 0xFF285CE8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation Object Header: 0xFF29A440 GrantedAccess: f016e PointerCount: 28 HandleCount: 17 Directory: 0xFCC663D0 Name: Service-0x0-3e7$ OBJECT: 0xFF298ED8(536eed8) Type: 16 Desktop Object Header: 0xFF298EC0 GrantedAccess: f00cf PointerCount: 344 HandleCount: 10 Directory: 0x00000000 Name: Default OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation Object Header: 0xFF29A440 GrantedAccess: f016e PointerCount: 28 HandleCount: 17 Directory: 0xFCC663D0 Name: Service-0x0-3e7$ OBJECT: 0xFF2975C0(53795c0) Type: 8 Event Object Header: 0xFF2975A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297580(5379580) Type: 8 Event Object Header: 0xFF297568 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF25BD08(65b9d08) Type: 26 File Object Header: 0xFF25BCF0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe0 OBJECT: 0xFF2962E0(53bd2e0) Type: 8 Event Object Header: 0xFF2962C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1330CC0(1ac2cc0) Type: 18 Key Object Header: 0xE1330CA8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll\ OBJECT: 0xE132F620(1a7b620) Type: 18 Key Object Header: 0xE132F608 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll\ OBJECT: 0xE1E28600(53f2600) Type: 18 Key Object Header: 0xE1E285E8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll\ OBJECT: 0xFF295F60(5556f60) Type: 12 Semaphore Object Header: 0xFF295F48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF295020(5556020) Type: 6 Thread Object Header: 0xFF295008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000100 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF2A3B40(513ab40) Type: 13 Timer Object Header: 0xFF2A3B28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF295F20(5556f20) Type: 8 Event Object Header: 0xFF295F08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E283C0(53f23c0) Type: 19 Port Object Header: 0xE1E283A8 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 1 Directory: 0xFCE00850 Name: SeLsaCommandPort SecurityDescriptor: 0xE13040F8(1a1d0f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000F0.000000EC ClientThread: 0x00000000 ServerProcess: 0xFF29BA80 OBJECT: 0xFCC99910(12b6910) Type: 8 Event Object Header: 0xFCC998F8 GrantedAccess: 2 PointerCount: 2 HandleCount: 1 Directory: 0xFCE00850 Name: SeLsaInitEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1315370(1a54370) Type: 19 Port Object Header: 0xE1315358 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.000000EC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1E282D0(53f22d0) Type: 19 Port Object Header: 0xE1E282B8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.000000EC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF295B60(5556b60) Type: 12 Semaphore Object Header: 0xFF295B48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF295B20(5556b20) Type: 12 Semaphore Object Header: 0xFF295B08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13C0FC0(30dcfc0) Type: 18 Key Object Header: 0xE13C0FA8 GrantedAccess: 6001d PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SECURITY\ OBJECT: 0xE13C0F80(30dcf80) Type: 18 Key Object Header: 0xE13C0F68 GrantedAccess: 3001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SECURITY\RXACT\ OBJECT: 0xFF295AE0(5556ae0) Type: 8 Event Object Header: 0xFF295AC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF295AA0(5556aa0) Type: 8 Event Object Header: 0xFF295A88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF295A60(5556a60) Type: 8 Event Object Header: 0xFF295A48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF295A20(5556a20) Type: 8 Event Object Header: 0xFF295A08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29B6E0(529e6e0) Type: 6 Thread Object Header: 0xFF29B6C8 GrantedAccess: 1f03ff PointerCount: 2 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000EC ThreadsProcess: 0xFF29BA80 OBJECT: 0xE1E29C00(5455c00) Type: 18 Key Object Header: 0xE1E29BE8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SECURITY\Policy\ OBJECT: 0xFF2949E0(55679e0) Type: 6 Thread Object Header: 0xFF2949C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000110 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF294C80(5567c80) Type: 13 Timer Object Header: 0xFF294C68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2AD40(550dd40) Type: 18 Key Object Header: 0xE1E2AD28 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\ OBJECT: 0xFF2949A0(55679a0) Type: 12 Semaphore Object Header: 0xFF294988 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2AC40(550dc40) Type: 18 Key Object Header: 0xE1E2AC28 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\DS\ObjectNames\ OBJECT: 0xE1E295C0(54555c0) Type: 18 Key Object Header: 0xE1E295A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\Lsa\ObjectNames\ OBJECT: 0xE1E2AB20(550db20) Type: 18 Key Object Header: 0xE1E2AB08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\NetDDE Object\ObjectNames\ OBJECT: 0xE1E2AA20(550da20) Type: 18 Key Object Header: 0xE1E2AA08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\SC Manager\ObjectNames\ OBJECT: 0xE1E2A9A0(550d9a0) Type: 18 Key Object Header: 0xE1E2A988 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\SECURITY\ObjectNames\ OBJECT: 0xE1E29140(5455140) Type: 18 Key Object Header: 0xE1E29128 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\Security Account Manager\ObjectNames\ OBJECT: 0xE1E2A560(550d560) Type: 18 Key Object Header: 0xE1E2A548 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\Spooler\ObjectNames\ OBJECT: 0xFF294960(5567960) Type: 12 Semaphore Object Header: 0xFF294948 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF294920(5567920) Type: 12 Semaphore Object Header: 0xFF294908 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2948E0(55678e0) Type: 12 Semaphore Object Header: 0xFF2948C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF292100(5572100) Type: 12 Semaphore Object Header: 0xFF2920E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF296C00(53bdc00) Type: 25 IoCompletion Object Header: 0xFF296BE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Waiting Thread: 0xFF294500 Process: 0xFF29BA80 APCProcess: 0xFF29BA80 OBJECT: 0xFF293D20(55dbd20) Type: 12 Semaphore Object Header: 0xFF293D08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF294480(5567480) Type: 8 Event Object Header: 0xFF294468 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF292140(5572140) Type: 12 Semaphore Object Header: 0xFF292128 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12B5160(18d4160) Type: 18 Key Object Header: 0xE12B5148 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Kerberos\SidCache\ OBJECT: 0xFF2920C0(55720c0) Type: 12 Semaphore Object Header: 0xFF2920A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF292080(5572080) Type: 12 Semaphore Object Header: 0xFF292068 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF291020(562c020) Type: 12 Semaphore Object Header: 0xFF291008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12B6440(18d6440) Type: 18 Key Object Header: 0xE12B6428 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Kerberos\Domains\ OBJECT: 0xFF291FE0(562cfe0) Type: 8 Event Object Header: 0xFF291FC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29B6E0(529e6e0) Type: 6 Thread Object Header: 0xFF29B6C8 GrantedAccess: 1f03ff PointerCount: 2 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000EC ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF291F20(562cf20) Type: 8 Event Object Header: 0xFF291F08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE132F440(1a7b440) Type: 18 Key Object Header: 0xE132F428 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF291E80(562ce80) Type: 8 Event Object Header: 0xFF291E68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1340CC0(1ac8cc0) Type: 18 Key Object Header: 0xE1340CA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xE1E38470(55bd470) Type: 4 Token Object Header: 0xE1E38458 GrantedAccess: 600fe PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,50b1} ParentToken ID: {0,0} Modified ID: {0,4742} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege OBJECT: 0xE1E3BC60(55efc60) Type: 18 Key Object Header: 0xE1E3BC48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\ OBJECT: 0xFF290AF0(560baf0) Type: 8 Event Object Header: 0xFF290AD8 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 4 Directory: 0xFCC68730 Name: crypt32LogoffEvent SecurityDescriptor: 0xE1372438(2799438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100000;;;WD) OBJECT: 0xFCA25FF0(1042ff0) Type: 8 Event Object Header: 0xFCA25FD8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC68730 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF290C08(560bc08) Type: 26 File Object Header: 0xFF290BF0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xE12B6980(18d6980) Type: 18 Key Object Header: 0xE12B6968 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Msv1_0\ OBJECT: 0xFF290CA0(560bca0) Type: 8 Event Object Header: 0xFF290C88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF291088(562c088) Type: 26 File Object Header: 0xFF291070 GrantedAccess: 120196 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\debug\PASSWD.LOG OBJECT: 0xFF2901A0(560b1a0) Type: 8 Event Object Header: 0xFF290188 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF290120(560b120) Type: 8 Event Object Header: 0xFF290108 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF291520(562c520) Type: 25 IoCompletion Object Header: 0xFF291508 GrantedAccess: 1f0003 PointerCount: 12 HandleCount: 2 Waiting Thread: 0xFF1BE020 Process: 0xFF29BA80 APCProcess: 0xFF29BA80 OBJECT: 0xFF291520(562c520) Type: 25 IoCompletion Object Header: 0xFF291508 GrantedAccess: 1f0003 PointerCount: 12 HandleCount: 2 Waiting Thread: 0xFF1BE020 Process: 0xFF29BA80 APCProcess: 0xFF29BA80 OBJECT: 0xFF2901E8(560b1e8) Type: 26 File Object Header: 0xFF2901D0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\lsass OBJECT: 0xFF28FF48(575bf48) Type: 26 File Object Header: 0xFF28FF30 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\lsass OBJECT: 0xE1EA0690(6c61690) Type: 19 Port Object Header: 0xE1EA0678 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF27D020(5c70020) Type: 5 Process Object Header: 0xFF27D008 GrantedAccess: 478 PointerCount: 113 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF28F720(575b720) Type: 6 Thread Object Header: 0xFF28F708 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000120 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF28FA68(575ba68) Type: 26 File Object Header: 0xFF28FA50 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF294500(5567500) Type: 6 Thread Object Header: 0xFF2944E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000114 ThreadsProcess: 0xFF29BA80 OBJECT: 0xE1E2DDE0(5657de0) Type: 19 Port Object Header: 0xE1E2DDC8 GrantedAccess: 1f0001 PointerCount: 33 HandleCount: 1 Directory: 0xFCE00850 Name: LsaAuthenticationPort SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000000F0.00000120 ClientThread: 0x00000000 ServerProcess: 0xFF29BA80 OBJECT: 0xFF157E68(c3ee68) Type: 26 File Object Header: 0xFF157E50 GrantedAccess: 120196 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\debug\DCPROMO.LOG OBJECT: 0xFF29BA80(529ea80) Type: 5 Process Object Header: 0xFF29BA68 GrantedAccess: 478 PointerCount: 117 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xE1E3E6D0(571a6d0) Type: 19 Port Object Header: 0xE1E3E6B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF28F2C0(575b2c0) Type: 8 Event Object Header: 0xFF28F2A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA28D60(1045d60) Type: 5 Process Object Header: 0xFCA28D48 GrantedAccess: 478 PointerCount: 212 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: winlogon.exe OBJECT: 0xFF295BE0(5556be0) Type: 6 Thread Object Header: 0xFF295BC8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000104 ThreadsProcess: 0xFF29BA80 OBJECT: 0xE1E3FBD0(56dcbd0) Type: 19 Port Object Header: 0xE1E3FBB8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF28F200(575b200) Type: 12 Semaphore Object Header: 0xFF28F1E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2965D0(53bd5d0) Type: 8 Event Object Header: 0xFF2965B8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: LSA_RPC_SERVER_ACTIVE SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1E3E510(571a510) Type: 19 Port Object Header: 0xE1E3E4F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF29D080(520a080) Type: 5 Process Object Header: 0xFF29D068 GrantedAccess: 478 PointerCount: 294 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xFF28AB00(5844b00) Type: 12 Semaphore Object Header: 0xFF28AAE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD25DE0(1342de0) Type: 8 Event Object Header: 0xFCD25DC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28E6A0(57a06a0) Type: 8 Event Object Header: 0xFF28E688 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29D080(520a080) Type: 5 Process Object Header: 0xFF29D068 GrantedAccess: 478 PointerCount: 294 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xFF28AAC0(5844ac0) Type: 12 Semaphore Object Header: 0xFF28AAA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BE020(5dc2020) Type: 6 Thread Object Header: 0xFF1BE008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000138 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF1E7960(7e4960) Type: 8 Event Object Header: 0xFF1E7948 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28C328(5795328) Type: 26 File Object Header: 0xFF28C310 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\lsass OBJECT: 0xE1E40DD0(572bdd0) Type: 19 Port Object Header: 0xE1E40DB8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA28D60(1045d60) Type: 5 Process Object Header: 0xFCA28D48 GrantedAccess: 478 PointerCount: 212 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: winlogon.exe OBJECT: 0xFF1C6C40(2898c40) Type: 8 Event Object Header: 0xFF1C6C28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12D5920(194b920) Type: 18 Key Object Header: 0xE12D5908 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ OBJECT: 0xFF28ED20(57a0d20) Type: 12 Semaphore Object Header: 0xFF28ED08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28C6E0(57956e0) Type: 12 Semaphore Object Header: 0xFF28C6C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28ABC0(5844bc0) Type: 12 Semaphore Object Header: 0xFF28ABA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28AB80(5844b80) Type: 8 Event Object Header: 0xFF28AB68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28A3A8(58443a8) Type: 26 File Object Header: 0xFF28A390 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF28AA80(5844a80) Type: 12 Semaphore Object Header: 0xFF28AA68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28AA40(5844a40) Type: 12 Semaphore Object Header: 0xFF28AA28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288D50(5891d50) Type: 8 Event Object Header: 0xFF288D38 GrantedAccess: 2 PointerCount: 2 HandleCount: 1 Directory: 0xFCE00850 Name: EFSInitEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF28CDA0(5795da0) Type: 6 Thread Object Header: 0xFF28CD88 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000160 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF288D00(5891d00) Type: 12 Semaphore Object Header: 0xFF288CE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288CC0(5891cc0) Type: 12 Semaphore Object Header: 0xFF288CA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BAAE0(3e35ae0) Type: 5 Process Object Header: 0xFF1BAAC8 GrantedAccess: 478 PointerCount: 118 HandleCount: 5 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Explorer.Exe OBJECT: 0xE12E3EA0(197eea0) Type: 18 Key Object Header: 0xE12E3E88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xFF2513E0(65f23e0) Type: 6 Thread Object Header: 0xFF2513C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000208 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF289D40(58c3d40) Type: 8 Event Object Header: 0xFF289D28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF289D00(58c3d00) Type: 10 Mutant Object Header: 0xFF289CE8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF289CC0(58c3cc0) Type: 8 Event Object Header: 0xFF289CA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF289C80(58c3c80) Type: 10 Mutant Object Header: 0xFF289C68 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E13E10(529de10) Type: 4 Token Object Header: 0xE1E13DF8 GrantedAccess: 8 PointerCount: 22 HandleCount: 2 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,4b87} ParentToken ID: {0,0} Modified ID: {0,8e53} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege Enabled 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF2352D0(6e372d0) Type: 8 Event Object Header: 0xFF2352B8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: IPSEC_POLICY_CHANGE_EVENT SecurityDescriptor: 0xE1E182D8(541a2d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-18 G: S-1-5-18 D:(A;;0x1f0003;;;BA) OBJECT: 0xFF2897C0(58c37c0) Type: 8 Event Object Header: 0xFF2897A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF289520(58c3520) Type: 8 Event Object Header: 0xFF289508 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF289C00(58c3c00) Type: 8 Event Object Header: 0xFF289BE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EEAAF0(b87af0) Type: 19 Port Object Header: 0xE1EEAAD8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1E29BC0(5455bc0) Type: 18 Key Object Header: 0xE1E29BA8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SECURITY\Policy\ OBJECT: 0xFF157DC8(c3edc8) Type: 26 File Object Header: 0xFF157DB0 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF22D768 (7b03768) Type: 0xafd2 Process: 0xFF29BA80 lsass.exe EndpointLinks: {0xFF15CCD8:FF169AF8} AfdTransportAddress: 0xFF279168 (5d1f168) DeviceString: \Device\Tcp OBJECT: 0xFF1591E8(1f11e8) Type: 26 File Object Header: 0xFF1591D0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF140108 (4fae108) Unknown1: 0xF07AB900 (2769900) Unknown2: 0xff140108 Address Object: 0xFF12B128 (5aff128) Local Address: 0x0:904 0.0.0.0:1033 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF164828:FF164828} OBJECT: 0xFF2878A0(590d8a0) Type: 12 Semaphore Object Header: 0xFF287888 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF287860(590d860) Type: 12 Semaphore Object Header: 0xFF287848 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12B8200(18de200) Type: 18 Key Object Header: 0xE12B81E8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SAM\SAM\ OBJECT: 0xE13463A0(1ae63a0) Type: 18 Key Object Header: 0xE1346388 GrantedAccess: 3001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SAM\SAM\RXACT\ OBJECT: 0xE12E12A0(19712a0) Type: 18 Key Object Header: 0xE12E1288 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SAM\SAM\Domains\Builtin\ OBJECT: 0xE12F4380(19c9380) Type: 18 Key Object Header: 0xE12F4368 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SAM\SAM\Domains\Account\ OBJECT: 0xE1E584F0(59ba4f0) Type: 4 Token Object Header: 0xE1E584D8 GrantedAccess: f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-1-0 AuthenticationID: {0,3e7} Expiration: 1601-01-01 00:00:13Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: SamSS {0,56ae} TokenFlags: 0x0 Token ID: {0,56b0} ParentToken ID: {0,0} Modified ID: {0,56af} SessionID: 0 TokenInUse: No Groups: PrimaryGroup: S-1-1-0 OBJECT: 0xE1E572F0(59512f0) Type: 19 Port Object Header: 0xE1E572D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.000000EC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF287C20(590dc20) Type: 8 Event Object Header: 0xFF287C08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E59B10(5a0db10) Type: 19 Port Object Header: 0xE1E59AF8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF29BA80(529ea80) Type: 5 Process Object Header: 0xFF29BA68 GrantedAccess: 478 PointerCount: 117 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xE1E59BF0(5a0dbf0) Type: 19 Port Object Header: 0xE1E59BD8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000178 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF29BA80(529ea80) Type: 5 Process Object Header: 0xFF29BA68 GrantedAccess: 478 PointerCount: 117 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xE1DEC250(5150250) Type: 19 Port Object Header: 0xE1DEC238 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000128 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF286AD0(5952ad0) Type: 8 Event Object Header: 0xFF286AB8 GrantedAccess: 100002 PointerCount: 2 HandleCount: 1 Directory: 0xFCE00850 Name: SAM_SERVICE_STARTED SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF27E840(5bec840) Type: 5 Process Object Header: 0xFF27E828 GrantedAccess: 478 PointerCount: 110 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF24D1A0(67041a0) Type: 8 Event Object Header: 0xFF24D188 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF297220(5379220) Type: 6 Thread Object Header: 0xFF297208 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000F8 ThreadsProcess: 0xFF29BA80 OBJECT: 0xE1E909B0(692a9b0) Type: 19 Port Object Header: 0xE1E90998 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000128 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF24B300(66ea300) Type: 5 Process Object Header: 0xFF24B2E8 GrantedAccess: 478 PointerCount: 12 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: regsvc.exe OBJECT: 0xFF1E7C60(7e4c60) Type: 8 Event Object Header: 0xFF1E7C48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25BA68(65b9a68) Type: 26 File Object Header: 0xFF25BA50 GrantedAccess: 120196 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\debug\DCPROMO.LOG OBJECT: 0xFF29D080(520a080) Type: 5 Process Object Header: 0xFF29D068 GrantedAccess: 478 PointerCount: 294 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xE1E96AD0(6a1ead0) Type: 19 Port Object Header: 0xE1E96AB8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000128 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF240E60(6ad8e60) Type: 8 Event Object Header: 0xFF240E48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA0270(6c61270) Type: 19 Port Object Header: 0xE1EA0258 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000128 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF29D080(520a080) Type: 5 Process Object Header: 0xFF29D068 GrantedAccess: 478 PointerCount: 294 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xFF1B5CC0(2686cc0) Type: 5 Process Object Header: 0xFF1B5CA8 GrantedAccess: 1f0fff PointerCount: 2 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: metasploit.exe OBJECT: 0xFF169F88(7091f88) Type: 26 File Object Header: 0xFF169F70 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF20B6A8 (ee26a8) ConnectionHandle: 0x58000052 Connection Object: 0xFF164828 (7c27828) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF12B128 (5aff128) ConnectionId: 0x58 AfdEndpoint: 0xFF156A88 (ca1a88) ProcessId: 0xf0 lsass.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x58000052 Address Object: 0xFF12B128 (5aff128) Local Address: 0x0:904 0.0.0.0:1033 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF164828:FF164828} OBJECT: 0xFF23E420(6b46420) Type: 8 Event Object Header: 0xFF23E408 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23B920(6c75920) Type: 8 Event Object Header: 0xFF23B908 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23B8E0(6c758e0) Type: 10 Mutant Object Header: 0xFF23B8C8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23E260(6b46260) Type: 8 Event Object Header: 0xFF23E248 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA3B00(6c0fb00) Type: 18 Key Object Header: 0xE1EA3AE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1EA4A20(6c74a20) Type: 18 Key Object Header: 0xE1EA4A08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF23E1E0(6b461e0) Type: 8 Event Object Header: 0xFF23E1C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23E140(6b46140) Type: 8 Event Object Header: 0xFF23E128 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA49A0(6c749a0) Type: 18 Key Object Header: 0xE1EA4988 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE1EA3980(6c0f980) Type: 18 Key Object Header: 0xE1EA3968 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF23E0A0(6b460a0) Type: 8 Event Object Header: 0xFF23E088 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA3900(6c0f900) Type: 18 Key Object Header: 0xE1EA38E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF23BDC0(6c75dc0) Type: 8 Event Object Header: 0xFF23BDA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA3880(6c0f880) Type: 18 Key Object Header: 0xE1EA3868 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF23BD20(6c75d20) Type: 8 Event Object Header: 0xFF23BD08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA3800(6c0f800) Type: 18 Key Object Header: 0xE1EA37E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF23BC80(6c75c80) Type: 8 Event Object Header: 0xFF23BC68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23BBE0(6c75be0) Type: 8 Event Object Header: 0xFF23BBC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA4820(6c74820) Type: 18 Key Object Header: 0xE1EA4808 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF23BB40(6c75b40) Type: 8 Event Object Header: 0xFF23BB28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA47A0(6c747a0) Type: 18 Key Object Header: 0xE1EA4788 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF23BAA0(6c75aa0) Type: 8 Event Object Header: 0xFF23BA88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA4720(6c74720) Type: 18 Key Object Header: 0xE1EA4708 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF23BA00(6c75a00) Type: 8 Event Object Header: 0xFF23B9E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE1EA46A0(6c746a0) Type: 18 Key Object Header: 0xE1EA4688 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF23B8A0(6c758a0) Type: 12 Semaphore Object Header: 0xFF23B888 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23B860(6c75860) Type: 12 Semaphore Object Header: 0xFF23B848 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23B820(6c75820) Type: 8 Event Object Header: 0xFF23B808 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23B7E0(6c757e0) Type: 8 Event Object Header: 0xFF23B7C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23B4C0(6c754c0) Type: 12 Semaphore Object Header: 0xFF23B4A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23B480(6c75480) Type: 12 Semaphore Object Header: 0xFF23B468 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12D33C0(19453c0) Type: 18 Key Object Header: 0xE12D33A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF23B440(6c75440) Type: 8 Event Object Header: 0xFF23B428 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288630(5891630) Type: 10 Mutant Object Header: 0xFF288618 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC68730 Name: RasPbFile SecurityDescriptor: 0xE1E5D318(59fc318) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF23B380(6c75380) Type: 8 Event Object Header: 0xFF23B368 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23B340(6c75340) Type: 8 Event Object Header: 0xFF23B328 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23B300(6c75300) Type: 8 Event Object Header: 0xFF23B2E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23B2C0(6c752c0) Type: 12 Semaphore Object Header: 0xFF23B2A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23B280(6c75280) Type: 12 Semaphore Object Header: 0xFF23B268 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23B240(6c75240) Type: 8 Event Object Header: 0xFF23B228 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23E348(6b46348) Type: 26 File Object Header: 0xFF23E330 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF23B1E8 (6c751e8) OBJECT: 0xFF23E2A8(6b462a8) Type: 26 File Object Header: 0xFF23E290 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF23B1A8 (6c751a8) OBJECT: 0xFF23B128(6c75128) Type: 26 File Object Header: 0xFF23B110 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF23A028(6d9e028) Type: 26 File Object Header: 0xFF23A010 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF23AF88(6d9ef88) Type: 26 File Object Header: 0xFF23AF70 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE1E1A460(537c460) Type: 18 Key Object Header: 0xE1E1A448 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xE1EA7140(6e03140) Type: 18 Key Object Header: 0xE1EA7128 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE1EA6140(6d81140) Type: 18 Key Object Header: 0xE1EA6128 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE1EA7100(6e03100) Type: 18 Key Object Header: 0xE1EA70E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xE1EAAB50(6f08b50) Type: 19 Port Object Header: 0xE1EAAB38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000128 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF244020(6a77020) Type: 5 Process Object Header: 0xFF244008 GrantedAccess: 478 PointerCount: 90 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: MSTask.exe OBJECT: 0xFF23ED68(6b46d68) Type: 26 File Object Header: 0xFF23ED50 GrantedAccess: 120196 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\debug\ipsecpa.log OBJECT: 0xFF250E40(6797e40) Type: 8 Event Object Header: 0xFF250E28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF235280(6e37280) Type: 8 Event Object Header: 0xFF235268 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF235240(6e37240) Type: 8 Event Object Header: 0xFF235228 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23AA10(6d9ea10) Type: 8 Event Object Header: 0xFF23A9F8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: IPSEC_POLICY_CHANGE_NOTIFY SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1E13E10(529de10) Type: 4 Token Object Header: 0xE1E13DF8 GrantedAccess: 8 PointerCount: 22 HandleCount: 2 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,4b87} ParentToken ID: {0,0} Modified ID: {0,8e53} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege Enabled 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF2500A0(67970a0) Type: 8 Event Object Header: 0xFF250088 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23A9C0(6d9e9c0) Type: 8 Event Object Header: 0xFF23A9A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2513E0(65f23e0) Type: 6 Thread Object Header: 0xFF2513C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000208 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF234700(6c5d700) Type: 8 Event Object Header: 0xFF2346E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF234748(6c5d748) Type: 26 File Object Header: 0xFF234730 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF234588 (6c5d588) Type: 0xafd1 Process: 0xFF29BA80 lsass.exe EndpointLinks: {0xFF2376F8:FF1E2778} AfdTransportAddress: 0xFF27B968 (5cf0968) DeviceString: \Device\Udp OBJECT: 0xFF234560(6c5d560) Type: 8 Event Object Header: 0xFF234548 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF234520(6c5d520) Type: 8 Event Object Header: 0xFF234508 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232440(70d3440) Type: 8 Event Object Header: 0xFF232428 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2325A8(70d35a8) Type: 26 File Object Header: 0xFF232590 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xE1E89510(663c510) Type: 19 Port Object Header: 0xE1E894F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000128 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCE00C60(141dc60) Type: 5 Process Object Header: 0xFCE00C48 GrantedAccess: 478 PointerCount: 43 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: System OBJECT: 0xFF232560(70d3560) Type: 12 Semaphore Object Header: 0xFF232548 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22D9E0(7b039e0) Type: 8 Event Object Header: 0xFF22D9C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xE1EC5030(7c6f030) Type: 4 Token Object Header: 0xE1EC5018 GrantedAccess: 600fe PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,7ba1} ParentToken ID: {0,0} Modified ID: {0,7ba3} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege Enabled 3 0x9 SeTakeOwnershipPrivilege Enabled 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege Enabled 7 0x5 SeIncreaseQuotaPrivilege Enabled 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege Enabled 13 0x22 SeSystemEnvironmentPrivilege Enabled 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege Enabled 16 0x18 SeRestorePrivilege Enabled 17 0x19 SeShutdownPrivilege Enabled 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege Enabled 21 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF248560(681b560) Type: 8 Event Object Header: 0xFF248548 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22C7A0(7aef7a0) Type: 8 Event Object Header: 0xFF22C788 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2488A0(681b8a0) Type: 6 Thread Object Header: 0xFF248888 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000284 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF1EEE80(74fe80) Type: 8 Event Object Header: 0xFF1EEE68 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF1F5460(17d460) Type: 8 Event Object Header: 0xFF1F5448 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF1E3F88(61cf88) Type: 26 File Object Header: 0xFF1E3F70 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\POLICYAGENT OBJECT: 0xFF1E3EE8(61cee8) Type: 26 File Object Header: 0xFF1E3ED0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\POLICYAGENT OBJECT: 0xE1E1E2A0(540c2a0) Type: 19 Port Object Header: 0xE1E1E288 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCC93030 Name: policyagent SecurityDescriptor: 0xE1E85078(67d4078) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCSDRC;;;WD)(A;;CCSDRC;;;RC)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;BA) Creator: 000000F0.00000208 ClientThread: 0x00000000 ServerProcess: 0xFF29BA80 OBJECT: 0xFF1E0B60(5183b60) Type: 8 Event Object Header: 0xFF1E0B48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E3C00(61cc00) Type: 6 Thread Object Header: 0xFF1E3BE8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000E0 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF1E3B80(61cb80) Type: 8 Event Object Header: 0xFF1E3B68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E3AE8(61cae8) Type: 26 File Object Header: 0xFF1E3AD0 GrantedAccess: 120196 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\debug\oakley.log OBJECT: 0xFF214180(cc1180) Type: 8 Event Object Header: 0xFF214168 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E39E8(61c9e8) Type: 26 File Object Header: 0xFF1E39D0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: IPSEC OBJECT: 0xFF1E35C8(61c5c8) Type: 26 File Object Header: 0xFF1E35B0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF1E3BC0(61cbc0) Type: 8 Event Object Header: 0xFF1E3BA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1FCBC50(2df0c50) Type: 19 Port Object Header: 0xE1FCBC38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000480 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1E38A0(61c8a0) Type: 25 IoCompletion Object Header: 0xFF1E3888 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 OBJECT: 0xFF1DDB60(3d92b60) Type: 6 Thread Object Header: 0xFF1DDB48 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000002C4 ThreadsProcess: 0xFF29BA80 OBJECT: 0xFF1DDAE0(3d92ae0) Type: 8 Event Object Header: 0xFF1DDAC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DD7E0(3d927e0) Type: 8 Event Object Header: 0xFF1DD7C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DC4A0(3f194a0) Type: 8 Event Object Header: 0xFF1DC488 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF284488(28ba488) Type: 26 File Object Header: 0xFF284470 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF284388(28ba388) Type: 26 File Object Header: 0xFF284370 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\WMIEP_f0 OBJECT: 0xFF2842E8(28ba2e8) Type: 26 File Object Header: 0xFF2842D0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\WMIEP_f0 OBJECT: 0xE1F79030(2148030) Type: 4 Token Object Header: 0xE1F79018 GrantedAccess: 600fe PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,d085} ParentToken ID: {0,0} Modified ID: {0,d087} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege Enabled 3 0x9 SeTakeOwnershipPrivilege Enabled 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege Enabled 7 0x5 SeIncreaseQuotaPrivilege Enabled 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege Enabled 13 0x22 SeSystemEnvironmentPrivilege Enabled 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege Enabled 16 0x18 SeRestorePrivilege Enabled 17 0x19 SeShutdownPrivilege Enabled 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege Enabled 21 0x25 SeUndockPrivilege Enabled OBJECT: 0xE1BF81F0(3db61f0) Type: 19 Port Object Header: 0xE1BF81D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000128 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF0DAD60(414dd60) Type: 5 Process Object Header: 0xFF0DAD48 GrantedAccess: 478 PointerCount: 10 HandleCount: 3 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: dd.exe OBJECT: 0xFF1B9BA0(76f8ba0) Type: 6 Thread Object Header: 0xFF1B9B88 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000314.00000288 ThreadsProcess: 0xFF1B5CC0 OBJECT: 0xFF1EBAE0(3e43ae0) Type: 8 Event Object Header: 0xFF1EBAC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF20C688(ec8688) Type: 26 File Object Header: 0xFF20C670 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF169A48 (7091a48) Type: 0xafd2 Process: 0xFF29BA80 lsass.exe EndpointLinks: {0xFF22D818:FF1B8BB8} AfdTransportAddress: 0xFF279168 (5d1f168) DeviceString: \Device\Tcp OBJECT: 0xFF1587A8(eb67a8) Type: 26 File Object Header: 0xFF158790 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1E7848 (7e4848) Unknown2: 0xff1e7868 Address Object: 0xFF12CCA8 (5abeca8) Local Address: 0x0:1f04 0.0.0.0:1055 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF272D88:FF272D88} OBJECT: 0xFF1CD0A8(19140a8) Type: 26 File Object Header: 0xFF1CD090 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1E7808 (7e4808) ConnectionHandle: 0x84000047 Connection Object: 0xFF272D88 (5f25d88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF12CCA8 (5abeca8) ConnectionId: 0x84 AfdEndpoint: 0xFF22CF48 (7aeff48) ProcessId: 0xf0 lsass.exe TableLock: 0xFF277168 (5dc0168) ConnectionHandle: 0x84000047 Address Object: 0xFF12CCA8 (5abeca8) Local Address: 0x0:1f04 0.0.0.0:1055 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF272D88:FF272D88} OBJECT: 0xFF129460(6601460) Type: 5 Process Object Header: 0xFF129448 GrantedAccess: 1f0fff PointerCount: 2 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: metasploit.exe OBJECT: 0xFF1B3020(b56020) Type: 6 Thread Object Header: 0xFF1B3008 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000258.00000130 ThreadsProcess: 0xFF129460 OBJECT: 0xFF1EBBC0(3e43bc0) Type: 8 Event Object Header: 0xFF1EBBA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 8. TABLE: 0xFF27EBC8(5becbc8): Table: 0xE1E64000 QuotaProcess: 0xFF27E840 ProcessId: 198 HandleCount: 234 CapturedHandleCount: 234 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12EFF50(19b0f50) Type: 17 Section Object Header: 0xE12EFF38 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE12E60A8(198a0a8) BasedAddress: 0x089C0C38 SizeOfSegment: 0x5000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\svchost.exe OBJECT: 0xFF27DFE0(5c70fe0) Type: 8 Event Object Header: 0xFF27DFC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27E3E0(5bec3e0) Type: 8 Event Object Header: 0xFF27E3C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27DEC0(5c70ec0) Type: 8 Event Object Header: 0xFF27DEA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF27DE28(5c70e28) Type: 26 File Object Header: 0xFF27DE10 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF27D880(5c70880) Type: 8 Event Object Header: 0xFF27D868 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1E63F50(5d24f50) Type: 19 Port Object Header: 0xE1E63F38 GrantedAccess: 1f0001 PointerCount: 8 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.00000194 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE13A75E0(2b6a5e0) Type: 18 Key Object Header: 0xE13A75C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF27D6C0(5c706c0) Type: 8 Event Object Header: 0xFF27D6A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation Object Header: 0xFF29A440 GrantedAccess: f016e PointerCount: 28 HandleCount: 17 Directory: 0xFCC663D0 Name: Service-0x0-3e7$ OBJECT: 0xFF298ED8(536eed8) Type: 16 Desktop Object Header: 0xFF298EC0 GrantedAccess: f00cf PointerCount: 344 HandleCount: 10 Directory: 0x00000000 Name: Default OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation Object Header: 0xFF29A440 GrantedAccess: f016e PointerCount: 28 HandleCount: 17 Directory: 0xFCC663D0 Name: Service-0x0-3e7$ OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF27D548(5c70548) Type: 26 File Object Header: 0xFF27D530 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe2 OBJECT: 0xFF27CFE0(5d6ffe0) Type: 8 Event Object Header: 0xFF27CFC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27CFA0(5d6ffa0) Type: 8 Event Object Header: 0xFF27CF88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27CF60(5d6ff60) Type: 8 Event Object Header: 0xFF27CF48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27CF00(5d6ff00) Type: 25 IoCompletion Object Header: 0xFF27CEE8 GrantedAccess: 1f0003 PointerCount: 11 HandleCount: 2 Waiting Thread: 0xFF275960 Process: 0xFF27E840 APCProcess: 0xFF27E840 OBJECT: 0xFF27CF00(5d6ff00) Type: 25 IoCompletion Object Header: 0xFF27CEE8 GrantedAccess: 1f0003 PointerCount: 11 HandleCount: 2 Waiting Thread: 0xFF275960 Process: 0xFF27E840 APCProcess: 0xFF27E840 OBJECT: 0xFF27C020(5d6f020) Type: 8 Event Object Header: 0xFF27C008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27E540(5bec540) Type: 6 Thread Object Header: 0xFF27E528 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.00000194 ThreadsProcess: 0xFF27E840 OBJECT: 0xFF27CEC0(5d6fec0) Type: 8 Event Object Header: 0xFF27CEA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27CE28(5d6fe28) Type: 26 File Object Header: 0xFF27CE10 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFCA25FF0(1042ff0) Type: 8 Event Object Header: 0xFCA25FD8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC68730 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE1301360(1a13360) Type: 18 Key Object Header: 0xE1301348 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF27BFE0(5cf0fe0) Type: 8 Event Object Header: 0xFF27BFC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B480(5cf0480) Type: 8 Event Object Header: 0xFF27B468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27C9E0(5d6f9e0) Type: 6 Thread Object Header: 0xFF27C9C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.0000019C ThreadsProcess: 0xFF27E840 OBJECT: 0xFF27ACC0(5cdecc0) Type: 8 Event Object Header: 0xFF27ACA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27AE80(5cdee80) Type: 8 Event Object Header: 0xFF27AE68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF279C60(5d1fc60) Type: 8 Event Object Header: 0xFF279C48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1B110(5467110) Type: 19 Port Object Header: 0xE1E1B0F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.0000019C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF279C20(5d1fc20) Type: 8 Event Object Header: 0xFF279C08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DC5EA0(50fcea0) Type: 18 Key Object Header: 0xE1DC5E88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\OLE\ OBJECT: 0xE1E1C660(5488660) Type: 19 Port Object Header: 0xE1E1C648 GrantedAccess: 1f0001 PointerCount: 23 HandleCount: 1 Directory: 0xFCC93030 Name: epmapper SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 00000198.0000019C ClientThread: 0x00000000 ServerProcess: 0xFF27E840 OBJECT: 0xE13C6DB0(32c1db0) Type: 19 Port Object Header: 0xE13C6D98 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.000002E4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF27F7A0(5ca77a0) Type: 8 Event Object Header: 0xFF27F788 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27C9E0(5d6f9e0) Type: 6 Thread Object Header: 0xFF27C9C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.0000019C ThreadsProcess: 0xFF27E840 OBJECT: 0xE1D42CA0(4429ca0) Type: 18 Key Object Header: 0xE1D42C88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF27F720(5ca7720) Type: 8 Event Object Header: 0xFF27F708 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D42C20(4429c20) Type: 18 Key Object Header: 0xE1D42C08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xFF27B360(5cf0360) Type: 8 Event Object Header: 0xFF27B348 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B320(5cf0320) Type: 8 Event Object Header: 0xFF27B308 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B2C0(5cf02c0) Type: 8 Event Object Header: 0xFF27B2A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B260(5cf0260) Type: 8 Event Object Header: 0xFF27B248 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278A60(5d81a60) Type: 8 Event Object Header: 0xFF278A48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278A20(5d81a20) Type: 10 Mutant Object Header: 0xFF278A08 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B1E0(5cf01e0) Type: 8 Event Object Header: 0xFF27B1C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E172A0(53322a0) Type: 18 Key Object Header: 0xE1E17288 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1E17220(5332220) Type: 18 Key Object Header: 0xE1E17208 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF27B140(5cf0140) Type: 8 Event Object Header: 0xFF27B128 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B0A0(5cf00a0) Type: 8 Event Object Header: 0xFF27B088 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E171A0(53321a0) Type: 18 Key Object Header: 0xE1E17188 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE1DC0FA0(6305fa0) Type: 18 Key Object Header: 0xE1DC0F88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF278FA0(5d81fa0) Type: 8 Event Object Header: 0xFF278F88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DC0F20(6305f20) Type: 18 Key Object Header: 0xE1DC0F08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF278F00(5d81f00) Type: 8 Event Object Header: 0xFF278EE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DC0EA0(6305ea0) Type: 18 Key Object Header: 0xE1DC0E88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF278E60(5d81e60) Type: 8 Event Object Header: 0xFF278E48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DC0E20(6305e20) Type: 18 Key Object Header: 0xE1DC0E08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF278DC0(5d81dc0) Type: 8 Event Object Header: 0xFF278DA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278D20(5d81d20) Type: 8 Event Object Header: 0xFF278D08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D33B80(42b7b80) Type: 18 Key Object Header: 0xE1D33B68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF278C80(5d81c80) Type: 8 Event Object Header: 0xFF278C68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D33B00(42b7b00) Type: 18 Key Object Header: 0xE1D33AE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF278BE0(5d81be0) Type: 8 Event Object Header: 0xFF278BC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E54FA0(588cfa0) Type: 18 Key Object Header: 0xE1E54F88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF278B40(5d81b40) Type: 8 Event Object Header: 0xFF278B28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF2789E0(5d819e0) Type: 8 Event Object Header: 0xFF2789C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2789A0(5d819a0) Type: 10 Mutant Object Header: 0xFF278988 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12F22C0(19e82c0) Type: 18 Key Object Header: 0xE12F22A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xFF278960(5d81960) Type: 8 Event Object Header: 0xFF278948 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278920(5d81920) Type: 10 Mutant Object Header: 0xFF278908 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2788E0(5d818e0) Type: 12 Semaphore Object Header: 0xFF2788C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2788A0(5d818a0) Type: 12 Semaphore Object Header: 0xFF278888 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278860(5d81860) Type: 8 Event Object Header: 0xFF278848 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278820(5d81820) Type: 8 Event Object Header: 0xFF278808 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278500(5d81500) Type: 12 Semaphore Object Header: 0xFF2784E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2784C0(5d814c0) Type: 12 Semaphore Object Header: 0xFF2784A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1C3C0(54883c0) Type: 18 Key Object Header: 0xE1E1C3A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF278480(5d81480) Type: 8 Event Object Header: 0xFF278468 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288630(5891630) Type: 10 Mutant Object Header: 0xFF288618 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC68730 Name: RasPbFile SecurityDescriptor: 0xE1E5D318(59fc318) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF277FC0(5dc0fc0) Type: 8 Event Object Header: 0xFF277FA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF277F80(5dc0f80) Type: 8 Event Object Header: 0xFF277F68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF277F40(5dc0f40) Type: 8 Event Object Header: 0xFF277F28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF277F00(5dc0f00) Type: 12 Semaphore Object Header: 0xFF277EE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF277EC0(5dc0ec0) Type: 12 Semaphore Object Header: 0xFF277EA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF277E80(5dc0e80) Type: 8 Event Object Header: 0xFF277E68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF279CE8(5d1fce8) Type: 26 File Object Header: 0xFF279CD0 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF277E28 (5dc0e28) OBJECT: 0xFF279E88(5d1fe88) Type: 26 File Object Header: 0xFF279E70 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF277DE8 (5dc0de8) OBJECT: 0xFF277D68(5dc0d68) Type: 26 File Object Header: 0xFF277D50 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF277CC8(5dc0cc8) Type: 26 File Object Header: 0xFF277CB0 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF277C28(5dc0c28) Type: 26 File Object Header: 0xFF277C10 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE1E1DD40(54c9d40) Type: 18 Key Object Header: 0xE1E1DD28 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xFF277B60(5dc0b60) Type: 8 Event Object Header: 0xFF277B48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1DD80(54c9d80) Type: 18 Key Object Header: 0xE1E1DD68 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE1E1C340(5488340) Type: 18 Key Object Header: 0xE1E1C328 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE13235A0(1a865a0) Type: 18 Key Object Header: 0xE1323588 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xFF277BE0(5dc0be0) Type: 8 Event Object Header: 0xFF277BC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF277A88(5dc0a88) Type: 26 File Object Header: 0xFF277A70 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF277868 (5dc0868) Type: 0xafd4 Process: 0xFF27E840 svchost.exe EndpointLinks: {0xF80001E8:FF276878} AfdTransportAddress: 0xFF279168 (5d1f168) DeviceString: \Device\Tcp OBJECT: 0xFF2779E8(5dc09e8) Type: 26 File Object Header: 0xFF2779D0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF277828 (5dc0828) Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} OBJECT: 0xFF276908(5f89908) Type: 26 File Object Header: 0xFF2768F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF2767C8 (5f897c8) Type: 0xafd0 Process: 0xFF27E840 svchost.exe EndpointLinks: {0xFF277918:FF275638} AfdTransportAddress: 0xFF279168 (5d1f168) DeviceString: \Device\Tcp OBJECT: 0xFF275CE0(5dcdce0) Type: 12 Semaphore Object Header: 0xFF275CC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF276160(5f89160) Type: 12 Semaphore Object Header: 0xFF276148 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E65A00(5cb8a00) Type: 18 Key Object Header: 0xE1E659E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASADHLP\ OBJECT: 0xFF275CA0(5dcdca0) Type: 8 Event Object Header: 0xFF275C88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF275C20(5dcdc20) Type: 8 Event Object Header: 0xFF275C08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF275960(5dcd960) Type: 6 Thread Object Header: 0xFF275948 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.000001AC ThreadsProcess: 0xFF27E840 OBJECT: 0xFF275888(5dcd888) Type: 26 File Object Header: 0xFF275870 GrantedAccess: 160089 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\Winsock2\CatalogChangeListener-198-0 OBJECT: 0xE1E658C0(5cb88c0) Type: 18 Key Object Header: 0xE1E658A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Rpc\NetBIOS\ OBJECT: 0xFF275960(5dcd960) Type: 6 Thread Object Header: 0xFF275948 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.000001AC ThreadsProcess: 0xFF27E840 OBJECT: 0xFF275760(5dcd760) Type: 8 Event Object Header: 0xFF275748 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2756C8(5dcd6c8) Type: 26 File Object Header: 0xFF2756B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF275588 (5dcd588) Type: 0xafd0 Process: 0xFF27E840 svchost.exe EndpointLinks: {0xFF276878:FF238898} AfdTransportAddress: 0xFF279168 (5d1f168) DeviceString: \Device\Tcp OBJECT: 0xFF274020(5dce020) Type: 8 Event Object Header: 0xFF274008 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E65720(5cb8720) Type: 18 Key Object Header: 0xE1E65708 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\{E41F8207-9EAD-4C09-8BC4-06F8E425196E}\Parameters\Tcpip\ OBJECT: 0xE1E656E0(5cb86e0) Type: 18 Key Object Header: 0xE1E656C8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D}\Parameters\Tcpip\ OBJECT: 0xE1E655E0(5cb85e0) Type: 18 Key Object Header: 0xE1E655C8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE1336B20(1aaab20) Type: 18 Key Object Header: 0xE1336B08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\AppID\ OBJECT: 0xFF2742C0(5dce2c0) Type: 8 Event Object Header: 0xFF2742A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF274280(5dce280) Type: 8 Event Object Header: 0xFF274268 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF274240(5dce240) Type: 8 Event Object Header: 0xFF274228 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D57600(45cc600) Type: 17 Section Object Header: 0xE1D575E8 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: RotHintTable SecurityDescriptor: 0xE1D3B378(1) Segment: 0xE1DC6008(50d5008) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF2757A8(5dcd7a8) Type: 26 File Object Header: 0xFF275790 GrantedAccess: 100000 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Dfs OBJECT: 0xFF274168(5dce168) Type: 26 File Object Header: 0xFF274150 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF2740F0(5dce0f0) Type: 8 Event Object Header: 0xFF2740D8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: ScmCreatedEvent SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE1E727D0(5fd27d0) Type: 19 Port Object Header: 0xE1E727B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.000001A8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF2659A0(5f0b9a0) Type: 8 Event Object Header: 0xFF265988 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14F1A0(ec21a0) Type: 8 Event Object Header: 0xFF14F188 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E6F830(602f830) Type: 4 Token Object Header: 0xE1E6F818 GrantedAccess: f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1D31DB8(42eddb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,62dd} ParentToken ID: {0,0} Modified ID: {0,4742} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege OBJECT: 0xE134F3C0(1b043c0) Type: 18 Key Object Header: 0xE134F3A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF262AA0(6296aa0) Type: 8 Event Object Header: 0xFF262A88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE134CB60(1af0b60) Type: 18 Key Object Header: 0xE134CB48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF262A20(6296a20) Type: 8 Event Object Header: 0xFF262A08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF262980(6296980) Type: 8 Event Object Header: 0xFF262968 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1E140(540c140) Type: 18 Key Object Header: 0xE1E1E128 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF2628E0(62968e0) Type: 8 Event Object Header: 0xFF2628C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1E240(540c240) Type: 18 Key Object Header: 0xE1E1E228 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF262840(6296840) Type: 8 Event Object Header: 0xFF262828 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1351020(1b0b020) Type: 18 Key Object Header: 0xE1351008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF2627A0(62967a0) Type: 8 Event Object Header: 0xFF262788 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE134F620(1b04620) Type: 18 Key Object Header: 0xE134F608 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF262700(6296700) Type: 8 Event Object Header: 0xFF2626E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2618E0(615b8e0) Type: 8 Event Object Header: 0xFF2618C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1341960(1ab5960) Type: 18 Key Object Header: 0xE1341948 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF261840(615b840) Type: 8 Event Object Header: 0xFF261828 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12EFBE0(19b0be0) Type: 18 Key Object Header: 0xE12EFBC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF2617A0(615b7a0) Type: 8 Event Object Header: 0xFF261788 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12EE160(19af160) Type: 18 Key Object Header: 0xE12EE148 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF261700(615b700) Type: 8 Event Object Header: 0xFF2616E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D4020(45aa020) Type: 6 Thread Object Header: 0xFF1D4008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.00000124 ThreadsProcess: 0xFF27E840 OBJECT: 0xFF2614E0(615b4e0) Type: 8 Event Object Header: 0xFF2614C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2614A0(615b4a0) Type: 8 Event Object Header: 0xFF261488 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA96D0(6e686d0) Type: 19 Port Object Header: 0xE1EA96B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.000001A8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1EACC70(6d46c70) Type: 19 Port Object Header: 0xE1EACC58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.000001A8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1EACA50(6d46a50) Type: 4 Token Object Header: 0xE1EACA38 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1D31DB8(42eddb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,72ed} ParentToken ID: {0,0} Modified ID: {0,72ac} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x25 SeUndockPrivilege Enabled 3 0x13 SeProfileSingleProcessPrivilege Default Enabled 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x10 SeLoadDriverPrivilege Enabled 7 0x23 SeChangeNotifyPrivilege Default Enabled 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled OBJECT: 0xFF23F600(6d42600) Type: 8 Event Object Header: 0xFF23F5E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EADD50(6f37d50) Type: 19 Port Object Header: 0xE1EADD38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.000001A8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF23F400(6d42400) Type: 8 Event Object Header: 0xFF23F3E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF235460(6e37460) Type: 8 Event Object Header: 0xFF235448 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1BDADF0(1a64df0) Type: 19 Port Object Header: 0xE1BDADD8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.000001E4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1EF420(6e9420) Type: 8 Event Object Header: 0xFF1EF408 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EEAC0(74fac0) Type: 8 Event Object Header: 0xFF1EEAA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EEA80(74fa80) Type: 8 Event Object Header: 0xFF1EEA68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EEA40(74fa40) Type: 8 Event Object Header: 0xFF1EEA28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1BEBE70(3e26e70) Type: 19 Port Object Header: 0xE1BEBE58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.000001A8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF177360(40b4360) Type: 6 Thread Object Header: 0xFF177348 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.0000010C ThreadsProcess: 0xFF27E840 OBJECT: 0xFF233028(6c6d028) Type: 26 File Object Header: 0xFF233010 GrantedAccess: 1f01ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF233328 (6c6d328) Type: 0xafd1 Process: 0xFF27E840 svchost.exe EndpointLinks: {0xFF1E2778:FF164458} AfdTransportAddress: 0xFF27B968 (5cf0968) DeviceString: \Device\Udp OBJECT: 0xFF2332A8(6c6d2a8) Type: 26 File Object Header: 0xFF233290 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1E0A28 (5183a28) Address Object: 0xFF2330C8 (6c6d0c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF1E09A8(51839a8) Type: 26 File Object Header: 0xFF1E0990 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\epmapper OBJECT: 0xFF1E08C8(51838c8) Type: 26 File Object Header: 0xFF1E08B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\epmapper OBJECT: 0xFF1C31C0(931c0) Type: 8 Event Object Header: 0xFF1C31A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1C0C8D0(9648d0) Type: 4 Token Object Header: 0xE1C0C8B8 GrantedAccess: f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1EDA7B8(8377b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,c953} ParentToken ID: {0,0} Modified ID: {0,bf74} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege OBJECT: 0xFF24B7E0(66ea7e0) Type: 8 Event Object Header: 0xFF24B7C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D52C0(6a892c0) Type: 8 Event Object Header: 0xFF1D52A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1368E70(2696e70) Type: 19 Port Object Header: 0xE1368E58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.000001E4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1F54D90(4488d90) Type: 19 Port Object Header: 0xE1F54D78 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.0000010C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF15A220(84b220) Type: 8 Event Object Header: 0xFF15A208 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1C0CB90(964b90) Type: 19 Port Object Header: 0xE1C0CB78 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.000001A8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1B2440(ef5440) Type: 8 Event Object Header: 0xFF1B2428 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B2400(ef5400) Type: 8 Event Object Header: 0xFF1B23E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B2380(ef5380) Type: 8 Event Object Header: 0xFF1B2368 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B2340(ef5340) Type: 8 Event Object Header: 0xFF1B2328 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F81D70(25dbd70) Type: 4 Token Object Header: 0xE1F81D58 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1EDA7B8(8377b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,123b8} ParentToken ID: {0,0} Modified ID: {0,11d67} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x25 SeUndockPrivilege Enabled 3 0x10 SeLoadDriverPrivilege Enabled OBJECT: 0xFF18FBA0(237bba0) Type: 8 Event Object Header: 0xFF18FB88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF189C60(2c46c60) Type: 8 Event Object Header: 0xFF189C48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18BB20(2b84b20) Type: 8 Event Object Header: 0xFF18BB08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1386A90(2857a90) Type: 19 Port Object Header: 0xE1386A78 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.000003A8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1382170(281a170) Type: 19 Port Object Header: 0xE1382158 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.000003A8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF186740(2daf740) Type: 8 Event Object Header: 0xFF186728 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF189F20(2c46f20) Type: 8 Event Object Header: 0xFF189F08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E63A0(7663a0) Type: 8 Event Object Header: 0xFF1E6388 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18F620(237b620) Type: 8 Event Object Header: 0xFF18F608 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18F860(237b860) Type: 8 Event Object Header: 0xFF18F848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E77E70(60b4e70) Type: 19 Port Object Header: 0xE1E77E58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF190440(214a440) Type: 8 Event Object Header: 0xFF190428 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18F680(237b680) Type: 8 Event Object Header: 0xFF18F668 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18F540(237b540) Type: 8 Event Object Header: 0xFF18F528 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18F4E0(237b4e0) Type: 8 Event Object Header: 0xFF18F4C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18F4A0(237b4a0) Type: 8 Event Object Header: 0xFF18F488 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18F580(237b580) Type: 8 Event Object Header: 0xFF18F568 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17DBC0(3082bc0) Type: 8 Event Object Header: 0xFF17DBA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18E420(2499420) Type: 8 Event Object Header: 0xFF18E408 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1925E0(206e5e0) Type: 8 Event Object Header: 0xFF1925C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18F5E0(237b5e0) Type: 8 Event Object Header: 0xFF18F5C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18BC20(2b84c20) Type: 8 Event Object Header: 0xFF18BC08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17E660(2ff4660) Type: 8 Event Object Header: 0xFF17E648 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17E3A0(2ff43a0) Type: 8 Event Object Header: 0xFF17E388 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF184780(2dda780) Type: 8 Event Object Header: 0xFF184768 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF186D40(2dafd40) Type: 8 Event Object Header: 0xFF186D28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C3DA0(93da0) Type: 8 Event Object Header: 0xFF1C3D88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF187860(2dd0860) Type: 8 Event Object Header: 0xFF187848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C5AA0(7b6caa0) Type: 8 Event Object Header: 0xFF1C5A88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E61A0(7661a0) Type: 8 Event Object Header: 0xFF1E6188 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF133380(2b40380) Type: 8 Event Object Header: 0xFF133368 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17E320(2ff4320) Type: 8 Event Object Header: 0xFF17E308 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E58C0(3f078c0) Type: 8 Event Object Header: 0xFF1E58A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1FEF690(6b6690) Type: 19 Port Object Header: 0xE1FEF678 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.000002E4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1732E0(44ce2e0) Type: 8 Event Object Header: 0xFF1732C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1732A0(44ce2a0) Type: 8 Event Object Header: 0xFF173288 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF172C40(58cbc40) Type: 5 Process Object Header: 0xFF172C28 GrantedAccess: 1f0fff PointerCount: 53 HandleCount: 2 SecurityDescriptor: 0xE1ED4B18(7911b18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;0x100201;;;SY) ImageFileName: JogServ2.exe OBJECT: 0xE1FEA870(1cda870) Type: 19 Port Object Header: 0xE1FEA858 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.000003A8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1FEB670(1cdb670) Type: 19 Port Object Header: 0xE1FEB658 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.00000444 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF142400(5a6f400) Type: 8 Event Object Header: 0xFF1423E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E2C0(625d2c0) Type: 8 Event Object Header: 0xFF16E2A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E260(625d260) Type: 8 Event Object Header: 0xFF16E248 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E220(625d220) Type: 8 Event Object Header: 0xFF16E208 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E1C0(625d1c0) Type: 8 Event Object Header: 0xFF16E1A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E763F0(60af3f0) Type: 19 Port Object Header: 0xE1E763D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000198.00000364 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF16D020(63f5020) Type: 6 Thread Object Header: 0xFF16D008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000198.000002E4 ThreadsProcess: 0xFF27E840 9. TABLE: 0xFF274CC8(5dcecc8): Table: 0xE1E67000 QuotaProcess: 0xFF2744C0 ProcessId: 1b4 HandleCount: 97 CapturedHandleCount: 97 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1E66BD0(5e30bd0) Type: 17 Section Object Header: 0xE1E66BB8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1D2F1C8(42c71c8) BasedAddress: 0x08AD2428 SizeOfSegment: 0xd000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\spoolsv.exe OBJECT: 0xFF2783E0(5d813e0) Type: 8 Event Object Header: 0xFF2783C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2783A0(5d813a0) Type: 8 Event Object Header: 0xFF278388 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278360(5d81360) Type: 8 Event Object Header: 0xFF278348 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF2782C8(5d812c8) Type: 26 File Object Header: 0xFF2782B0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32 OBJECT: 0xFF273DA0(5df1da0) Type: 8 Event Object Header: 0xFF273D88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1E66730(5e30730) Type: 19 Port Object Header: 0xE1E66718 GrantedAccess: 1f0001 PointerCount: 11 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001B4.000001B0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFF273C40(5df1c40) Type: 8 Event Object Header: 0xFF273C28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1DD00(54c9d00) Type: 18 Key Object Header: 0xE1E1DCE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF273EC8(5df1ec8) Type: 26 File Object Header: 0xFF273EB0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe3 OBJECT: 0xFF273AC0(5df1ac0) Type: 8 Event Object Header: 0xFF273AA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273A80(5df1a80) Type: 8 Event Object Header: 0xFF273A68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273A40(5df1a40) Type: 8 Event Object Header: 0xFF273A28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2739E0(5df19e0) Type: 25 IoCompletion Object Header: 0xFF2739C8 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 2 Waiting Thread: 0xFF272980 Process: 0xFF2744C0 APCProcess: 0xFF2744C0 OBJECT: 0xFF2739E0(5df19e0) Type: 25 IoCompletion Object Header: 0xFF2739C8 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 2 Waiting Thread: 0xFF272980 Process: 0xFF2744C0 APCProcess: 0xFF2744C0 OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF273B00(5df1b00) Type: 8 Event Object Header: 0xFF273AE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278020(5d81020) Type: 6 Thread Object Header: 0xFF278008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001B0 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF2739A0(5df19a0) Type: 8 Event Object Header: 0xFF273988 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273908(5df1908) Type: 26 File Object Header: 0xFF2738F0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF273BA0(5df1ba0) Type: 8 Event Object Header: 0xFF273B88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2730A0(5df10a0) Type: 8 Event Object Header: 0xFF273088 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273120(5df1120) Type: 6 Thread Object Header: 0xFF273108 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001B8 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF27C908(5d6f908) Type: 26 File Object Header: 0xFF27C8F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\spoolss OBJECT: 0xFF273528(5df1528) Type: 26 File Object Header: 0xFF273510 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\spoolss OBJECT: 0xFF272020(5f25020) Type: 8 Event Object Header: 0xFF272008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF272980(5f25980) Type: 6 Thread Object Header: 0xFF272968 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000001BC ThreadsProcess: 0xFF2744C0 OBJECT: 0xE1E1D040(54c9040) Type: 19 Port Object Header: 0xE1E1D028 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCC93030 Name: spoolss SecurityDescriptor: 0xE1E66438(5e30438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100001;;;BU)(A;;0x100001;;;PU)(A;;0x120001;;;WD)(A;;0x1f0001;;;CO)(A;;0x1f0001;;;SY)(A;;0x1f0001;;;BA) Creator: 000001B4.000001B8 ClientThread: 0x00000000 ServerProcess: 0xFF2744C0 OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF272C40(5f25c40) Type: 8 Event Object Header: 0xFF272C28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF271A50(5eb0a50) Type: 8 Event Object Header: 0xFF271A38 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: RouterPreInitEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF271020(5eb0020) Type: 8 Event Object Header: 0xFF271008 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF169800(7091800) Type: 8 Event Object Header: 0xFF1697E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BB9C0(3c319c0) Type: 6 Thread Object Header: 0xFF1BB9A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.0000039C ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF218960(b18960) Type: 8 Event Object Header: 0xFF218948 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF218920(b18920) Type: 8 Event Object Header: 0xFF218908 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF218B20(b18b20) Type: 8 Event Object Header: 0xFF218B08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2189E0(b189e0) Type: 8 Event Object Header: 0xFF2189C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C89A0(3e089a0) Type: 6 Thread Object Header: 0xFF1C8988 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.00000398 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF219760(c94760) Type: 8 Event Object Header: 0xFF219748 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF296340(53bd340) Type: 8 Event Object Header: 0xFF296328 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF272600(5f25600) Type: 8 Event Object Header: 0xFF2725E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF218BA0(b18ba0) Type: 8 Event Object Header: 0xFF218B88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF218E20(b18e20) Type: 8 Event Object Header: 0xFF218E08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C89A0(3e089a0) Type: 6 Thread Object Header: 0xFF1C8988 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.00000398 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF218CA0(b18ca0) Type: 8 Event Object Header: 0xFF218C88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF292640(5572640) Type: 8 Event Object Header: 0xFF292628 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF218F20(b18f20) Type: 12 Semaphore Object Header: 0xFF218F08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF218F60(b18f60) Type: 12 Semaphore Object Header: 0xFF218F48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF292A00(5572a00) Type: 8 Event Object Header: 0xFF2929E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF249980(667c980) Type: 8 Event Object Header: 0xFF249968 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF292900(5572900) Type: 12 Semaphore Object Header: 0xFF2928E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF292A80(5572a80) Type: 12 Semaphore Object Header: 0xFF292A68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E89FE0(663cfe0) Type: 18 Key Object Header: 0xE1E89FC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASADHLP\ OBJECT: 0xFF292A40(5572a40) Type: 8 Event Object Header: 0xFF292A28 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF293120(55db120) Type: 8 Event Object Header: 0xFF293108 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DCDA70(5180a70) Type: 19 Port Object Header: 0xE1DCDA58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001B4.00000398 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1E26960(546d960) Type: 18 Key Object Header: 0xE1E26948 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\ OBJECT: 0xE12BC4A0(18ef4a0) Type: 18 Key Object Header: 0xE12BC488 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Print\Printers\ OBJECT: 0xFF2963C0(53bd3c0) Type: 8 Event Object Header: 0xFF2963A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF293220(55db220) Type: 8 Event Object Header: 0xFF293208 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF296EE0(53bdee0) Type: 8 Event Object Header: 0xFF296EC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF293160(55db160) Type: 8 Event Object Header: 0xFF293148 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF292C40(5572c40) Type: 8 Event Object Header: 0xFF292C28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2931A0(55db1a0) Type: 8 Event Object Header: 0xFF293188 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2932A0(55db2a0) Type: 8 Event Object Header: 0xFF293288 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF292C80(5572c80) Type: 8 Event Object Header: 0xFF292C68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF292C00(5572c00) Type: 8 Event Object Header: 0xFF292BE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF292D40(5572d40) Type: 8 Event Object Header: 0xFF292D28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E173C0(53323c0) Type: 18 Key Object Header: 0xE1E173A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\ OBJECT: 0xFF292E40(5572e40) Type: 8 Event Object Header: 0xFF292E28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E82760(6611760) Type: 18 Key Object Header: 0xE1E82748 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF292E00(5572e00) Type: 8 Event Object Header: 0xFF292DE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E270E0(540f0e0) Type: 18 Key Object Header: 0xE1E270C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xE1E900C0(692a0c0) Type: 18 Key Object Header: 0xE1E900A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xFF293620(55db620) Type: 8 Event Object Header: 0xFF293608 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E97A40(6ac1a40) Type: 18 Key Object Header: 0xE1E97A28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\ OBJECT: 0xFF1B81A0(11c1a0) Type: 6 Thread Object Header: 0xFF1B8188 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000003A4 ThreadsProcess: 0xFF2744C0 OBJECT: 0xE1E91280(68f2280) Type: 18 Key Object Header: 0xE1E91268 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xFF1BBC48(3c31c48) Type: 26 File Object Header: 0xFF1BBC30 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xE1BF8EE0(3db6ee0) Type: 18 Key Object Header: 0xE1BF8EC8 GrantedAccess: 2000f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Ports\ OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE1E2D800(5657800) Type: 18 Key Object Header: 0xE1E2D7E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF2126E0(9ec6e0) Type: 8 Event Object Header: 0xFF2126C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF212760(9ec760) Type: 8 Event Object Header: 0xFF212748 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E30420(5571420) Type: 19 Port Object Header: 0xE1E30408 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCC93030 Name: OLE5 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000001B4.000003A8 ClientThread: 0x00000000 ServerProcess: 0xFF2744C0 OBJECT: 0xFF2129E0(9ec9e0) Type: 8 Event Object Header: 0xFF2129C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF212860(9ec860) Type: 8 Event Object Header: 0xFF212848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B7DA0(6e2da0) Type: 6 Thread Object Header: 0xFF1B7D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B4.000003B0 ThreadsProcess: 0xFF2744C0 OBJECT: 0xFF21DEC0(bbeec0) Type: 8 Event Object Header: 0xFF21DEA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BB6A8(3c316a8) Type: 26 File Object Header: 0xFF1BB690 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs 10. TABLE: 0xFF271228(5eb0228): Table: 0xE1E6E000 QuotaProcess: 0xFF26F9E0 ProcessId: 1d0 HandleCount: 103 CapturedHandleCount: 103 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1E6B570(5f54570) Type: 17 Section Object Header: 0xE1E6B558 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1E6CB68(5f35b68) BasedAddress: 0x08B22C20 SizeOfSegment: 0x28000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe OBJECT: 0xFF26F540(6153540) Type: 8 Event Object Header: 0xFF26F528 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26F500(6153500) Type: 8 Event Object Header: 0xFF26F4E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26F4C0(61534c0) Type: 8 Event Object Header: 0xFF26F4A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF231120(6f2d120) Type: 5 Process Object Header: 0xFF231108 GrantedAccess: 1f0fff PointerCount: 23 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: VsStat.exe OBJECT: 0xFF26F180(6153180) Type: 8 Event Object Header: 0xFF26F168 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1E6DF50(5f26f50) Type: 19 Port Object Header: 0xE1E6DF38 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001D0.000001CC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF26EEA0(5fbbea0) Type: 8 Event Object Header: 0xFF26EE88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation Object Header: 0xFF29A440 GrantedAccess: f016e PointerCount: 28 HandleCount: 17 Directory: 0xFCC663D0 Name: Service-0x0-3e7$ OBJECT: 0xFF298ED8(536eed8) Type: 16 Desktop Object Header: 0xFF298EC0 GrantedAccess: f00cf PointerCount: 344 HandleCount: 10 Directory: 0x00000000 Name: Default OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xE1E1E580(540c580) Type: 18 Key Object Header: 0xE1E1E568 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF26ED00(5fbbd00) Type: 8 Event Object Header: 0xFF26ECE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26EC20(5fbbc20) Type: 12 Semaphore Object Header: 0xFF26EC08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1E5C0(540c5c0) Type: 18 Key Object Header: 0xE1E1E5A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Winlogon\ OBJECT: 0xFF26ED48(5fbbd48) Type: 26 File Object Header: 0xFF26ED30 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe4 OBJECT: 0xFF26E900(5fbb900) Type: 8 Event Object Header: 0xFF26E8E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26E840(5fbb840) Type: 8 Event Object Header: 0xFF26E828 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26E800(5fbb800) Type: 8 Event Object Header: 0xFF26E7E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26E7A0(5fbb7a0) Type: 25 IoCompletion Object Header: 0xFF26E788 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF26E7A0(5fbb7a0) Type: 25 IoCompletion Object Header: 0xFF26E788 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF26E760(5fbb760) Type: 8 Event Object Header: 0xFF26E748 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26F6A0(61536a0) Type: 6 Thread Object Header: 0xFF26F688 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.000001CC ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF26E540(5fbb540) Type: 8 Event Object Header: 0xFF26E528 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26E6C8(5fbb6c8) Type: 26 File Object Header: 0xFF26E6B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF26E1A0(5fbb1a0) Type: 8 Event Object Header: 0xFF26E188 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26E220(5fbb220) Type: 6 Thread Object Header: 0xFF26E208 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.000001D4 ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF262360(6296360) Type: 8 Event Object Header: 0xFF262348 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF260F40(6363f40) Type: 8 Event Object Header: 0xFF260F28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E188C0(541a8c0) Type: 18 Key Object Header: 0xE1E188A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE1350840(1b0a840) Type: 18 Key Object Header: 0xE1350828 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1344960(1add960) Type: 18 Key Object Header: 0xE1344948 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE1350880(1b0a880) Type: 18 Key Object Header: 0xE1350868 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF262320(6296320) Type: 8 Event Object Header: 0xFF262308 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF261EE0(615bee0) Type: 8 Event Object Header: 0xFF261EC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF260520(6363520) Type: 12 Semaphore Object Header: 0xFF260508 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25E4C0(63974c0) Type: 8 Event Object Header: 0xFF25E4A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25E480(6397480) Type: 12 Semaphore Object Header: 0xFF25E468 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25E780(6397780) Type: 12 Semaphore Object Header: 0xFF25E768 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1F160(540d160) Type: 18 Key Object Header: 0xE1E1F148 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ OBJECT: 0xFF25D7A0(639b7a0) Type: 8 Event Object Header: 0xFF25D788 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25C900(64a7900) Type: 8 Event Object Header: 0xFF25C8E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25CE20(64a7e20) Type: 8 Event Object Header: 0xFF25CE08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25BA10(65b9a10) Type: 8 Event Object Header: 0xFF25B9F8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventAvConsole SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE1304CA0(1a1dca0) Type: 18 Key Object Header: 0xE1304C88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xFF24F290(6743290) Type: 8 Event Object Header: 0xFF24F278 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventVsStat SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F250(6743250) Type: 8 Event Object Header: 0xFF24F238 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventVshWin32 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F210(6743210) Type: 8 Event Object Header: 0xFF24F1F8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventDownScan SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F1D0(67431d0) Type: 8 Event Object Header: 0xFF24F1B8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventInternet SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F190(6743190) Type: 8 Event Object Header: 0xFF24F178 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventEMail SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F150(6743150) Type: 8 Event Object Header: 0xFF24F138 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventScan32 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24E030(66c5030) Type: 8 Event Object Header: 0xFF24E018 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventMcUpdate SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EFF0(66c5ff0) Type: 8 Event Object Header: 0xFF24EFD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventConfWiz SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EFB0(66c5fb0) Type: 8 Event Object Header: 0xFF24EF98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventCCMail SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EF70(66c5f70) Type: 8 Event Object Header: 0xFF24EF58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventVsConfig SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EF30(66c5f30) Type: 8 Event Object Header: 0xFF24EF18 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventAvSynMgr SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EEF0(66c5ef0) Type: 8 Event Object Header: 0xFF24EED8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventLauncher SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EEB0(66c5eb0) Type: 8 Event Object Header: 0xFF24EE98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventManagement0 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EE70(66c5e70) Type: 8 Event Object Header: 0xFF24EE58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventManagement1 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EE30(66c5e30) Type: 8 Event Object Header: 0xFF24EE18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventManagement2 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EDF0(66c5df0) Type: 8 Event Object Header: 0xFF24EDD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventManagement3 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EDB0(66c5db0) Type: 8 Event Object Header: 0xFF24ED98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventManagement4 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24ED70(66c5d70) Type: 8 Event Object Header: 0xFF24ED58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventAvsmcpa SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24ED30(66c5d30) Type: 8 Event Object Header: 0xFF24ED18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventScan32USER SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24ECF0(66c5cf0) Type: 8 Event Object Header: 0xFF24ECD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventMcStub SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24ECB0(66c5cb0) Type: 8 Event Object Header: 0xFF24EC98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventNaAmgCfg SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF25D740(639b740) Type: 8 Event Object Header: 0xFF25D728 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24F450(6743450) Type: 10 Mutant Object Header: 0xFF24F438 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSynchStackMutex SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE1E7C200(6657200) Type: 17 Section Object Header: 0xE1E7C1E8 GrantedAccess: f0007 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateMapping SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E7E3A8(662c3a8) BasedAddress: 0x08D2C4D0 SizeOfSegment: 0xdea80 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\Sync_map.mmf OBJECT: 0xFF24E7C0(66c57c0) Type: 6 Thread Object Header: 0xFF24E7A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.00000204 ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFF25D990(639b990) Type: 10 Mutant Object Header: 0xFF25D978 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSynchOnReqStateChangeMutex SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF251260(65f2260) Type: 8 Event Object Header: 0xFF251248 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25BC30(65b9c30) Type: 8 Event Object Header: 0xFF25BC18 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: AvServiceOptionsFlushEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF25D030(639b030) Type: 10 Mutant Object Header: 0xFF25D018 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: VSCAN_GEN_SEMAPHORE SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE1E8A160(6a73160) Type: 17 Section Object Header: 0xE1E8A148 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: NAI_VIRUSSCAN_GEN SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12C3E48(190fe48) BasedAddress: 0x08D084D8 SizeOfSegment: 0x2630 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\VScanGen.mmf OBJECT: 0xE12C1600(1921600) Type: 18 Key Object Header: 0xE12C15E8 GrantedAccess: 4001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Network Associates\TVD\VirusScan\ OBJECT: 0xE1E8D2A0(67d22a0) Type: 17 Section Object Header: 0xE1E8D288 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: NAI_VIRUSSCAN_OAS SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE136EB08(27a7b08) BasedAddress: 0x08DC6CC0 SizeOfSegment: 0x4a8c SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\VScanOas.mmf OBJECT: 0xE1E95880(683c880) Type: 17 Section Object Header: 0xE1E95868 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: NAI_VIRUSSCAN_OAS_EXL SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12C99E8(19299e8) BasedAddress: 0x08DE04C8 SizeOfSegment: 0x6590 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dVS_Excl.mmf OBJECT: 0xE1E29A20(5455a20) Type: 18 Key Object Header: 0xE1E29A08 GrantedAccess: 4001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\Vshield\Internet Filter\ReportOptions\ OBJECT: 0xFF250ED0(6797ed0) Type: 10 Mutant Object Header: 0xFF250EB8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: VSCAN_OAS_SEMAPHORE SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE1E95680(683c680) Type: 17 Section Object Header: 0xE1E95668 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: NAI_VIRUSSCAN_AVCONSOL SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12CAEC8(192aec8) BasedAddress: 0x08DE6CC0 SizeOfSegment: 0x6160 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\AVConsol.mmf OBJECT: 0xE1E98C40(6be7c40) Type: 17 Section Object Header: 0xE1E98C28 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: NAI_VIRUSSCAN_AVCONSOLSCAN SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E99008(6a4a008) BasedAddress: 0x08DF2CC0 SizeOfSegment: 0x13d620 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Excl.mmf OBJECT: 0xE1E965C0(6a1e5c0) Type: 18 Key Object Header: 0xE1E965A8 GrantedAccess: 4001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Network Associates\TVD\VirusScan\AVConsol\General\ OBJECT: 0xE1E96300(6a1e300) Type: 18 Key Object Header: 0xE1E962E8 GrantedAccess: 4001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Network Associates\TVD\VirusScan\ OBJECT: 0xE1E989A0(6be79a0) Type: 17 Section Object Header: 0xE1E98988 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: NAI_VIRUSSCAN_AVCONSOLEXCL SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E99988(6a4a988) BasedAddress: 0x08DF54C0 SizeOfSegment: 0x13d620 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Scan.mmf OBJECT: 0xE1E9B040(694d040) Type: 17 Section Object Header: 0xE1E9B028 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: NAI_VIRUSSCAN_DAVCONSOL SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E9AC28(692cc28) BasedAddress: 0x08DF6CD8 SizeOfSegment: 0xdf318 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Cons.mmf OBJECT: 0xE1E9D100(6971100) Type: 17 Section Object Header: 0xE1E9D0E8 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: NAI_VIRUSSCAN_ODS SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E39E68(564de68) BasedAddress: 0x08A1B4C0 SizeOfSegment: 0x2ca8 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\VScanOds.mmf OBJECT: 0xE1E9F520(6dd6520) Type: 17 Section Object Header: 0xE1E9F508 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: NAI_VIRUSSCAN_ODS_EXL SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12CF408(191b408) BasedAddress: 0x08E08CC8 SizeOfSegment: 0x6590 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dExclDef.mmf OBJECT: 0xE1E9F020(6dd6020) Type: 18 Key Object Header: 0xE1E9F008 GrantedAccess: 4001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Demand Scanner\Scan32\LaunchInfo\ OBJECT: 0xE1E9F260(6dd6260) Type: 17 Section Object Header: 0xE1E9F248 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: NAI_VIRUSSCAN_ODS_SCAN SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12B8808(18de808) BasedAddress: 0x08E10CD0 SizeOfSegment: 0x6590 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dScanDef.mmf OBJECT: 0xFF250ED0(6797ed0) Type: 10 Mutant Object Header: 0xFF250EB8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: VSCAN_OAS_SEMAPHORE SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFF1EA120(294e120) Type: 6 Thread Object Header: 0xFF1EA108 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D0.000002DC ThreadsProcess: 0xFF26F9E0 OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF231120(6f2d120) Type: 5 Process Object Header: 0xFF231108 GrantedAccess: 1f0fff PointerCount: 23 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: VsStat.exe OBJECT: 0xFF2314E8(6f2d4e8) Type: 26 File Object Header: 0xFF2314D0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32 OBJECT: 0xFF231120(6f2d120) Type: 5 Process Object Header: 0xFF231108 GrantedAccess: 1f0fff PointerCount: 23 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: VsStat.exe OBJECT: 0xFF22F780(7784780) Type: 5 Process Object Header: 0xFF22F768 GrantedAccess: 1f0fff PointerCount: 18 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avconsol.exe 11. TABLE: 0xFF26EB88(5fbbb88): Table: 0xE1E71000 QuotaProcess: 0xFF27D020 ProcessId: 1e0 HandleCount: 233 CapturedHandleCount: 233 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1E6C610(5f35610) Type: 17 Section Object Header: 0xE1E6C5F8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE12E60A8(198a0a8) BasedAddress: 0x089C0C38 SizeOfSegment: 0x5000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\svchost.exe OBJECT: 0xFF266B40(6020b40) Type: 8 Event Object Header: 0xFF266B28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF266B00(6020b00) Type: 8 Event Object Header: 0xFF266AE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF266AA0(6020aa0) Type: 8 Event Object Header: 0xFF266A88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF266868(6020868) Type: 26 File Object Header: 0xFF266850 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF266560(6020560) Type: 8 Event Object Header: 0xFF266548 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1E6C230(5f35230) Type: 19 Port Object Header: 0xE1E6C218 GrantedAccess: 1f0001 PointerCount: 16 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001E0.000001DC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1361920(229c920) Type: 18 Key Object Header: 0xE1361908 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF2663A0(60203a0) Type: 8 Event Object Header: 0xFF266388 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation Object Header: 0xFF29A440 GrantedAccess: f016e PointerCount: 28 HandleCount: 17 Directory: 0xFCC663D0 Name: Service-0x0-3e7$ OBJECT: 0xFF298ED8(536eed8) Type: 16 Desktop Object Header: 0xFF298EC0 GrantedAccess: f00cf PointerCount: 344 HandleCount: 10 Directory: 0x00000000 Name: Default OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation Object Header: 0xFF29A440 GrantedAccess: f016e PointerCount: 28 HandleCount: 17 Directory: 0xFCC663D0 Name: Service-0x0-3e7$ OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xE1E6C3F0(5f353f0) Type: 4 Token Object Header: 0xE1E6C3D8 GrantedAccess: 8 PointerCount: 19 HandleCount: 1 SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,6285} ParentToken ID: {0,0} Modified ID: {0,72ac} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF266228(6020228) Type: 26 File Object Header: 0xFF266210 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF2660C0(60200c0) Type: 8 Event Object Header: 0xFF2660A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF266080(6020080) Type: 8 Event Object Header: 0xFF266068 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF266140(6020140) Type: 8 Event Object Header: 0xFF266128 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF265D60(5f0bd60) Type: 8 Event Object Header: 0xFF265D48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF266D00(6020d00) Type: 6 Thread Object Header: 0xFF266CE8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000001DC ThreadsProcess: 0xFF27D020 OBJECT: 0xFF265D20(5f0bd20) Type: 8 Event Object Header: 0xFF265D08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E6FB30(602fb30) Type: 19 Port Object Header: 0xE1E6FB18 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001E0.000001DC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF266188(6020188) Type: 26 File Object Header: 0xFF266170 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe5 OBJECT: 0xFF265400(5f0b400) Type: 25 IoCompletion Object Header: 0xFF2653E8 GrantedAccess: 1f0003 PointerCount: 12 HandleCount: 2 Waiting Thread: 0xFF1C7DA0 Process: 0xFF27D020 APCProcess: 0xFF27D020 OBJECT: 0xFF265400(5f0b400) Type: 25 IoCompletion Object Header: 0xFF2653E8 GrantedAccess: 1f0003 PointerCount: 12 HandleCount: 2 Waiting Thread: 0xFF1C7DA0 Process: 0xFF27D020 APCProcess: 0xFF27D020 OBJECT: 0xFF27FDC8(5ca7dc8) Type: 26 File Object Header: 0xFF27FDB0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF265800(5f0b800) Type: 8 Event Object Header: 0xFF2657E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2632A0(60c52a0) Type: 8 Event Object Header: 0xFF263288 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF263FE0(60c5fe0) Type: 8 Event Object Header: 0xFF263FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF263200(60c5200) Type: 8 Event Object Header: 0xFF2631E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF263FA0(60c5fa0) Type: 8 Event Object Header: 0xFF263F88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF262BA0(6296ba0) Type: 8 Event Object Header: 0xFF262B88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF264020(62d3020) Type: 6 Thread Object Header: 0xFF264008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000001E8 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF264FE0(62d3fe0) Type: 8 Event Object Header: 0xFF264FC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1349940(1ae7940) Type: 19 Port Object Header: 0xE1349928 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCC93030 Name: OLE2 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000001E0.000001E8 ClientThread: 0x00000000 ServerProcess: 0xFF27D020 OBJECT: 0xFF264C80(62d3c80) Type: 8 Event Object Header: 0xFF264C68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25B20(1042b20) Type: 8 Event Object Header: 0xFCA25B08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12ACB80(19ecb80) Type: 18 Key Object Header: 0xE12ACB68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1E1F540(540d540) Type: 18 Key Object Header: 0xE1E1F528 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFCA25AA0(1042aa0) Type: 8 Event Object Header: 0xFCA25A88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF261E40(615be40) Type: 8 Event Object Header: 0xFF261E28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1E1C0(540c1c0) Type: 18 Key Object Header: 0xE1E1E1A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE1E1F5C0(540d5c0) Type: 18 Key Object Header: 0xE1E1F5A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF261DC0(615bdc0) Type: 8 Event Object Header: 0xFF261DA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1F700(540d700) Type: 18 Key Object Header: 0xE1E1F6E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF261D40(615bd40) Type: 8 Event Object Header: 0xFF261D28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1350CA0(1b0aca0) Type: 18 Key Object Header: 0xE1350C88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF261CC0(615bcc0) Type: 8 Event Object Header: 0xFF261CA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE134F2E0(1b042e0) Type: 18 Key Object Header: 0xE134F2C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF261C40(615bc40) Type: 8 Event Object Header: 0xFF261C28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF261BC0(615bbc0) Type: 8 Event Object Header: 0xFF261BA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1350DE0(1b0ade0) Type: 18 Key Object Header: 0xE1350DC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF261B40(615bb40) Type: 8 Event Object Header: 0xFF261B28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE134F2A0(1b042a0) Type: 18 Key Object Header: 0xE134F288 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF261AC0(615bac0) Type: 8 Event Object Header: 0xFF261AA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE134F380(1b04380) Type: 18 Key Object Header: 0xE134F368 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF261A20(615ba20) Type: 8 Event Object Header: 0xFF261A08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE1E1E180(540c180) Type: 18 Key Object Header: 0xE1E1E168 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF24C800(65cb800) Type: 8 Event Object Header: 0xFF24C7E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF289C40(58c3c40) Type: 8 Event Object Header: 0xFF289C28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25B760(65b9760) Type: 6 Thread Object Header: 0xFF25B748 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000001FC ThreadsProcess: 0xFF27D020 OBJECT: 0xFF27B710(5cf0710) Type: 8 Event Object Header: 0xFF27B6F8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: NtmsSvcStopEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1325DA0(1a8ada0) Type: 18 Key Object Header: 0xE1325D88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xFF236820(6b6b820) Type: 13 Timer Object Header: 0xFF236808 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23AA40(6d9ea40) Type: 6 Thread Object Header: 0xFF23AA28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000220 ThreadsProcess: 0xFF27D020 OBJECT: 0xE1EAA460(6f08460) Type: 17 Section Object Header: 0xE1EAA448 GrantedAccess: f0007 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: SENS Information Cache SecurityDescriptor: 0xE1EAB3B8(6cf23b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;LC;;;WD)(A;;DC;;;SY) Segment: 0xE12D7968(1954968) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF23F680(6d42680) Type: 8 Event Object Header: 0xFF23F668 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23F640(6d42640) Type: 8 Event Object Header: 0xFF23F628 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF235200(6e37200) Type: 8 Event Object Header: 0xFF2351E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF245020(6914020) Type: 6 Thread Object Header: 0xFF245008 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000234 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF250020(6797020) Type: 8 Event Object Header: 0xFF250008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23ECC8(6b46cc8) Type: 26 File Object Header: 0xFF23ECB0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xE1EAD030(6f37030) Type: 19 Port Object Header: 0xE1EAD018 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001E0.00000234 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF245020(6914020) Type: 6 Thread Object Header: 0xFF245008 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000234 ThreadsProcess: 0xFF27D020 OBJECT: 0xE13CC410(330c410) Type: 19 Port Object Header: 0xE13CC3F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001E0.00000144 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCCA8C20(12c5c20) Type: 8 Event Object Header: 0xFCCA8C08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EAC970(6d46970) Type: 19 Port Object Header: 0xE1EAC958 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001E0.000001EC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF23F4E0(6d424e0) Type: 8 Event Object Header: 0xFF23F4C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2354A0(6e374a0) Type: 6 Thread Object Header: 0xFF235488 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000254 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF23F4A0(6d424a0) Type: 8 Event Object Header: 0xFF23F488 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12D2800(1961800) Type: 18 Key Object Header: 0xE12D27E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\ OBJECT: 0xFF245020(6914020) Type: 6 Thread Object Header: 0xFF245008 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000234 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF235360(6e37360) Type: 8 Event Object Header: 0xFF235348 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E191E0(530f1e0) Type: 18 Key Object Header: 0xE1E191C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF2337A0(6c6d7a0) Type: 8 Event Object Header: 0xFF233788 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12ACAE0(19ecae0) Type: 18 Key Object Header: 0xE12ACAC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xE1E26AC0(546dac0) Type: 19 Port Object Header: 0xE1E26AA8 GrantedAccess: 1f0001 PointerCount: 11 HandleCount: 1 Directory: 0xFCC93030 Name: senssvc SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000001E0.00000234 ClientThread: 0x00000000 ServerProcess: 0xFF27D020 OBJECT: 0xFF22DDB0(7b03db0) Type: 8 Event Object Header: 0xFF22DD98 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: Sens Hidden Window Cleanup Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF28FCC0(575bcc0) Type: 8 Event Object Header: 0xFF28FCA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F5020(17d020) Type: 6 Thread Object Header: 0xFF1F5008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000002EC ThreadsProcess: 0xFF27D020 OBJECT: 0xFF213180(e68180) Type: 8 Event Object Header: 0xFF213168 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28D3A0(58b33a0) Type: 8 Event Object Header: 0xFF28D388 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DD340(3d92340) Type: 8 Event Object Header: 0xFF1DD328 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF213080(e68080) Type: 8 Event Object Header: 0xFF213068 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C8C28(3e08c28) Type: 26 File Object Header: 0xFF1C8C10 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\tapsrv OBJECT: 0xFF1C74C8(5974c8) Type: 26 File Object Header: 0xFF1C74B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\tapsrv OBJECT: 0xFF213140(e68140) Type: 8 Event Object Header: 0xFF213128 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C7DA0(597da0) Type: 6 Thread Object Header: 0xFF1C7D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000344 ThreadsProcess: 0xFF27D020 OBJECT: 0xE134F1A0(1b041a0) Type: 19 Port Object Header: 0xE134F188 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCC93030 Name: tapsrvlpc SecurityDescriptor: 0xE12CDA78(1932a78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD) Creator: 000001E0.000002EC ClientThread: 0x00000000 ServerProcess: 0xFF27D020 OBJECT: 0xFF1D0A40(940a40) Type: 8 Event Object Header: 0xFF1D0A28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6020(2898020) Type: 6 Thread Object Header: 0xFF1C6008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000348 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C85C0(3e085c0) Type: 10 Mutant Object Header: 0xFF1C85A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA0430(6c61430) Type: 19 Port Object Header: 0xE1EA0418 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001E0.000002EC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1C7020(597020) Type: 8 Event Object Header: 0xFF1C7008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF290AF0(560baf0) Type: 8 Event Object Header: 0xFF290AD8 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 4 Directory: 0xFCC68730 Name: crypt32LogoffEvent SecurityDescriptor: 0xE1372438(2799438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100000;;;WD) OBJECT: 0xFF1C7400(597400) Type: 12 Semaphore Object Header: 0xFF1C73E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C73C0(5973c0) Type: 12 Semaphore Object Header: 0xFF1C73A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C7380(597380) Type: 8 Event Object Header: 0xFF1C7368 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C7340(597340) Type: 8 Event Object Header: 0xFF1C7328 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6760(2898760) Type: 12 Semaphore Object Header: 0xFF1C6748 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6720(2898720) Type: 12 Semaphore Object Header: 0xFF1C6708 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D3DF20(43dbf20) Type: 18 Key Object Header: 0xE1D3DF08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF1C66E0(28986e0) Type: 8 Event Object Header: 0xFF1C66C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288630(5891630) Type: 10 Mutant Object Header: 0xFF288618 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC68730 Name: RasPbFile SecurityDescriptor: 0xE1E5D318(59fc318) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF1C6640(2898640) Type: 8 Event Object Header: 0xFF1C6628 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6600(2898600) Type: 8 Event Object Header: 0xFF1C65E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C65C0(28985c0) Type: 8 Event Object Header: 0xFF1C65A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6580(2898580) Type: 8 Event Object Header: 0xFF1C6568 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6540(2898540) Type: 8 Event Object Header: 0xFF1C6528 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25FF0(1042ff0) Type: 8 Event Object Header: 0xFCA25FD8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC68730 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF1C6500(2898500) Type: 8 Event Object Header: 0xFF1C64E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C64C0(28984c0) Type: 10 Mutant Object Header: 0xFF1C64A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6480(2898480) Type: 8 Event Object Header: 0xFF1C6468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6440(2898440) Type: 10 Mutant Object Header: 0xFF1C6428 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6400(2898400) Type: 8 Event Object Header: 0xFF1C63E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C63C0(28983c0) Type: 12 Semaphore Object Header: 0xFF1C63A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6380(2898380) Type: 12 Semaphore Object Header: 0xFF1C6368 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1348760(1b03760) Type: 18 Key Object Header: 0xE1348748 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASDLG\ OBJECT: 0xFF1C6340(2898340) Type: 8 Event Object Header: 0xFF1C6328 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BD680(f0c680) Type: 10 Mutant Object Header: 0xFF1BD668 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288630(5891630) Type: 10 Mutant Object Header: 0xFF288618 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC68730 Name: RasPbFile SecurityDescriptor: 0xE1E5D318(59fc318) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF1C6B40(2898b40) Type: 10 Mutant Object Header: 0xFF1C6B28 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6B00(2898b00) Type: 8 Event Object Header: 0xFF1C6AE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2A2BF0(517bbf0) Type: 8 Event Object Header: 0xFF2A2BD8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: NtmsDatafileBackupEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1C3120(93120) Type: 10 Mutant Object Header: 0xFF1C3108 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CA210(6aab210) Type: 10 Mutant Object Header: 0xFF1CA1F8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: NtmsDbChangeNotificationMutex SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1BD480(f0c480) Type: 8 Event Object Header: 0xFF1BD468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D0020(940020) Type: 6 Thread Object Header: 0xFF1D0008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000002F0 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF17E3E0(2ff43e0) Type: 8 Event Object Header: 0xFF17E3C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C54C0(7b6c4c0) Type: 6 Thread Object Header: 0xFF1C54A8 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000354 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C6D60(2898d60) Type: 10 Mutant Object Header: 0xFF1C6D48 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6E40(2898e40) Type: 8 Event Object Header: 0xFF1C6E28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6E00(2898e00) Type: 10 Mutant Object Header: 0xFF1C6DE8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF261880(615b880) Type: 8 Event Object Header: 0xFF261868 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BD880(f0c880) Type: 8 Event Object Header: 0xFF1BD868 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF193700(206b700) Type: 6 Thread Object Header: 0xFF1936E8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.000003E8 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF245DC0(6914dc0) Type: 8 Event Object Header: 0xFF245DA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BD800(f0c800) Type: 8 Event Object Header: 0xFF1BD7E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24B720(66ea720) Type: 8 Event Object Header: 0xFF24B708 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F74530(20c0530) Type: 19 Port Object Header: 0xE1F74518 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001E0.00000258 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF234AE0(6c5dae0) Type: 8 Event Object Header: 0xFF234AC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1BFA030(5d34030) Type: 19 Port Object Header: 0xE1BFA018 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001E0.00000348 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1BF5250(3d8c250) Type: 19 Port Object Header: 0xE1BF5238 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001E0.00000354 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF27D020(5c70020) Type: 5 Process Object Header: 0xFF27D008 GrantedAccess: 1f0040 PointerCount: 113 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF1C47A0(67587a0) Type: 8 Event Object Header: 0xFF1C4788 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF1C47A0(67587a0) Type: 8 Event Object Header: 0xFF1C4788 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xE131D420(1a69420) Type: 18 Key Object Header: 0xE131D408 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\ OBJECT: 0xFF17B488(2dc3488) Type: 26 File Object Header: 0xFF17B470 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\WMIEP_1e0 OBJECT: 0xFF1D2B88(6755b88) Type: 26 File Object Header: 0xFF1D2B70 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\WMIEP_1e0 OBJECT: 0xFF1C4800(6758800) Type: 12 Semaphore Object Header: 0xFF1C47E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F12C90(f13c90) Type: 19 Port Object Header: 0xE1F12C78 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001E0.00000250 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF18E3C0(24993c0) Type: 8 Event Object Header: 0xFF18E3A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C4840(6758840) Type: 12 Semaphore Object Header: 0xFF1C4828 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCDFE7E0(141b7e0) Type: 12 Semaphore Object Header: 0xFCDFE7C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCDFE7A0(141b7a0) Type: 12 Semaphore Object Header: 0xFCDFE788 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCDFE760(141b760) Type: 12 Semaphore Object Header: 0xFCDFE748 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C5020(7b6c020) Type: 12 Semaphore Object Header: 0xFF1C5008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C5420(7b6c420) Type: 12 Semaphore Object Header: 0xFF1C5408 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C53E0(7b6c3e0) Type: 12 Semaphore Object Header: 0xFF1C53C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C53A0(7b6c3a0) Type: 12 Semaphore Object Header: 0xFF1C5388 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C5360(7b6c360) Type: 12 Semaphore Object Header: 0xFF1C5348 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C5320(7b6c320) Type: 12 Semaphore Object Header: 0xFF1C5308 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C52E0(7b6c2e0) Type: 12 Semaphore Object Header: 0xFF1C52C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17DB80(3082b80) Type: 8 Event Object Header: 0xFF17DB68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1C0EC40(7369c40) Type: 18 Key Object Header: 0xE1C0EC28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\ OBJECT: 0xFF17D408(3082408) Type: 26 File Object Header: 0xFF17D3F0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF18F400(237b400) Type: 8 Event Object Header: 0xFF18F3E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17E420(2ff4420) Type: 8 Event Object Header: 0xFF17E408 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2A2E20(517be20) Type: 8 Event Object Header: 0xFF2A2E08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18E360(2499360) Type: 8 Event Object Header: 0xFF18E348 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1C0DB40(35db40) Type: 18 Key Object Header: 0xE1C0DB28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\ OBJECT: 0xFF239800(6e89800) Type: 8 Event Object Header: 0xFF2397E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF239B20(6e89b20) Type: 8 Event Object Header: 0xFF239B08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C0600(e6e600) Type: 8 Event Object Header: 0xFF1C05E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ECDA0(817da0) Type: 6 Thread Object Header: 0xFF1ECD88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000468 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF216420(add420) Type: 8 Event Object Header: 0xFF216408 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF188A20(2d15a20) Type: 8 Event Object Header: 0xFF188A08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1FC5030(3071030) Type: 4 Token Object Header: 0xE1FC5018 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1EDA7B8(8377b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,152c3} ParentToken ID: {0,0} Modified ID: {0,11d67} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x25 SeUndockPrivilege Enabled 3 0x10 SeLoadDriverPrivilege Enabled OBJECT: 0xE1386870(2857870) Type: 19 Port Object Header: 0xE1386858 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001E0.00000378 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1C2160(6f7d160) Type: 12 Semaphore Object Header: 0xFF1C2148 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C2120(6f7d120) Type: 12 Semaphore Object Header: 0xFF1C2108 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C1FE0(7bfcfe0) Type: 8 Event Object Header: 0xFF1C1FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C1F48(7bfcf48) Type: 26 File Object Header: 0xFF1C1F30 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF1C1EE8 (7bfcee8) Unknown1: 0x00530000 (1) Unknown2: 0x5c0057 OBJECT: 0xFF1C1E68(7bfce68) Type: 26 File Object Header: 0xFF1C1E50 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF1C1E08 (7bfce08) Unknown1: 0x00300030 (1) Unknown2: 0x36002d OBJECT: 0xFF1C1D88(7bfcd88) Type: 26 File Object Header: 0xFF1C1D70 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF1C1CE8(7bfcce8) Type: 26 File Object Header: 0xFF1C1CD0 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF1C1C48(7bfcc48) Type: 26 File Object Header: 0xFF1C1C30 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE1F29A80(e6fa80) Type: 18 Key Object Header: 0xE1F29A68 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xE1F29A40(e6fa40) Type: 18 Key Object Header: 0xE1F29A28 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE1F29A00(e6fa00) Type: 18 Key Object Header: 0xE1F299E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE1F299C0(e6f9c0) Type: 18 Key Object Header: 0xE1F299A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xE1FE7410(62c2410) Type: 19 Port Object Header: 0xE1FE73F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001E0.00000378 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF178780(4075780) Type: 8 Event Object Header: 0xFF178768 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1787C0(40757c0) Type: 8 Event Object Header: 0xFF1787A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CE6A0(af56a0) Type: 8 Event Object Header: 0xFF1CE688 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C1900(7bfc900) Type: 8 Event Object Header: 0xFF1C18E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2354A0(6e374a0) Type: 6 Thread Object Header: 0xFF235488 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000254 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C6020(2898020) Type: 6 Thread Object Header: 0xFF1C6008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000348 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF2354A0(6e374a0) Type: 6 Thread Object Header: 0xFF235488 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000254 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF2726F0(5f256f0) Type: 12 Semaphore Object Header: 0xFF2726D8 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 6 Directory: 0xFCC68730 Name: shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1C3460(93460) Type: 8 Event Object Header: 0xFF1C3448 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1BD80(5467d80) Type: 18 Key Object Header: 0xE1E1BD68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF1BF820(1a52820) Type: 8 Event Object Header: 0xFF1BF808 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C5CC8(7b6ccc8) Type: 26 File Object Header: 0xFF1C5CB0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ROUTER OBJECT: 0xFF1BF5C8(1a525c8) Type: 26 File Object Header: 0xFF1BF5B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ROUTER OBJECT: 0xFF1C5C40(7b6cc40) Type: 8 Event Object Header: 0xFF1C5C28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EE5490(862490) Type: 19 Port Object Header: 0xE1EE5478 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001E0.00000258 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1C098F0(54018f0) Type: 19 Port Object Header: 0xE1C098D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001E0.0000034C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1BF220(1a52220) Type: 25 IoCompletion Object Header: 0xFF1BF208 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 OBJECT: 0xFF278FF0(5d81ff0) Type: 8 Event Object Header: 0xFF278FD8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCDFD570 Name: ChangeEventCdRom0 SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF283960(5a9d960) Type: 8 Event Object Header: 0xFF283948 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1C097A0(54017a0) Type: 18 Key Object Header: 0xE1C09788 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF213B60(e68b60) Type: 8 Event Object Header: 0xFF213B48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BC8A0(1a8d8a0) Type: 6 Thread Object Header: 0xFF1BC888 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.00000384 ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1C7A80(597a80) Type: 6 Thread Object Header: 0xFF1C7A68 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.0000034C ThreadsProcess: 0xFF27D020 OBJECT: 0xFF1BDF60(f0cf60) Type: 8 Event Object Header: 0xFF1BDF48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EBB80(3e43b80) Type: 8 Event Object Header: 0xFF1EBB68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FB5E0(d8d5e0) Type: 6 Thread Object Header: 0xFF1FB5C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001E0.0000033C ThreadsProcess: 0xFF27D020 12. TABLE: 0xFF24F8A8(67438a8): Table: 0xE1E8B000 QuotaProcess: 0xFF24B300 ProcessId: 21c HandleCount: 30 CapturedHandleCount: 30 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1E82550(6611550) Type: 17 Section Object Header: 0xE1E82538 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1344A08(1adda08) BasedAddress: 0x08BE5C28 SizeOfSegment: 0x14000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\regsvc.exe OBJECT: 0xFF24BB80(66eab80) Type: 8 Event Object Header: 0xFF24BB68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24BA60(66eaa60) Type: 8 Event Object Header: 0xFF24BA48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24BA20(66eaa20) Type: 8 Event Object Header: 0xFF24BA08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF24BAA8(66eaaa8) Type: 26 File Object Header: 0xFF24BA90 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF24AE60(6869e60) Type: 8 Event Object Header: 0xFF24AE48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1E896D0(663c6d0) Type: 19 Port Object Header: 0xE1E896B8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 0000021C.00000218 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE12DB3A0(19823a0) Type: 18 Key Object Header: 0xE12DB388 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF246308(67df308) Type: 26 File Object Header: 0xFF2462F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe6 OBJECT: 0xFF2462C0(67df2c0) Type: 8 Event Object Header: 0xFF2462A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF246240(67df240) Type: 8 Event Object Header: 0xFF246228 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF246200(67df200) Type: 8 Event Object Header: 0xFF2461E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25C100(64a7100) Type: 25 IoCompletion Object Header: 0xFF25C0E8 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 2 Waiting Thread: 0xFF244DA0 Process: 0xFF24B300 APCProcess: 0xFF24B300 OBJECT: 0xFF25C100(64a7100) Type: 25 IoCompletion Object Header: 0xFF25C0E8 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 2 Waiting Thread: 0xFF244DA0 Process: 0xFF24B300 APCProcess: 0xFF24B300 OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF2461C0(67df1c0) Type: 8 Event Object Header: 0xFF2461A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24A020(6869020) Type: 6 Thread Object Header: 0xFF24A008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000021C.00000218 ThreadsProcess: 0xFF24B300 OBJECT: 0xFF246180(67df180) Type: 8 Event Object Header: 0xFF246168 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF250C68(6797c68) Type: 26 File Object Header: 0xFF250C50 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF245840(6914840) Type: 12 Semaphore Object Header: 0xFF245828 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF245800(6914800) Type: 12 Semaphore Object Header: 0xFF2457E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2502E8(67972e8) Type: 26 File Object Header: 0xFF2502D0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\winreg OBJECT: 0xFF245708(6914708) Type: 26 File Object Header: 0xFF2456F0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\winreg OBJECT: 0xFF245660(6914660) Type: 8 Event Object Header: 0xFF245648 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF244DA0(6a77da0) Type: 6 Thread Object Header: 0xFF244D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000021C.00000224 ThreadsProcess: 0xFF24B300 OBJECT: 0xFF245550(6914550) Type: 8 Event Object Header: 0xFF245538 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: Microsoft.RPC_Registry_Server SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1E8FCD0(6886cd0) Type: 19 Port Object Header: 0xE1E8FCB8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 0000021C.00000188 ClientThread: 0x00000000 ServerProcess: 0x00000000 13. TABLE: 0xFF24DEE8(6704ee8): Table: 0xE1E92000 QuotaProcess: 0xFF244020 ProcessId: 228 HandleCount: 138 CapturedHandleCount: 138 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1E90A90(692aa90) Type: 17 Section Object Header: 0xE1E90A78 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1E27A48(540fa48) BasedAddress: 0x08DB7C30 SizeOfSegment: 0x1e000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\MSTask.exe OBJECT: 0xFF246700(67df700) Type: 8 Event Object Header: 0xFF2466E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2466C0(67df6c0) Type: 8 Event Object Header: 0xFF2466A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF246660(67df660) Type: 8 Event Object Header: 0xFF246648 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF244648(6a77648) Type: 26 File Object Header: 0xFF244630 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF243240(6985240) Type: 8 Event Object Header: 0xFF243228 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1E96750(6a1e750) Type: 19 Port Object Header: 0xE1E96738 GrantedAccess: 1f0001 PointerCount: 7 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000228.00000188 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFF2430E0(69850e0) Type: 8 Event Object Header: 0xFF2430C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E97F60(6ac1f60) Type: 18 Key Object Header: 0xE1E97F48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF242F20(697ff20) Type: 8 Event Object Header: 0xFF242F08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFF23C358(6ab1358) Type: 15 WindowStation Object Header: 0xFF23C340 GrantedAccess: f037f PointerCount: 6 HandleCount: 2 Directory: 0xFCC663D0 Name: SAWinSta OBJECT: 0xFF242E00(697fe00) Type: 8 Event Object Header: 0xFF242DE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF242DC0(697fdc0) Type: 8 Event Object Header: 0xFF242DA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E966C0(6a1e6c0) Type: 18 Key Object Header: 0xE1E966A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE1E96680(6a1e680) Type: 18 Key Object Header: 0xE1E96668 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1E96640(6a1e640) Type: 18 Key Object Header: 0xE1E96628 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE1E96600(6a1e600) Type: 18 Key Object Header: 0xE1E965E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFCA25FF0(1042ff0) Type: 8 Event Object Header: 0xFCA25FD8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC68730 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF2403E8(6ad83e8) Type: 26 File Object Header: 0xFF2403D0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe7 OBJECT: 0xFF241F88(692ef88) Type: 26 File Object Header: 0xFF241F70 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\SchedLgU.Txt OBJECT: 0xFF240320(6ad8320) Type: 8 Event Object Header: 0xFF240308 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF240480(6ad8480) Type: 8 Event Object Header: 0xFF240468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2406C0(6ad86c0) Type: 8 Event Object Header: 0xFF2406A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF241E60(692ee60) Type: 25 IoCompletion Object Header: 0xFF241E48 GrantedAccess: 1f0003 PointerCount: 9 HandleCount: 2 Waiting Thread: 0xFF2372C0 Process: 0xFF244020 APCProcess: 0xFF244020 OBJECT: 0xFF241E60(692ee60) Type: 25 IoCompletion Object Header: 0xFF241E48 GrantedAccess: 1f0003 PointerCount: 9 HandleCount: 2 Waiting Thread: 0xFF2372C0 Process: 0xFF244020 APCProcess: 0xFF244020 OBJECT: 0xFF23FCC0(6d42cc0) Type: 8 Event Object Header: 0xFF23FCA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2446E0(6a776e0) Type: 6 Thread Object Header: 0xFF2446C8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000188 ThreadsProcess: 0xFF244020 OBJECT: 0xFF23FC80(6d42c80) Type: 8 Event Object Header: 0xFF23FC68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF240A28(6ad8a28) Type: 26 File Object Header: 0xFF240A10 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF240360(6ad8360) Type: 8 Event Object Header: 0xFF240348 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24D380(6704380) Type: 6 Thread Object Header: 0xFF24D368 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.0000020C ThreadsProcess: 0xFF244020 OBJECT: 0xFF23CC60(6ab1c60) Type: 8 Event Object Header: 0xFF23CC48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24A898(6869898) Type: 16 Desktop Object Header: 0xFF24A880 GrantedAccess: f01ff PointerCount: 9 HandleCount: 1 Directory: 0x00000000 Name: SADesktop OBJECT: 0xFF23CDA0(6ab1da0) Type: 8 Event Object Header: 0xFF23CD88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23C358(6ab1358) Type: 15 WindowStation Object Header: 0xFF23C340 GrantedAccess: f037f PointerCount: 6 HandleCount: 2 Directory: 0xFCC663D0 Name: SAWinSta OBJECT: 0xFF23CC20(6ab1c20) Type: 8 Event Object Header: 0xFF23CC08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23CBE0(6ab1be0) Type: 8 Event Object Header: 0xFF23CBC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23CBA0(6ab1ba0) Type: 8 Event Object Header: 0xFF23CB88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29B5A0(529e5a0) Type: 13 Timer Object Header: 0xFF29B588 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23C9A0(6ab19a0) Type: 8 Event Object Header: 0xFF23C988 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23B0E0(6c750e0) Type: 8 Event Object Header: 0xFF23B0C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA6030(6d81030) Type: 19 Port Object Header: 0xE1EA6018 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000228.0000020C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1E26700(546d700) Type: 19 Port Object Header: 0xE1E266E8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCC93030 Name: LRPC00000228.00000001 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 00000228.0000020C ClientThread: 0x00000000 ServerProcess: 0xFF244020 OBJECT: 0xFF23AF40(6d9ef40) Type: 8 Event Object Header: 0xFF23AF28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23A6A0(6d9e6a0) Type: 6 Thread Object Header: 0xFF23A688 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.0000023C ThreadsProcess: 0xFF244020 OBJECT: 0xFF23D980(6bea980) Type: 8 Event Object Header: 0xFF23D968 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24D380(6704380) Type: 6 Thread Object Header: 0xFF24D368 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.0000020C ThreadsProcess: 0xFF244020 OBJECT: 0xE1EA6FE0(6d81fe0) Type: 18 Key Object Header: 0xE1EA6FC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF23A660(6d9e660) Type: 8 Event Object Header: 0xFF23A648 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA7FA0(6e03fa0) Type: 18 Key Object Header: 0xE1EA7F88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xFF2395A0(6e895a0) Type: 8 Event Object Header: 0xFF239588 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF239D60(6e89d60) Type: 8 Event Object Header: 0xFF239D48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF239560(6e89560) Type: 10 Mutant Object Header: 0xFF239548 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF239CC0(6e89cc0) Type: 8 Event Object Header: 0xFF239CA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1A4E0(537c4e0) Type: 18 Key Object Header: 0xE1E1A4C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE13619E0(229c9e0) Type: 18 Key Object Header: 0xE13619C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF239C20(6e89c20) Type: 8 Event Object Header: 0xFF239C08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF239B80(6e89b80) Type: 8 Event Object Header: 0xFF239B68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE137BEC0(2807ec0) Type: 18 Key Object Header: 0xE137BEA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE1375AE0(27dcae0) Type: 18 Key Object Header: 0xE1375AC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF239AE0(6e89ae0) Type: 8 Event Object Header: 0xFF239AC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE137BE00(2807e00) Type: 18 Key Object Header: 0xE137BDE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF239A40(6e89a40) Type: 8 Event Object Header: 0xFF239A28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE137BD80(2807d80) Type: 18 Key Object Header: 0xE137BD68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF2399A0(6e899a0) Type: 8 Event Object Header: 0xFF239988 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1382FE0(281afe0) Type: 18 Key Object Header: 0xE1382FC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF239900(6e89900) Type: 8 Event Object Header: 0xFF2398E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF239860(6e89860) Type: 8 Event Object Header: 0xFF239848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA72C0(6e032c0) Type: 18 Key Object Header: 0xE1EA72A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF2397C0(6e897c0) Type: 8 Event Object Header: 0xFF2397A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA7240(6e03240) Type: 18 Key Object Header: 0xE1EA7228 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF239720(6e89720) Type: 8 Event Object Header: 0xFF239708 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA71C0(6e031c0) Type: 18 Key Object Header: 0xE1EA71A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF239680(6e89680) Type: 8 Event Object Header: 0xFF239668 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF239520(6e89520) Type: 8 Event Object Header: 0xFF239508 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2394E0(6e894e0) Type: 10 Mutant Object Header: 0xFF2394C8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2394A0(6e894a0) Type: 8 Event Object Header: 0xFF239488 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF239460(6e89460) Type: 10 Mutant Object Header: 0xFF239448 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF239420(6e89420) Type: 12 Semaphore Object Header: 0xFF239408 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2393E0(6e893e0) Type: 12 Semaphore Object Header: 0xFF2393C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2393A0(6e893a0) Type: 8 Event Object Header: 0xFF239388 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF239360(6e89360) Type: 8 Event Object Header: 0xFF239348 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238020(6de0020) Type: 12 Semaphore Object Header: 0xFF238008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238FE0(6de0fe0) Type: 12 Semaphore Object Header: 0xFF238FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA7020(6e03020) Type: 18 Key Object Header: 0xE1EA7008 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF238FA0(6de0fa0) Type: 8 Event Object Header: 0xFF238F88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288630(5891630) Type: 10 Mutant Object Header: 0xFF288618 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC68730 Name: RasPbFile SecurityDescriptor: 0xE1E5D318(59fc318) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF238EE0(6de0ee0) Type: 8 Event Object Header: 0xFF238EC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238EA0(6de0ea0) Type: 8 Event Object Header: 0xFF238E88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238E60(6de0e60) Type: 8 Event Object Header: 0xFF238E48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238E20(6de0e20) Type: 12 Semaphore Object Header: 0xFF238E08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238DE0(6de0de0) Type: 12 Semaphore Object Header: 0xFF238DC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238DA0(6de0da0) Type: 8 Event Object Header: 0xFF238D88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23DA08(6beaa08) Type: 26 File Object Header: 0xFF23D9F0 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF238D48 (6de0d48) OBJECT: 0xFF238CC8(6de0cc8) Type: 26 File Object Header: 0xFF238CB0 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF238C68 (6de0c68) OBJECT: 0xFF238BE8(6de0be8) Type: 26 File Object Header: 0xFF238BD0 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF238B48(6de0b48) Type: 26 File Object Header: 0xFF238B30 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF238AA8(6de0aa8) Type: 26 File Object Header: 0xFF238A90 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE1EA8460(6e27460) Type: 18 Key Object Header: 0xE1EA8448 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xFF2389E0(6de09e0) Type: 8 Event Object Header: 0xFF2389C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA8420(6e27420) Type: 18 Key Object Header: 0xE1EA8408 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE1EA9860(6e68860) Type: 18 Key Object Header: 0xE1EA9848 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE1EA9820(6e68820) Type: 18 Key Object Header: 0xE1EA9808 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xFF238A60(6de0a60) Type: 8 Event Object Header: 0xFF238A48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238928(6de0928) Type: 26 File Object Header: 0xFF238910 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF2387E8 (6de07e8) Type: 0xafd4 Process: 0xFF244020 MSTask.exe EndpointLinks: {0xFF275638:FF2376F8} AfdTransportAddress: 0xFF279168 (5d1f168) DeviceString: \Device\Tcp OBJECT: 0xFF2387C0(6de07c0) Type: 8 Event Object Header: 0xFF2387A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EAA030(6f08030) Type: 19 Port Object Header: 0xE1EAA018 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000228.0000020C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF2386C8(6de06c8) Type: 26 File Object Header: 0xFF2386B0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF238668 (6de0668) Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} OBJECT: 0xFF237840(6cca840) Type: 12 Semaphore Object Header: 0xFF237828 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF237880(6cca880) Type: 12 Semaphore Object Header: 0xFF237868 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1B8A0(54678a0) Type: 18 Key Object Header: 0xE1E1B888 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASADHLP\ OBJECT: 0xFF237800(6cca800) Type: 8 Event Object Header: 0xFF2377E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF237780(6cca780) Type: 8 Event Object Header: 0xFF237768 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2372C0(6cca2c0) Type: 6 Thread Object Header: 0xFF2372A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000244 ThreadsProcess: 0xFF244020 OBJECT: 0xFF237B48(6ccab48) Type: 26 File Object Header: 0xFF237B30 GrantedAccess: 160089 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\Winsock2\CatalogChangeListener-228-0 OBJECT: 0xFF2372C0(6cca2c0) Type: 6 Thread Object Header: 0xFF2372A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000244 ThreadsProcess: 0xFF244020 OBJECT: 0xFF237AA0(6ccaaa0) Type: 8 Event Object Header: 0xFF237A88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF237148(6cca148) Type: 26 File Object Header: 0xFF237130 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF237648 (6cca648) Type: 0xafd0 Process: 0xFF244020 MSTask.exe EndpointLinks: {0xFF238898:FF234638} AfdTransportAddress: 0xFF279168 (5d1f168) DeviceString: \Device\Tcp OBJECT: 0xFF236EE8(6b6bee8) Type: 26 File Object Header: 0xFF236ED0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\atsvc OBJECT: 0xFF236E48(6b6be48) Type: 26 File Object Header: 0xFF236E30 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\atsvc OBJECT: 0xE1EA9450(6e68450) Type: 19 Port Object Header: 0xE1EA9438 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000228.0000020C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF23A2A0(6d9e2a0) Type: 6 Thread Object Header: 0xFF23A288 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000248 ThreadsProcess: 0xFF244020 OBJECT: 0xFF237620(6cca620) Type: 8 Event Object Header: 0xFF237608 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23A188(6d9e188) Type: 26 File Object Header: 0xFF23A170 GrantedAccess: 100001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Tasks OBJECT: 0xFF2364E0(6b6b4e0) Type: 8 Event Object Header: 0xFF2364C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23A2A0(6d9e2a0) Type: 6 Thread Object Header: 0xFF23A288 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.00000248 ThreadsProcess: 0xFF244020 OBJECT: 0xFF1B3FE0(b56fe0) Type: 8 Event Object Header: 0xFF1B3FC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BAAE0(3e35ae0) Type: 5 Process Object Header: 0xFF1BAAC8 GrantedAccess: 1f0fff PointerCount: 118 HandleCount: 5 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Explorer.Exe OBJECT: 0xE1EBA6F0(64ab6f0) Type: 4 Token Object Header: 0xE1EBA6D8 GrantedAccess: b PointerCount: 19 HandleCount: 2 SecurityDescriptor: 0xE1EB2778(9a4778) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,c615} ParentToken ID: {0,0} Modified ID: {0,11d67} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF24D380(6704380) Type: 6 Thread Object Header: 0xFF24D368 GrantedAccess: 80 PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000228.0000020C ThreadsProcess: 0xFF244020 14. TABLE: 0xFF23EC28(6b46c28): Table: 0xE1EB0000 QuotaProcess: 0xFF231120 ProcessId: 264 HandleCount: 64 CapturedHandleCount: 64 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12D0FD0(193dfd0) Type: 17 Section Object Header: 0xE12D0FB8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1EAD328(6f37328) BasedAddress: 0x08F01C20 SizeOfSegment: 0x17000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\VsStat.exe OBJECT: 0xFF232800(70d3800) Type: 8 Event Object Header: 0xFF2327E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232780(70d3780) Type: 8 Event Object Header: 0xFF232768 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF241560(692e560) Type: 8 Event Object Header: 0xFF241548 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF2415A8(692e5a8) Type: 26 File Object Header: 0xFF241590 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF24C3E0(65cb3e0) Type: 8 Event Object Header: 0xFF24C3C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1EAE790(7107790) Type: 19 Port Object Header: 0xE1EAE778 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000264.00000260 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF24C220(65cb220) Type: 8 Event Object Header: 0xFF24C208 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xE1E27540(540f540) Type: 18 Key Object Header: 0xE1E27528 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE1E28C40(53f2c40) Type: 18 Key Object Header: 0xE1E28C28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE1E27580(540f580) Type: 18 Key Object Header: 0xE1E27568 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1E275E0(540f5e0) Type: 18 Key Object Header: 0xE1E275C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE12E1580(1971580) Type: 18 Key Object Header: 0xE12E1568 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF24C120(65cb120) Type: 8 Event Object Header: 0xFF24C108 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF230E40(72d2e40) Type: 8 Event Object Header: 0xFF230E28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230D00(72d2d00) Type: 8 Event Object Header: 0xFF230CE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230E00(72d2e00) Type: 8 Event Object Header: 0xFF230DE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230C80(72d2c80) Type: 12 Semaphore Object Header: 0xFF230C68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230C00(72d2c00) Type: 8 Event Object Header: 0xFF230BE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230BC0(72d2bc0) Type: 12 Semaphore Object Header: 0xFF230BA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230B80(72d2b80) Type: 12 Semaphore Object Header: 0xFF230B68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E264C0(546d4c0) Type: 18 Key Object Header: 0xE1E264A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ OBJECT: 0xFF230B00(72d2b00) Type: 8 Event Object Header: 0xFF230AE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230980(72d2980) Type: 8 Event Object Header: 0xFF230968 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230A00(72d2a00) Type: 8 Event Object Header: 0xFF2309E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230800(72d2800) Type: 8 Event Object Header: 0xFF2307E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230850(72d2850) Type: 10 Mutant Object Header: 0xFF230838 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: NAI_VS_STAT SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF25BA10(65b9a10) Type: 8 Event Object Header: 0xFF25B9F8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventAvConsole SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F290(6743290) Type: 8 Event Object Header: 0xFF24F278 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventVsStat SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F250(6743250) Type: 8 Event Object Header: 0xFF24F238 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventVshWin32 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F210(6743210) Type: 8 Event Object Header: 0xFF24F1F8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventDownScan SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F1D0(67431d0) Type: 8 Event Object Header: 0xFF24F1B8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventInternet SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F190(6743190) Type: 8 Event Object Header: 0xFF24F178 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventEMail SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F150(6743150) Type: 8 Event Object Header: 0xFF24F138 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventScan32 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24E030(66c5030) Type: 8 Event Object Header: 0xFF24E018 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventMcUpdate SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EFF0(66c5ff0) Type: 8 Event Object Header: 0xFF24EFD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventConfWiz SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EFB0(66c5fb0) Type: 8 Event Object Header: 0xFF24EF98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventCCMail SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EF70(66c5f70) Type: 8 Event Object Header: 0xFF24EF58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventVsConfig SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EF30(66c5f30) Type: 8 Event Object Header: 0xFF24EF18 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventAvSynMgr SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EEF0(66c5ef0) Type: 8 Event Object Header: 0xFF24EED8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventLauncher SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EEB0(66c5eb0) Type: 8 Event Object Header: 0xFF24EE98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventManagement0 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EE70(66c5e70) Type: 8 Event Object Header: 0xFF24EE58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventManagement1 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EE30(66c5e30) Type: 8 Event Object Header: 0xFF24EE18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventManagement2 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EDF0(66c5df0) Type: 8 Event Object Header: 0xFF24EDD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventManagement3 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EDB0(66c5db0) Type: 8 Event Object Header: 0xFF24ED98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventManagement4 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24ED70(66c5d70) Type: 8 Event Object Header: 0xFF24ED58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventAvsmcpa SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24ED30(66c5d30) Type: 8 Event Object Header: 0xFF24ED18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventScan32USER SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24ECF0(66c5cf0) Type: 8 Event Object Header: 0xFF24ECD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventMcStub SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24ECB0(66c5cb0) Type: 8 Event Object Header: 0xFF24EC98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventNaAmgCfg SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF2306E0(72d26e0) Type: 8 Event Object Header: 0xFF2306C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24F450(6743450) Type: 10 Mutant Object Header: 0xFF24F438 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSynchStackMutex SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE1E7C200(6657200) Type: 17 Section Object Header: 0xE1E7C1E8 GrantedAccess: f0007 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateMapping SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E7E3A8(662c3a8) BasedAddress: 0x08D2C4D0 SizeOfSegment: 0xdea80 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\Sync_map.mmf OBJECT: 0xFF22F020(7784020) Type: 6 Thread Object Header: 0xFF22F008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000264.00000268 ThreadsProcess: 0xFF231120 OBJECT: 0xFF25D990(639b990) Type: 10 Mutant Object Header: 0xFF25D978 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSynchOnReqStateChangeMutex SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF230620(72d2620) Type: 8 Event Object Header: 0xFF230608 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1335CC0(1aabcc0) Type: 18 Key Object Header: 0xE1335CA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ 15. TABLE: 0xFF22FEA8(7784ea8): Table: 0xE1EBB000 QuotaProcess: 0xFF22F780 ProcessId: 274 HandleCount: 70 CapturedHandleCount: 70 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12E1E10(1971e10) Type: 17 Section Object Header: 0xE12E1DF8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1E54008(588c008) BasedAddress: 0x08F25428 SizeOfSegment: 0x2c000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\Avconsol.exe OBJECT: 0xFF22F340(7784340) Type: 8 Event Object Header: 0xFF22F328 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22F300(7784300) Type: 8 Event Object Header: 0xFF22F2E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E020(7857020) Type: 8 Event Object Header: 0xFF22E008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF22FE28(7784e28) Type: 26 File Object Header: 0xFF22FE10 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF22EC00(7857c00) Type: 8 Event Object Header: 0xFF22EBE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1EB7310(76c5310) Type: 19 Port Object Header: 0xE1EB72F8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000274.00000270 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF22EA40(7857a40) Type: 8 Event Object Header: 0xFF22EA28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xE1E24360(54c7360) Type: 18 Key Object Header: 0xE1E24348 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE131DD40(1a69d40) Type: 18 Key Object Header: 0xE131DD28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE1321B20(1a71b20) Type: 18 Key Object Header: 0xE1321B08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE135F5C0(22a15c0) Type: 18 Key Object Header: 0xE135F5A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE1E24FE0(54c7fe0) Type: 18 Key Object Header: 0xE1E24FC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF22E920(7857920) Type: 8 Event Object Header: 0xFF22E908 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E780(7857780) Type: 8 Event Object Header: 0xFF22E768 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E620(7857620) Type: 12 Semaphore Object Header: 0xFF22E608 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E5E0(78575e0) Type: 8 Event Object Header: 0xFF22E5C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1320020(1a6e020) Type: 18 Key Object Header: 0xE1320008 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ OBJECT: 0xFF22E540(7857540) Type: 12 Semaphore Object Header: 0xFF22E528 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E500(7857500) Type: 12 Semaphore Object Header: 0xFF22E4E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E4A0(78574a0) Type: 8 Event Object Header: 0xFF22E488 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E440(7857440) Type: 8 Event Object Header: 0xFF22E428 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E380(7857380) Type: 8 Event Object Header: 0xFF22E368 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E340(7857340) Type: 8 Event Object Header: 0xFF22E328 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E300(7857300) Type: 8 Event Object Header: 0xFF22E2E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E220(7857220) Type: 8 Event Object Header: 0xFF22E208 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22DFE0(7b03fe0) Type: 8 Event Object Header: 0xFF22DFC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E140(7857140) Type: 8 Event Object Header: 0xFF22E128 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22DF40(7b03f40) Type: 8 Event Object Header: 0xFF22DF28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C3EC0(93ec0) Type: 8 Event Object Header: 0xFF1C3EA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF207620(cfd620) Type: 8 Event Object Header: 0xFF207608 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xE1E95680(683c680) Type: 17 Section Object Header: 0xE1E95668 GrantedAccess: 2 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: NAI_VIRUSSCAN_AVCONSOL SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12CAEC8(192aec8) BasedAddress: 0x08DE6CC0 SizeOfSegment: 0x6160 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\AVConsol.mmf OBJECT: 0xE1E9B040(694d040) Type: 17 Section Object Header: 0xE1E9B028 GrantedAccess: 2 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: NAI_VIRUSSCAN_DAVCONSOL SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E9AC28(692cc28) BasedAddress: 0x08DF6CD8 SizeOfSegment: 0xdf318 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Cons.mmf OBJECT: 0xE1E98C40(6be7c40) Type: 17 Section Object Header: 0xE1E98C28 GrantedAccess: 2 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: NAI_VIRUSSCAN_AVCONSOLSCAN SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E99008(6a4a008) BasedAddress: 0x08DF2CC0 SizeOfSegment: 0x13d620 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Excl.mmf OBJECT: 0xE1E989A0(6be79a0) Type: 17 Section Object Header: 0xE1E98988 GrantedAccess: 2 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: NAI_VIRUSSCAN_AVCONSOLEXCL SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E99988(6a4a988) BasedAddress: 0x08DF54C0 SizeOfSegment: 0x13d620 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Scan.mmf OBJECT: 0xFF24F290(6743290) Type: 8 Event Object Header: 0xFF24F278 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventVsStat SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF25BA10(65b9a10) Type: 8 Event Object Header: 0xFF25B9F8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventAvConsole SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F250(6743250) Type: 8 Event Object Header: 0xFF24F238 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventVshWin32 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F210(6743210) Type: 8 Event Object Header: 0xFF24F1F8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventDownScan SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F1D0(67431d0) Type: 8 Event Object Header: 0xFF24F1B8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventInternet SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F190(6743190) Type: 8 Event Object Header: 0xFF24F178 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventEMail SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24F150(6743150) Type: 8 Event Object Header: 0xFF24F138 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventScan32 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24E030(66c5030) Type: 8 Event Object Header: 0xFF24E018 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventMcUpdate SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EFF0(66c5ff0) Type: 8 Event Object Header: 0xFF24EFD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventConfWiz SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EFB0(66c5fb0) Type: 8 Event Object Header: 0xFF24EF98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventCCMail SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EF70(66c5f70) Type: 8 Event Object Header: 0xFF24EF58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventVsConfig SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EF30(66c5f30) Type: 8 Event Object Header: 0xFF24EF18 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventAvSynMgr SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EEF0(66c5ef0) Type: 8 Event Object Header: 0xFF24EED8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventLauncher SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EEB0(66c5eb0) Type: 8 Event Object Header: 0xFF24EE98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventManagement0 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EE70(66c5e70) Type: 8 Event Object Header: 0xFF24EE58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventManagement1 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EE30(66c5e30) Type: 8 Event Object Header: 0xFF24EE18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventManagement2 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EDF0(66c5df0) Type: 8 Event Object Header: 0xFF24EDD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventManagement3 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24EDB0(66c5db0) Type: 8 Event Object Header: 0xFF24ED98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventManagement4 SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24ED70(66c5d70) Type: 8 Event Object Header: 0xFF24ED58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventAvsmcpa SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24ED30(66c5d30) Type: 8 Event Object Header: 0xFF24ED18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventScan32USER SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24ECF0(66c5cf0) Type: 8 Event Object Header: 0xFF24ECD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventMcStub SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF24ECB0(66c5cb0) Type: 8 Event Object Header: 0xFF24EC98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateEventNaAmgCfg SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF214E20(cc1e20) Type: 8 Event Object Header: 0xFF214E08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24F450(6743450) Type: 10 Mutant Object Header: 0xFF24F438 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSynchStackMutex SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE1E7C200(6657200) Type: 17 Section Object Header: 0xE1E7C1E8 GrantedAccess: f0007 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSyncStateMapping SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E7E3A8(662c3a8) BasedAddress: 0x08D2C4D0 SizeOfSegment: 0xdea80 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\Sync_map.mmf OBJECT: 0xFF206020(daa020) Type: 6 Thread Object Header: 0xFF206008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000274.000002AC ThreadsProcess: 0xFF22F780 OBJECT: 0xFF25D990(639b990) Type: 10 Mutant Object Header: 0xFF25D978 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: AvSynchOnReqStateChangeMutex SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) 16. TABLE: 0xFF1F62E8(35c2e8): Table: 0xE1BD8000 QuotaProcess: 0xFF1F5D60 ProcessId: 2a0 HandleCount: 89 CapturedHandleCount: 0 TableLevel: 2 StrictFIFO: No 17. TABLE: 0xFF1DA908(6e63908): Table: 0xE1ECD000 QuotaProcess: 0xFF1BAAE0 ProcessId: 334 HandleCount: 286 CapturedHandleCount: 286 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1BF7EF0(2ab5ef0) Type: 17 Section Object Header: 0xE1BF7ED8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1EBA988(64ab988) BasedAddress: 0x08F06438 SizeOfSegment: 0x3e000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Explorer.Exe OBJECT: 0xFF2184A0(b184a0) Type: 8 Event Object Header: 0xFF218488 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2185E0(b185e0) Type: 8 Event Object Header: 0xFF2185C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2073C0(cfd3c0) Type: 8 Event Object Header: 0xFF2073A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF1B73E8(6e23e8) Type: 26 File Object Header: 0xFF1B73D0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\ OBJECT: 0xFF212160(9ec160) Type: 8 Event Object Header: 0xFF212148 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1EE17B0(713e7b0) Type: 19 Port Object Header: 0xE1EE1798 GrantedAccess: 1f0001 PointerCount: 15 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000334.00000330 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1BF7E00(2ab5e00) Type: 18 Key Object Header: 0xE1BF7DE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF20EA80(a2ba80) Type: 8 Event Object Header: 0xFF20EA68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xE1E91880(68f2880) Type: 18 Key Object Header: 0xE1E91868 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE1EED580(704a580) Type: 18 Key Object Header: 0xE1EED568 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xE1E1A220(537c220) Type: 18 Key Object Header: 0xE1E1A208 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF1D24B0(67554b0) Type: 10 Mutant Object Header: 0xFF1D2498 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: ExplorerIsShellMutex SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE1EED480(704a480) Type: 18 Key Object Header: 0xE1EED468 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xE1EED440(704a440) Type: 18 Key Object Header: 0xE1EED428 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE1EED400(704a400) Type: 18 Key Object Header: 0xE1EED3E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF1DD650(3d92650) Type: 12 Semaphore Object Header: 0xFF1DD638 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 5 Directory: 0xFCC68730 Name: shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xE1E397A0(564d7a0) Type: 18 Key Object Header: 0xE1E39788 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\C\ OBJECT: 0xE1E9FAC0(6dd6ac0) Type: 18 Key Object Header: 0xE1E9FAA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\C\ OBJECT: 0xE1F36B00(784b00) Type: 18 Key Object Header: 0xE1F36AE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\C\ OBJECT: 0xE131C8E0(1a658e0) Type: 18 Key Object Header: 0xE131C8C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\C\ OBJECT: 0xFF1E9EE8(7f5ee8) Type: 26 File Object Header: 0xFF1E9ED0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF2A08C0(51798c0) Type: 8 Event Object Header: 0xFF2A08A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28B020(579d020) Type: 8 Event Object Header: 0xFF28B008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B27C0(ef57c0) Type: 8 Event Object Header: 0xFF1B27A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13272E0(1a8e2e0) Type: 18 Key Object Header: 0xE13272C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xE1EDBFE0(7018fe0) Type: 18 Key Object Header: 0xE1EDBFC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1B2720(ef5720) Type: 8 Event Object Header: 0xFF1B2708 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B2600(ef5600) Type: 8 Event Object Header: 0xFF1B25E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE133D6A0(1ae26a0) Type: 18 Key Object Header: 0xE133D688 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xFF1B2900(ef5900) Type: 8 Event Object Header: 0xFF1B28E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1C900(5488900) Type: 18 Key Object Header: 0xE1E1C8E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF1B2860(ef5860) Type: 8 Event Object Header: 0xFF1B2848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1BFAD80(5d34d80) Type: 18 Key Object Header: 0xE1BFAD68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF1B2A60(ef5a60) Type: 8 Event Object Header: 0xFF1B2A48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B2BC0(ef5bc0) Type: 8 Event Object Header: 0xFF1B2BA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE135F400(22a1400) Type: 18 Key Object Header: 0xE135F3E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1B29E0(ef59e0) Type: 8 Event Object Header: 0xFF1B29C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B2980(ef5980) Type: 8 Event Object Header: 0xFF1B2968 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1ED3DC0(7a50dc0) Type: 18 Key Object Header: 0xE1ED3DA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xE1EF56B0(7ab26b0) Type: 19 Port Object Header: 0xE1EF5698 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000334.00000330 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF2726F0(5f256f0) Type: 12 Semaphore Object Header: 0xFF2726D8 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 6 Directory: 0xFCC68730 Name: shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1B3B10(b56b10) Type: 12 Semaphore Object Header: 0xFF1B3AF8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: shell.{090851A5-EB96-11D2-8BE4-00C04FA31A66} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xE1EFE140(6efc140) Type: 18 Key Object Header: 0xE1EFE128 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF1C27C0(6f7d7c0) Type: 8 Event Object Header: 0xFF1C27A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF1C1A40(7bfca40) Type: 8 Event Object Header: 0xFF1C1A28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C1A00(7bfca00) Type: 8 Event Object Header: 0xFF1C19E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C19C0(7bfc9c0) Type: 8 Event Object Header: 0xFF1C19A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C1980(7bfc980) Type: 8 Event Object Header: 0xFF1C1968 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BA860(3e35860) Type: 6 Thread Object Header: 0xFF1BA848 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000330 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF1B2580(ef5580) Type: 8 Event Object Header: 0xFF1B2568 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12EF7A0(19b07a0) Type: 18 Key Object Header: 0xE12EF788 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xE1BF65A0(45145a0) Type: 19 Port Object Header: 0xE1BF6588 GrantedAccess: 1f0001 PointerCount: 11 HandleCount: 1 Directory: 0xFCC93030 Name: OLE7 SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000334.00000330 ClientThread: 0x00000000 ServerProcess: 0xFF1BAAE0 OBJECT: 0xFF1E9E20(7f5e20) Type: 25 IoCompletion Object Header: 0xFF1E9E08 GrantedAccess: 1f0003 PointerCount: 8 HandleCount: 2 Waiting Thread: 0xFF18C9A0 Process: 0xFF1BAAE0 APCProcess: 0xFF1BAAE0 Waiting Thread: 0xFF0EEC00 Process: 0xFF1BAAE0 APCProcess: 0xFF1BAAE0 OBJECT: 0xFF1E9E20(7f5e20) Type: 25 IoCompletion Object Header: 0xFF1E9E08 GrantedAccess: 1f0003 PointerCount: 8 HandleCount: 2 Waiting Thread: 0xFF18C9A0 Process: 0xFF1BAAE0 APCProcess: 0xFF1BAAE0 Waiting Thread: 0xFF0EEC00 Process: 0xFF1BAAE0 APCProcess: 0xFF1BAAE0 OBJECT: 0xFF1B3880(b56880) Type: 6 Thread Object Header: 0xFF1B3868 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000031C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF2727A0(5f257a0) Type: 8 Event Object Header: 0xFF272788 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B34E0(b564e0) Type: 10 Mutant Object Header: 0xFF1B34C8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE132EE60(1a7ae60) Type: 18 Key Object Header: 0xE132EE48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF1B24E0(ef54e0) Type: 8 Event Object Header: 0xFF1B24C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1D680(54c9680) Type: 18 Key Object Header: 0xE1E1D668 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Internet Explorer\SECURITY\P3Global\ OBJECT: 0xE1BFA180(5d34180) Type: 18 Key Object Header: 0xE1BFA168 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Internet Explorer\SECURITY\P3Sites\ OBJECT: 0xFF1B21E0(ef51e0) Type: 8 Event Object Header: 0xFF1B21C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B3F20(b56f20) Type: 8 Event Object Header: 0xFF1B3F08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19B020(5a5020) Type: 6 Thread Object Header: 0xFF19B008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.000002FC ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF19B610(5a5610) Type: 12 Semaphore Object Header: 0xFF19B5F8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF19B660(5a5660) Type: 8 Event Object Header: 0xFF19B648 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EDA9A0(8379a0) Type: 18 Key Object Header: 0xE1EDA988 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1EDAA60(837a60) Type: 18 Key Object Header: 0xE1EDAA48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE1BFF2E0(6dbb2e0) Type: 18 Key Object Header: 0xE1BFF2C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE1EFEF20(6efcf20) Type: 18 Key Object Header: 0xE1EFEF08 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MenuOrder\Start Menu\ OBJECT: 0xFF199EE0(8beee0) Type: 8 Event Object Header: 0xFF199EC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25FF0(1042ff0) Type: 8 Event Object Header: 0xFCA25FD8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC68730 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF1BAAE0(3e35ae0) Type: 5 Process Object Header: 0xFF1BAAC8 GrantedAccess: 100000 PointerCount: 118 HandleCount: 5 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Explorer.Exe OBJECT: 0xFF198140(19d1140) Type: 6 Thread Object Header: 0xFF198128 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000358 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF1D16E8(74546e8) Type: 26 File Object Header: 0xFF1D16D0 GrantedAccess: 100001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Start Menu OBJECT: 0xFF234900(6c5d900) Type: 8 Event Object Header: 0xFF2348E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D1648(7454648) Type: 26 File Object Header: 0xFF1D1630 GrantedAccess: 100001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\All Users\Start Menu OBJECT: 0xFF1DD6A8(3d926a8) Type: 26 File Object Header: 0xFF1DD690 GrantedAccess: 100001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Desktop OBJECT: 0xFF198788(19d1788) Type: 26 File Object Header: 0xFF198770 GrantedAccess: 100001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\All Users\Desktop OBJECT: 0xFF1DD650(3d92650) Type: 12 Semaphore Object Header: 0xFF1DD638 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 5 Directory: 0xFCC68730 Name: shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1977F0(274a7f0) Type: 10 Mutant Object Header: 0xFF1977D8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: ZonesCacheCounterMutex SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF198C50(19d1c50) Type: 10 Mutant Object Header: 0xFF198C38 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: ZonesCounterMutex SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE1D57600(45cc600) Type: 17 Section Object Header: 0xE1D575E8 GrantedAccess: 4 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: RotHintTable SecurityDescriptor: 0xE1D3B378(1) Segment: 0xE1DC6008(50d5008) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF23D268(6bea268) Type: 26 File Object Header: 0xFF23D250 GrantedAccess: 100001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Desktop OBJECT: 0xFF1986E0(19d16e0) Type: 8 Event Object Header: 0xFF1986C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E74D60(60a4d60) Type: 18 Key Object Header: 0xE1E74D48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\A\ OBJECT: 0xE1EE2D60(6fbfd60) Type: 18 Key Object Header: 0xE1EE2D48 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\ OBJECT: 0xFF1D4A10(45aaa10) Type: 10 Mutant Object Header: 0xFF1D49F8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: WininetStartupMutex SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF19A3C0(7bb93c0) Type: 8 Event Object Header: 0xFF19A3A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19A170(7bb9170) Type: 10 Mutant Object Header: 0xFF19A158 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: WininetConnectionMutex SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF196680(1c44680) Type: 10 Mutant Object Header: 0xFF196668 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19AB70(7bb9b70) Type: 10 Mutant Object Header: 0xFF19AB58 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: WininetProxyRegistryMutex SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF19A868(7bb9868) Type: 26 File Object Header: 0xFF19A850 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat OBJECT: 0xFF195C50(1daec50) Type: 10 Mutant Object Header: 0xFF195C38 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: _!MSFTHISTORY!_ SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF195BF0(1daebf0) Type: 10 Mutant Object Header: 0xFF195BD8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE1F6E5C0(1bce5c0) Type: 17 Section Object Header: 0xE1F6E5A8 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: C:_Documents and Settings_Administrator_Local Settings_Temporary Internet Files_Content.IE5_index.dat_32768 SecurityDescriptor: 0xE1C01258(1a9f258) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1F6D9C8(200a9c8) BasedAddress: 0x098C8CC0 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat OBJECT: 0xFF195670(1dae670) Type: 10 Mutant Object Header: 0xFF195658 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: c:!documents and settings!administrator!cookies! SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF196488(1c44488) Type: 26 File Object Header: 0xFF196470 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Cookies\index.dat OBJECT: 0xFF194EF0(202bef0) Type: 10 Mutant Object Header: 0xFF194ED8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: c:!documents and settings!administrator!local settings!history!history.ie5! SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF194E48(202be48) Type: 26 File Object Header: 0xFF194E30 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat OBJECT: 0xE1F73A60(2014a60) Type: 17 Section Object Header: 0xE1F73A48 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_index.dat_32768 SecurityDescriptor: 0xE1C01258(1a9f258) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1F73CC8(2014cc8) BasedAddress: 0x098D6CC8 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat OBJECT: 0xFF1943A0(202b3a0) Type: 10 Mutant Object Header: 0xFF194388 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1943E0(202b3e0) Type: 8 Event Object Header: 0xFF1943C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F6E4C0(1bce4c0) Type: 17 Section Object Header: 0xE1F6E4A8 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: C:_Documents and Settings_Administrator_Cookies_index.dat_16384 SecurityDescriptor: 0xE1C01258(1a9f258) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE12A1E48(18c4e48) BasedAddress: 0x098C94C8 SizeOfSegment: 0x4000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Cookies\index.dat OBJECT: 0xFF1942E0(202b2e0) Type: 12 Semaphore Object Header: 0xFF1942C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF194320(202b320) Type: 12 Semaphore Object Header: 0xFF194308 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1942A0(202b2a0) Type: 8 Event Object Header: 0xFF194288 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF194260(202b260) Type: 8 Event Object Header: 0xFF194248 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1941E0(202b1e0) Type: 12 Semaphore Object Header: 0xFF1941C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1941A0(202b1a0) Type: 12 Semaphore Object Header: 0xFF194188 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EDEB20(9fbb20) Type: 18 Key Object Header: 0xE1EDEB08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF193FE0(206bfe0) Type: 8 Event Object Header: 0xFF193FC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288630(5891630) Type: 10 Mutant Object Header: 0xFF288618 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC68730 Name: RasPbFile SecurityDescriptor: 0xE1E5D318(59fc318) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF193F40(206bf40) Type: 8 Event Object Header: 0xFF193F28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF193F00(206bf00) Type: 8 Event Object Header: 0xFF193EE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF193EC0(206bec0) Type: 8 Event Object Header: 0xFF193EA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF193C80(206bc80) Type: 8 Event Object Header: 0xFF193C68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF193980(206b980) Type: 8 Event Object Header: 0xFF193968 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EAA460(6f08460) Type: 17 Section Object Header: 0xE1EAA448 GrantedAccess: 4 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: SENS Information Cache SecurityDescriptor: 0xE1EAB3B8(6cf23b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;LC;;;WD)(A;;DC;;;SY) Segment: 0xE12D7968(1954968) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1F73570(2014570) Type: 19 Port Object Header: 0xE1F73558 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000334.00000330 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1C01460(1a9f460) Type: 18 Key Object Header: 0xE1C01448 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE1EE2900(6fbf900) Type: 18 Key Object Header: 0xE1EE28E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\ OBJECT: 0xE21C97A0(2b7a7a0) Type: 18 Key Object Header: 0xE21C9788 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\ OBJECT: 0xE20B3EA0(507bea0) Type: 18 Key Object Header: 0xE20B3E88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\F\ OBJECT: 0xFF193460(206b460) Type: 8 Event Object Header: 0xFF193448 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF193420(206b420) Type: 8 Event Object Header: 0xFF193408 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF190340(214a340) Type: 8 Event Object Header: 0xFF190328 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCDC4540(13e1540) Type: 8 Event Object Header: 0xFCDC4528 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF190380(214a380) Type: 12 Semaphore Object Header: 0xFF190368 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1C053C0(58203c0) Type: 18 Key Object Header: 0xE1C053A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ OBJECT: 0xFF18E560(2499560) Type: 8 Event Object Header: 0xFF18E548 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1902C0(214a2c0) Type: 12 Semaphore Object Header: 0xFF1902A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18FFE0(237bfe0) Type: 12 Semaphore Object Header: 0xFF18FFC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18E140(2499140) Type: 8 Event Object Header: 0xFF18E128 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18E0E0(24990e0) Type: 10 Mutant Object Header: 0xFF18E0C8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18E0A0(24990a0) Type: 8 Event Object Header: 0xFF18E088 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18E060(2499060) Type: 10 Mutant Object Header: 0xFF18E048 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCDC0948(13dd948) Type: 26 File Object Header: 0xFCDC0930 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF18E6C0(24996c0) Type: 8 Event Object Header: 0xFF18E6A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF197468(274a468) Type: 26 File Object Header: 0xFF197450 GrantedAccess: 100001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch OBJECT: 0xFF18D880(2525880) Type: 8 Event Object Header: 0xFF18D868 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18E320(2499320) Type: 12 Semaphore Object Header: 0xFF18E308 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1FD9C70(695ec70) Type: 19 Port Object Header: 0xE1FD9C58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000334.0000031C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF18F160(237b160) Type: 8 Event Object Header: 0xFF18F148 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E62E0(7662e0) Type: 8 Event Object Header: 0xFF1E62C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF133F60(2b40f60) Type: 10 Mutant Object Header: 0xFF133F48 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D7200(458a200) Type: 8 Event Object Header: 0xFF1D71E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF234BE0(6c5dbe0) Type: 8 Event Object Header: 0xFF234BC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18ED20(2499d20) Type: 8 Event Object Header: 0xFF18ED08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF198140(19d1140) Type: 6 Thread Object Header: 0xFF198128 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000358 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xE1E94C60(697ac60) Type: 18 Key Object Header: 0xE1E94C48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\C\ OBJECT: 0xE1E9B480(694d480) Type: 18 Key Object Header: 0xE1E9B468 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\RunMRU\ OBJECT: 0xFF1C6800(2898800) Type: 12 Semaphore Object Header: 0xFF1C67E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD24A20(1341a20) Type: 8 Event Object Header: 0xFCD24A08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12C13E0(19213e0) Type: 18 Key Object Header: 0xE12C13C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\F\ OBJECT: 0xFF24B830(66ea830) Type: 8 Event Object Header: 0xFF24B818 GrantedAccess: 100002 PointerCount: 9 HandleCount: 4 Directory: 0xFCC68730 Name: mixercallback SecurityDescriptor: 0xE1340458(1ac8458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xFF176900(4556900) Type: 8 Event Object Header: 0xFF1768E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ED2C8(812c8) Type: 26 File Object Header: 0xFF1ED2B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000001\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFF1E62A0(7662a0) Type: 8 Event Object Header: 0xFF1E6288 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12F4900(19c9900) Type: 18 Key Object Header: 0xE12F48E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\ZoneMap\ OBJECT: 0xFF15A300(84b300) Type: 8 Event Object Header: 0xFF15A2E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1904D0(214a4d0) Type: 8 Event Object Header: 0xFF1904B8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: ShellReadyEvent SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF190200(214a200) Type: 13 Timer Object Header: 0xFF1901E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1376040(27dd040) Type: 17 Section Object Header: 0xE1376028 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: UrlZonesSM_Administrator SecurityDescriptor: 0xE1E541F8(588c1f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE12D30C8(19450c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFCD62D10(137fd10) Type: 12 Semaphore Object Header: 0xFCD62CF8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: PowerProfileRegistrySemaphore SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) OBJECT: 0xFCD24340(1341340) Type: 8 Event Object Header: 0xFCD24328 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE131D3E0(1a693e0) Type: 18 Key Object Header: 0xE131D3C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\D\ OBJECT: 0xFCD25FE0(1342fe0) Type: 8 Event Object Header: 0xFCD25FC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EDDC60(a5ac60) Type: 18 Key Object Header: 0xE1EDDC48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xE20EDE10(2c43e10) Type: 4 Token Object Header: 0xE20EDDF8 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE20D7F38(2a71f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,26a8f} ParentToken ID: {0,0} Modified ID: {0,72ac} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x25 SeUndockPrivilege Enabled 3 0x13 SeProfileSingleProcessPrivilege Default Enabled 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x10 SeLoadDriverPrivilege Enabled 7 0x23 SeChangeNotifyPrivilege Default Enabled 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled OBJECT: 0xFF18CDA0(2579da0) Type: 6 Thread Object Header: 0xFF18CD88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000035C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xE1DBEC60(4ff8c60) Type: 18 Key Object Header: 0xE1DBEC48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\D\ OBJECT: 0xE1E9CC40(6acfc40) Type: 18 Key Object Header: 0xE1E9CC28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\D\ OBJECT: 0xFF18CD20(2579d20) Type: 10 Mutant Object Header: 0xFF18CD08 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12EE680(19af680) Type: 18 Key Object Header: 0xE12EE668 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\D\ OBJECT: 0xE2100130(520f130) Type: 19 Port Object Header: 0xE2100118 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000334.0000031C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF25ECD0(6397cd0) Type: 12 Semaphore Object Header: 0xFF25ECB8 GrantedAccess: 100002 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: GuardSemmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D30A58(42cba58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xE1D10B00(3fceb00) Type: 18 Key Object Header: 0xE1D10AE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME\Database\Content Type\ OBJECT: 0xE21CC420(75f420) Type: 18 Key Object Header: 0xE21CC408 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\F\ OBJECT: 0xE12B68C0(18d68c0) Type: 18 Key Object Header: 0xE12B68A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\ OBJECT: 0xE1E94FA0(697afa0) Type: 18 Key Object Header: 0xE1E94F88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\ OBJECT: 0xE1E68580(5ec3580) Type: 18 Key Object Header: 0xE1E68568 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\ OBJECT: 0xE1EEC660(7249660) Type: 18 Key Object Header: 0xE1EEC648 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\ZoneMap\ OBJECT: 0xFCCAA6A0(12c76a0) Type: 25 IoCompletion Object Header: 0xFCCAA688 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 Waiting Thread: 0xFF18C560 Process: 0xFF1BAAE0 APCProcess: 0xFF1BAAE0 OBJECT: 0xFCCA9B10(12c6b10) Type: 10 Mutant Object Header: 0xFCCA9AF8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: _SHuassist.mtx SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE12CC540(1930540) Type: 18 Key Object Header: 0xE12CC528 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xE1EE1B40(713eb40) Type: 18 Key Object Header: 0xE1EE1B28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\A\ OBJECT: 0xE13517C0(1b0b7c0) Type: 18 Key Object Header: 0xE13517A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\ OBJECT: 0xE1E392C0(564d2c0) Type: 18 Key Object Header: 0xE1E392A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\ OBJECT: 0xE12D7720(1954720) Type: 18 Key Object Header: 0xE12D7708 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\A\ OBJECT: 0xFF18B020(2b84020) Type: 6 Thread Object Header: 0xFF18B008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000025C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF18F810(237b810) Type: 8 Event Object Header: 0xFF18F7F8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: SETTermEvent SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF18B2D0(2b842d0) Type: 8 Event Object Header: 0xFF18B2B8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: HPlugEjectEvent SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF25ED30(6397d30) Type: 8 Event Object Header: 0xFF25ED18 GrantedAccess: 100002 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: GuardEventmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D30A58(42cba58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xFF18BDA0(2b84da0) Type: 6 Thread Object Header: 0xFF18BD88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.000003BC ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF191080(2138080) Type: 12 Semaphore Object Header: 0xFF191068 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13618E0(229c8e0) Type: 18 Key Object Header: 0xE13618C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\E\ OBJECT: 0xE1EF6960(cd3960) Type: 18 Key Object Header: 0xE1EF6948 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\E\ OBJECT: 0xFF18A2E0(2bf82e0) Type: 10 Mutant Object Header: 0xFF18A2C8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E9F4C0(6dd64c0) Type: 18 Key Object Header: 0xE1E9F4A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\S\ OBJECT: 0xE12D9260(1958260) Type: 18 Key Object Header: 0xE12D9248 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\S\ OBJECT: 0xE130A4E0(1a334e0) Type: 18 Key Object Header: 0xE130A4C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\S\ OBJECT: 0xFF188F20(2d15f20) Type: 8 Event Object Header: 0xFF188F08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18B300(2b84300) Type: 8 Event Object Header: 0xFF18B2E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E9DB90(6971b90) Type: 19 Port Object Header: 0xE1E9DB78 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000334.0000031C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF18E780(2499780) Type: 8 Event Object Header: 0xFF18E768 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18B700(2b84700) Type: 8 Event Object Header: 0xFF18B6E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18F220(237b220) Type: 8 Event Object Header: 0xFF18F208 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18C560(2579560) Type: 6 Thread Object Header: 0xFF18C548 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000370 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1D30A00(42cba00) Type: 17 Section Object Header: 0xE1D309E8 GrantedAccess: 4 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: mmGlobalPnpInfo SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E78748(6449748) BasedAddress: 0x00000080 SizeOfSegment: 0x40000 OBJECT: 0xFF18D7A0(25257a0) Type: 8 Event Object Header: 0xFF18D788 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18CD60(2579d60) Type: 8 Event Object Header: 0xFF18CD48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18AA60(2bf8a60) Type: 8 Event Object Header: 0xFF18AA48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F366F0(7846f0) Type: 19 Port Object Header: 0xE1F366D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000334.00000370 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF25ED70(6397d70) Type: 10 Mutant Object Header: 0xFF25ED58 GrantedAccess: 100000 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: GuardMutexmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D31CB8(42edcb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x100000;;;WD) OBJECT: 0xFF187660(2dd0660) Type: 8 Event Object Header: 0xFF187648 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1336720(1aaa720) Type: 18 Key Object Header: 0xE1336708 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\F\ OBJECT: 0xFF24BC50(66eac50) Type: 10 Mutant Object Header: 0xFF24BC38 GrantedAccess: 100000 PointerCount: 9 HandleCount: 8 Directory: 0xFCC68730 Name: mxrapi SecurityDescriptor: 0xE1EC0298(7a1f298) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF24BC50(66eac50) Type: 10 Mutant Object Header: 0xFF24BC38 GrantedAccess: 100000 PointerCount: 9 HandleCount: 8 Directory: 0xFCC68730 Name: mxrapi SecurityDescriptor: 0xE1EC0298(7a1f298) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xE1E90020(692a020) Type: 18 Key Object Header: 0xE1E90008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\F\ OBJECT: 0xFF1EA460(294e460) Type: 8 Event Object Header: 0xFF1EA448 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE136EFC0(27a7fc0) Type: 17 Section Object Header: 0xE136EFA8 GrantedAccess: 6 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: WDMAUD_Callbacks SecurityDescriptor: 0xE1E5D3B8(59fc3b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;DCLC;;;WD) Segment: 0xE1E7DC48(6857c48) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF1120E0(f0e0e0) Type: 8 Event Object Header: 0xFF1120C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF1878E0(2dd08e0) Type: 8 Event Object Header: 0xFF1878C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E1CAE0(5488ae0) Type: 18 Key Object Header: 0xE1E1CAC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\F\ OBJECT: 0xFF191240(2138240) Type: 6 Thread Object Header: 0xFF191228 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000032C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF15FCA0(7aa0ca0) Type: 12 Semaphore Object Header: 0xFF15FC88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B2AA0(ef5aa0) Type: 8 Event Object Header: 0xFF1B2A88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17B6C0(2dc36c0) Type: 6 Thread Object Header: 0xFF17B6A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000324 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF12B310(5aff310) Type: 8 Event Object Header: 0xFF12B2F8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: FaxStartedEvent SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) OBJECT: 0xE1DC6520(50d5520) Type: 18 Key Object Header: 0xE1DC6508 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME\Database\Content Type\ OBJECT: 0xFF1D29E0(67559e0) Type: 10 Mutant Object Header: 0xFF1D29C8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B55A0(26865a0) Type: 8 Event Object Header: 0xFF1B5588 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0D3260(298c260) Type: 8 Event Object Header: 0xFF0D3248 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF141820(59cd820) Type: 8 Event Object Header: 0xFF141808 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF13F7C0(6ffc7c0) Type: 8 Event Object Header: 0xFF13F7A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2329F0(70d39f0) Type: 8 Event Object Header: 0xFF2329D8 GrantedAccess: 100002 PointerCount: 10 HandleCount: 4 Directory: 0xFCC68730 Name: hardwaremixercallback SecurityDescriptor: 0xE1340458(1ac8458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xE1EFF1F0(6fbd1f0) Type: 19 Port Object Header: 0xE1EFF1D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000334.0000031C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1FCE030(31c8030) Type: 4 Token Object Header: 0xE1FCE018 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1EFF378(6fbd378) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,152ca} ParentToken ID: {0,0} Modified ID: {0,11d67} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x25 SeUndockPrivilege Enabled 3 0x10 SeLoadDriverPrivilege Enabled OBJECT: 0xFF1D7A60(458aa60) Type: 8 Event Object Header: 0xFF1D7A48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21E8C0(9fd8c0) Type: 8 Event Object Header: 0xFF21E8A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17C560(2c66560) Type: 8 Event Object Header: 0xFF17C548 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18DE40(2525e40) Type: 8 Event Object Header: 0xFF18DE28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18F2E0(237b2e0) Type: 8 Event Object Header: 0xFF18F2C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1780D0(40750d0) Type: 8 Event Object Header: 0xFF1780B8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: Shell_NotificationCallbacksOutstanding SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1B5560(2686560) Type: 8 Event Object Header: 0xFF1B5548 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B4A00(34fa00) Type: 8 Event Object Header: 0xFF1B49E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B4F20(34ff20) Type: 8 Event Object Header: 0xFF1B4F08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18F810(237b810) Type: 8 Event Object Header: 0xFF18F7F8 GrantedAccess: 100000 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: SETTermEvent SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF29EDD0(5209dd0) Type: 8 Event Object Header: 0xFF29EDB8 GrantedAccess: 100000 PointerCount: 6 HandleCount: 3 Directory: 0xFCC68730 Name: WinSta0_DesktopSwitch SecurityDescriptor: 0xE1DE8458(510b458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100000;;;WD) OBJECT: 0xFF1B4EB0(34feb0) Type: 8 Event Object Header: 0xFF1B4E98 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC68730 Name: ActSaverSEEvent SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1B4968(34f968) Type: 26 File Object Header: 0xFF1B4950 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF1B86C0(11c6c0) Type: 8 Event Object Header: 0xFF1B86A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B4308(34f308) Type: 26 File Object Header: 0xFF1B42F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\WMIEP_334 OBJECT: 0xFF1B4268(34f268) Type: 26 File Object Header: 0xFF1B4250 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\WMIEP_334 OBJECT: 0xFF1B8D20(11cd20) Type: 8 Event Object Header: 0xFF1B8D08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18C9A0(25799a0) Type: 6 Thread Object Header: 0xFF18C988 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.00000404 ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF0EEC00(5900c00) Type: 6 Thread Object Header: 0xFF0EEBE8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000334.0000022C ThreadsProcess: 0xFF1BAAE0 OBJECT: 0xFF12C480(5abe480) Type: 8 Event Object Header: 0xFF12C468 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14B5A0(1f65a0) Type: 8 Event Object Header: 0xFF14B588 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE21C44A0(514a4a0) Type: 18 Key Object Header: 0xE21C4488 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\F\ OBJECT: 0xE1C00A50(5fea50) Type: 19 Port Object Header: 0xE1C00A38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000334.000003BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1326380(1a8c380) Type: 18 Key Object Header: 0xE1326368 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\E\ OBJECT: 0xFF179AC0(323cac0) Type: 8 Event Object Header: 0xFF179AA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF137900(2292900) Type: 8 Event Object Header: 0xFF1378E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF179A80(323ca80) Type: 8 Event Object Header: 0xFF179A68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE21C1880(fe6880) Type: 18 Key Object Header: 0xE21C1868 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\E\ OBJECT: 0xFF1D3600(6c09600) Type: 8 Event Object Header: 0xFF1D35E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F09AC0(c5eac0) Type: 18 Key Object Header: 0xE1F09AA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\F\ 18. TABLE: 0xFF1B35E8(b565e8): Table: 0xE1F71000 QuotaProcess: 0xFF18B400 ProcessId: 3c4 HandleCount: 50 CapturedHandleCount: 50 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12CFA10(191ba10) Type: 17 Section Object Header: 0xE12CF9F8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE136FEC8(27acec8) BasedAddress: 0x09966438 SizeOfSegment: 0x1a000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Apoint\Apoint.exe OBJECT: 0xFF18D8C0(25258c0) Type: 8 Event Object Header: 0xFF18D8A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18AA20(2bf8a20) Type: 8 Event Object Header: 0xFF18AA08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18A9E0(2bf89e0) Type: 8 Event Object Header: 0xFF18A9C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFCCF3608(1310608) Type: 26 File Object Header: 0xFCCF35F0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\ OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFF187AA0(2dd0aa0) Type: 8 Event Object Header: 0xFF187A88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E93690(68f8690) Type: 19 Port Object Header: 0xE1E93678 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 000003C4.000003C0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF1D5180(6a89180) Type: 8 Event Object Header: 0xFF1D5168 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xE13C2B80(3170b80) Type: 18 Key Object Header: 0xE13C2B68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE1EE2020(6fbf020) Type: 18 Key Object Header: 0xE1EE2008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE1ED39A0(7a509a0) Type: 18 Key Object Header: 0xE1ED3988 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xE12EF5E0(19b05e0) Type: 18 Key Object Header: 0xE12EF5C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE1E397E0(564d7e0) Type: 18 Key Object Header: 0xE1E397C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF1D5080(6a89080) Type: 8 Event Object Header: 0xFF1D5068 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12F3F20(19bff20) Type: 18 Key Object Header: 0xE12F3F08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFCDBFA90(13dca90) Type: 10 Mutant Object Header: 0xFCDBFA78 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: AlpsPointEuropa SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xE1F3F240(4034240) Type: 18 Key Object Header: 0xE1F3F228 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\Alps\Apoint\ OBJECT: 0xFF18C908(2579908) Type: 26 File Object Header: 0xFF18C8F0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xE136C100(274b100) Type: 17 Section Object Header: 0xE136C0E8 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: ALPS_GP_DRIVER_SCROLL SecurityDescriptor: 0xE1E541F8(588c1f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1F490E8(40980e8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF1795A0(323c5a0) Type: 8 Event Object Header: 0xFF179588 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DD650(3d92650) Type: 12 Semaphore Object Header: 0xFF1DD638 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 5 Directory: 0xFCC68730 Name: shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1B52A0(26862a0) Type: 8 Event Object Header: 0xFF1B5288 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F3A120(4486120) Type: 18 Key Object Header: 0xE1F3A108 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xFF146DC0(265dc0) Type: 8 Event Object Header: 0xFF146DA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16C120(6f62120) Type: 8 Event Object Header: 0xFF16C108 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF170580(611e580) Type: 8 Event Object Header: 0xFF170568 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2651F0(5f0b1f0) Type: 10 Mutant Object Header: 0xFF2651D8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: Alps_Auto SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF1703A0(611e3a0) Type: 8 Event Object Header: 0xFF170388 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D3590(6c09590) Type: 8 Event Object Header: 0xFF1D3578 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: AlpsPointEvent SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF176D40(4556d40) Type: 8 Event Object Header: 0xFF176D28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF176D00(4556d00) Type: 8 Event Object Header: 0xFF176CE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF176CC0(4556cc0) Type: 8 Event Object Header: 0xFF176CA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF176C80(4556c80) Type: 8 Event Object Header: 0xFF176C68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18A020(2bf8020) Type: 6 Thread Object Header: 0xFF18A008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C4.000003C0 ThreadsProcess: 0xFF18B400 OBJECT: 0xE1C0DA60(35da60) Type: 19 Port Object Header: 0xE1C0DA48 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCC93030 Name: OLEc SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 000003C4.000003C0 ClientThread: 0x00000000 ServerProcess: 0xFF18B400 OBJECT: 0xFCC61E60(127ee60) Type: 25 IoCompletion Object Header: 0xFCC61E48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFCC61E60(127ee60) Type: 25 IoCompletion Object Header: 0xFCC61E48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF176080(4556080) Type: 6 Thread Object Header: 0xFF176068 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C4.0000041C ThreadsProcess: 0xFF18B400 OBJECT: 0xFF28B680(579d680) Type: 8 Event Object Header: 0xFF28B668 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28B5A0(579d5a0) Type: 10 Mutant Object Header: 0xFF28B588 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B3B10(b56b10) Type: 12 Semaphore Object Header: 0xFF1B3AF8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: shell.{090851A5-EB96-11D2-8BE4-00C04FA31A66} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) 19. TABLE: 0xFF190168(214a168): Table: 0xE1FB0000 QuotaProcess: 0xFF18A6E0 ProcessId: 3cc HandleCount: 55 CapturedHandleCount: 55 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1333130(1aa7130) Type: 17 Section Object Header: 0xE1333118 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1F78008(2139008) BasedAddress: 0x09971C28 SizeOfSegment: 0xc000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Sony\HotKey Utility\HKserv.exe OBJECT: 0xFF189E60(2c46e60) Type: 8 Event Object Header: 0xFF189E48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF189E20(2c46e20) Type: 8 Event Object Header: 0xFF189E08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF189DE0(2c46de0) Type: 8 Event Object Header: 0xFF189DC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFCD63BC8(1380bc8) Type: 26 File Object Header: 0xFCD63BB0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\ OBJECT: 0xFF1859C0(2ddb9c0) Type: 8 Event Object Header: 0xFF1859A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1EE2490(6fbf490) Type: 19 Port Object Header: 0xE1EE2478 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Creator: 000003CC.000003C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF184AA0(2ddaaa0) Type: 8 Event Object Header: 0xFF184A88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xE1DF7B60(51e6b60) Type: 18 Key Object Header: 0xE1DF7B48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF17EC00(2ff4c00) Type: 8 Event Object Header: 0xFF17EBE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1C0EB80(7369b80) Type: 18 Key Object Header: 0xE1C0EB68 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF1846A0(2dda6a0) Type: 8 Event Object Header: 0xFF184688 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25FF0(1042ff0) Type: 8 Event Object Header: 0xFCA25FD8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC68730 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE1EC3EC0(7ce2ec0) Type: 18 Key Object Header: 0xE1EC3EA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xFF17E2E0(2ff42e0) Type: 8 Event Object Header: 0xFF17E2C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17E2A0(2ff42a0) Type: 10 Mutant Object Header: 0xFF17E288 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17E260(2ff4260) Type: 8 Event Object Header: 0xFF17E248 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17E220(2ff4220) Type: 10 Mutant Object Header: 0xFF17E208 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCDBEB90(13dbb90) Type: 10 Mutant Object Header: 0xFCDBEB78 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: HKserv SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFCC665E8(12835e8) Type: 26 File Object Header: 0xFCC665D0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF174180(448f180) Type: 8 Event Object Header: 0xFF174168 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF132020(72bf020) Type: 6 Thread Object Header: 0xFF132008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003CC.0000026C ThreadsProcess: 0xFF18A6E0 OBJECT: 0xFF173CC0(44cecc0) Type: 8 Event Object Header: 0xFF173CA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD62D10(137fd10) Type: 12 Semaphore Object Header: 0xFCD62CF8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: PowerProfileRegistrySemaphore SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) OBJECT: 0xFF173A90(44cea90) Type: 8 Event Object Header: 0xFF173A78 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 1 Directory: 0xFCC68730 Name: SonyAsyncEvent10130 SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xE1F4EC00(436fc00) Type: 18 Key Object Header: 0xE1F4EBE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xFF173980(44ce980) Type: 10 Mutant Object Header: 0xFF173968 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1362C8(19bc2c8) Type: 26 File Object Header: 0xFF1362B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 00000020 OBJECT: 0xFF173C00(44cec00) Type: 8 Event Object Header: 0xFF173BE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF136480(19bc480) Type: 8 Event Object Header: 0xFF136468 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF136228(19bc228) Type: 26 File Object Header: 0xFF136210 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 00000020 OBJECT: 0xFF136AA8(19bcaa8) Type: 26 File Object Header: 0xFF136A90 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF136188(19bc188) Type: 26 File Object Header: 0xFF136170 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 0000001f OBJECT: 0xFF173A40(44cea40) Type: 8 Event Object Header: 0xFF173A28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE1EFE440(6efc440) Type: 18 Key Object Header: 0xE1EFE428 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xFF173800(44ce800) Type: 8 Event Object Header: 0xFF1737E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1737C0(44ce7c0) Type: 8 Event Object Header: 0xFF1737A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF173780(44ce780) Type: 8 Event Object Header: 0xFF173768 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF173740(44ce740) Type: 8 Event Object Header: 0xFF173728 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18A460(2bf8460) Type: 6 Thread Object Header: 0xFF18A448 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003CC.000003C8 ThreadsProcess: 0xFF18A6E0 OBJECT: 0xE1E54B80(588cb80) Type: 19 Port Object Header: 0xE1E54B68 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCC93030 Name: OLEd SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 000003CC.000003C8 ClientThread: 0x00000000 ServerProcess: 0xFF18A6E0 OBJECT: 0xFCC6EF40(128bf40) Type: 25 IoCompletion Object Header: 0xFCC6EF28 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFCC6EF40(128bf40) Type: 25 IoCompletion Object Header: 0xFCC6EF28 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF173400(44ce400) Type: 6 Thread Object Header: 0xFF1733E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003CC.00000420 ThreadsProcess: 0xFF18A6E0 OBJECT: 0xFF173680(44ce680) Type: 8 Event Object Header: 0xFF173668 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF136A60(19bca60) Type: 8 Event Object Header: 0xFF136A48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 20. TABLE: 0xFF18AB88(2bf8b88): Table: 0xE1F95000 QuotaProcess: 0xFF189020 ProcessId: 3dc HandleCount: 62 CapturedHandleCount: 62 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1C0E770(7369770) Type: 17 Section Object Header: 0xE1C0E758 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1F90008(2db2008) BasedAddress: 0x09965438 SizeOfSegment: 0xa9000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe OBJECT: 0xFF18D480(2525480) Type: 8 Event Object Header: 0xFF18D468 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF189400(2c46400) Type: 8 Event Object Header: 0xFF1893E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1893C0(2c463c0) Type: 8 Event Object Header: 0xFF1893A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF168DA8(7321da8) Type: 26 File Object Header: 0xFF168D90 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF1878A0(2dd08a0) Type: 8 Event Object Header: 0xFF187888 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1F724D0(2c804d0) Type: 19 Port Object Header: 0xE1F724B8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 000003DC.000003D8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF188360(2d15360) Type: 8 Event Object Header: 0xFF188348 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xE1BFAC40(5d34c40) Type: 18 Key Object Header: 0xE1BFAC28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF186B60(2dafb60) Type: 8 Event Object Header: 0xFF186B48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF188320(2d15320) Type: 8 Event Object Header: 0xFF188308 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B5A60(2686a60) Type: 8 Event Object Header: 0xFF1B5A48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E66120(5e30120) Type: 18 Key Object Header: 0xE1E66108 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xE1ED4940(7911940) Type: 18 Key Object Header: 0xE1ED4928 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xE1F003C0(717e3c0) Type: 18 Key Object Header: 0xE1F003A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE1C534A0(4ed64a0) Type: 18 Key Object Header: 0xE1C53488 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE1EEB960(7288960) Type: 18 Key Object Header: 0xE1EEB948 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF1D39E0(6c099e0) Type: 8 Event Object Header: 0xFF1D39C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF185160(2ddb160) Type: 8 Event Object Header: 0xFF185148 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16ECC0(625dcc0) Type: 8 Event Object Header: 0xFF16ECA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16EC60(625dc60) Type: 8 Event Object Header: 0xFF16EC48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EE4A60(7c21a60) Type: 18 Key Object Header: 0xE1EE4A48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFF16FBC0(1d07bc0) Type: 8 Event Object Header: 0xFF16FBA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EDBE60(7018e60) Type: 18 Key Object Header: 0xE1EDBE48 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\ OBJECT: 0xFF16DFE0(63f5fe0) Type: 8 Event Object Header: 0xFF16DFC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF175380(4535380) Type: 8 Event Object Header: 0xFF175368 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1ECE020(6eab020) Type: 18 Key Object Header: 0xE1ECE008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE1F709C0(1c819c0) Type: 18 Key Object Header: 0xE1F709A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF16F920(1d07920) Type: 8 Event Object Header: 0xFF16F908 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E5100(3f07100) Type: 8 Event Object Header: 0xFF1E50E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28A720(5844720) Type: 8 Event Object Header: 0xFF28A708 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16CB28(6f62b28) Type: 26 File Object Header: 0xFF16CB10 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Drag'n Drop CD\BinFiles\ OBJECT: 0xFF168790(7321790) Type: 10 Mutant Object Header: 0xFF168778 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: DDBurnerMutex SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF182200(2e7e200) Type: 8 Event Object Header: 0xFF1821E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF212548(9ec548) Type: 26 File Object Header: 0xFF212530 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: PxHelperDevice0 OBJECT: 0xFF165760(7a36760) Type: 8 Event Object Header: 0xFF165748 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF154CA0(9acca0) Type: 8 Event Object Header: 0xFF154C88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1545E0(9ac5e0) Type: 8 Event Object Header: 0xFF1545C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14C540(cf0540) Type: 8 Event Object Header: 0xFF14C528 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF13EE60(763de60) Type: 8 Event Object Header: 0xFF13EE48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14A1A0(d0c1a0) Type: 8 Event Object Header: 0xFF14A188 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF148DE0(19b4de0) Type: 8 Event Object Header: 0xFF148DC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1445E0(3065e0) Type: 8 Event Object Header: 0xFF1445C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF13F2A0(6ffc2a0) Type: 8 Event Object Header: 0xFF13F288 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0EF6C8(50656c8) Type: 26 File Object Header: 0xFF0EF6B0 GrantedAccess: 120089 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0 OBJECT: 0xFF13E3E0(763d3e0) Type: 8 Event Object Header: 0xFF13E3C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF13E3A0(763d3a0) Type: 8 Event Object Header: 0xFF13E388 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF137020(2292020) Type: 8 Event Object Header: 0xFF137008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BCB20(1a8db20) Type: 25 IoCompletion Object Header: 0xFF1BCB08 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF1BCB20(1a8db20) Type: 25 IoCompletion Object Header: 0xFF1BCB08 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF137FE0(2292fe0) Type: 8 Event Object Header: 0xFF137FC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1885C0(2d155c0) Type: 6 Thread Object Header: 0xFF1885A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003DC.000003D8 ThreadsProcess: 0xFF189020 OBJECT: 0xFF106E88(298be88) Type: 26 File Object Header: 0xFF106E70 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF185220(2ddb220) Type: 8 Event Object Header: 0xFF185208 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 21. TABLE: 0xFF186EC8(2dafec8): Table: 0xE1F8F000 QuotaProcess: 0xFF182A20 ProcessId: 3f0 HandleCount: 21 CapturedHandleCount: 21 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12CC3B0(19303b0) Type: 17 Section Object Header: 0xE12CC398 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1EE2588(6fbf588) BasedAddress: 0x099F2C20 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\alogserv.exe OBJECT: 0xFF182180(2e7e180) Type: 8 Event Object Header: 0xFF182168 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1820C0(2e7e0c0) Type: 8 Event Object Header: 0xFF1820A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF182080(2e7e080) Type: 8 Event Object Header: 0xFF182068 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFCD23A28(1340a28) Type: 26 File Object Header: 0xFCD23A10 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\ OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFF184580(2dda580) Type: 8 Event Object Header: 0xFF184568 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1C09F50(5401f50) Type: 19 Port Object Header: 0xE1C09F38 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 000003F0.000003EC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF190F40(214af40) Type: 8 Event Object Header: 0xFF190F28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xE1DEB0A0(514e0a0) Type: 18 Key Object Header: 0xE1DEB088 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF17D120(3082120) Type: 8 Event Object Header: 0xFF17D108 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF190540(214a540) Type: 8 Event Object Header: 0xFF190528 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B65C0(54255c0) Type: 6 Thread Object Header: 0xFF1B65A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F0.000003F8 ThreadsProcess: 0xFF182A20 OBJECT: 0xFF17E8A8(2ff48a8) Type: 26 File Object Header: 0xFF17E890 GrantedAccess: 100001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\Activity Log OBJECT: 0xFF158F60(eb6f60) Type: 8 Event Object Header: 0xFF158F48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 22. TABLE: 0xFF1BF908(1a52908): Table: 0xE1FCA000 QuotaProcess: 0xFF17D6A0 ProcessId: 3f4 HandleCount: 210 CapturedHandleCount: 210 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1F267F0(2887f0) Type: 17 Section Object Header: 0xE1F267D8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1FC83C8(30303c8) BasedAddress: 0x09A4F430 SizeOfSegment: 0xa5000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Support.com\Client\bin\tgcmd.exe OBJECT: 0xFF18E2E0(24992e0) Type: 8 Event Object Header: 0xFF18E2C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18FC60(237bc60) Type: 8 Event Object Header: 0xFF18FC48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD80C80(139dc80) Type: 8 Event Object Header: 0xFCD80C68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF16CF30(6f62f30) Type: 10 Mutant Object Header: 0xFF16CF18 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: DBWinMutex SecurityDescriptor: 0xE1ECC258(7207258) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;SY)(A;;0x1f0001;;;BA) OBJECT: 0xFF1B4DA0(34fda0) Type: 8 Event Object Header: 0xFF1B4D88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1F41530(40e2530) Type: 19 Port Object Header: 0xE1F41518 GrantedAccess: 1f0001 PointerCount: 9 HandleCount: 1 SecurityDescriptor: (null) Creator: 000003F4.00000368 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFF1B5140(2686140) Type: 8 Event Object Header: 0xFF1B5128 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE130AF80(1a33f80) Type: 18 Key Object Header: 0xE130AF68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF1B4B60(34fb60) Type: 8 Event Object Header: 0xFF1B4B48 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xE13636E0(22dc6e0) Type: 18 Key Object Header: 0xE13636C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE1F405C0(3ff55c0) Type: 18 Key Object Header: 0xE1F405A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xE1F40420(3ff5420) Type: 18 Key Object Header: 0xE1F40408 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE1F42380(40e1380) Type: 18 Key Object Header: 0xE1F42368 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF1B4A60(34fa60) Type: 8 Event Object Header: 0xFF1B4A48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B4860(34f860) Type: 8 Event Object Header: 0xFF1B4848 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1829A0(2e7e9a0) Type: 8 Event Object Header: 0xFF182988 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF193580(206b580) Type: 8 Event Object Header: 0xFF193568 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B6BA0(5425ba0) Type: 8 Event Object Header: 0xFF1B6B88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF178400(4075400) Type: 8 Event Object Header: 0xFF1783E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E25880(538b880) Type: 18 Key Object Header: 0xE1E25868 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\ OBJECT: 0xFF198C50(19d1c50) Type: 10 Mutant Object Header: 0xFF198C38 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: ZonesCounterMutex SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF1977F0(274a7f0) Type: 10 Mutant Object Header: 0xFF1977D8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: ZonesCacheCounterMutex SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF2726F0(5f256f0) Type: 12 Semaphore Object Header: 0xFF2726D8 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 6 Directory: 0xFCC68730 Name: shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1D4A10(45aaa10) Type: 10 Mutant Object Header: 0xFF1D49F8 GrantedAccess: 100000 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: WininetStartupMutex SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF175660(4535660) Type: 8 Event Object Header: 0xFF175648 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19A170(7bb9170) Type: 10 Mutant Object Header: 0xFF19A158 GrantedAccess: 100000 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: WininetConnectionMutex SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF175620(4535620) Type: 10 Mutant Object Header: 0xFF175608 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19AB70(7bb9b70) Type: 10 Mutant Object Header: 0xFF19AB58 GrantedAccess: 100000 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: WininetProxyRegistryMutex SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF174640(448f640) Type: 8 Event Object Header: 0xFF174628 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF174600(448f600) Type: 8 Event Object Header: 0xFF1745E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1745C0(448f5c0) Type: 8 Event Object Header: 0xFF1745A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF271B40(5eb0b40) Type: 25 IoCompletion Object Header: 0xFF271B28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF271B40(5eb0b40) Type: 25 IoCompletion Object Header: 0xFF271B28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF171760(5a59760) Type: 8 Event Object Header: 0xFF171748 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF183020(2df9020) Type: 6 Thread Object Header: 0xFF183008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000368 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF2A3608(513a608) Type: 26 File Object Header: 0xFF2A35F0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat OBJECT: 0xFF195C50(1daec50) Type: 10 Mutant Object Header: 0xFF195C38 GrantedAccess: 100000 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: _!MSFTHISTORY!_ SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF195BF0(1daebf0) Type: 10 Mutant Object Header: 0xFF195BD8 GrantedAccess: 100000 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE1F6E5C0(1bce5c0) Type: 17 Section Object Header: 0xE1F6E5A8 GrantedAccess: 2 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: C:_Documents and Settings_Administrator_Local Settings_Temporary Internet Files_Content.IE5_index.dat_32768 SecurityDescriptor: 0xE1C01258(1a9f258) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1F6D9C8(200a9c8) BasedAddress: 0x098C8CC0 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat OBJECT: 0xFF195670(1dae670) Type: 10 Mutant Object Header: 0xFF195658 GrantedAccess: 100000 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: c:!documents and settings!administrator!cookies! SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF2712C8(5eb02c8) Type: 26 File Object Header: 0xFF2712B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Cookies\index.dat OBJECT: 0xFF194EF0(202bef0) Type: 10 Mutant Object Header: 0xFF194ED8 GrantedAccess: 100000 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: c:!documents and settings!administrator!local settings!history!history.ie5! SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFCC602A8(127d2a8) Type: 26 File Object Header: 0xFCC60290 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat OBJECT: 0xE1F73A60(2014a60) Type: 17 Section Object Header: 0xE1F73A48 GrantedAccess: 2 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_index.dat_32768 SecurityDescriptor: 0xE1C01258(1a9f258) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1F73CC8(2014cc8) BasedAddress: 0x098D6CC8 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat OBJECT: 0xFF171660(5a59660) Type: 8 Event Object Header: 0xFF171648 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF183020(2df9020) Type: 6 Thread Object Header: 0xFF183008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000368 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xE1F6E4C0(1bce4c0) Type: 17 Section Object Header: 0xE1F6E4A8 GrantedAccess: 2 PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: C:_Documents and Settings_Administrator_Cookies_index.dat_16384 SecurityDescriptor: 0xE1C01258(1a9f258) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE12A1E48(18c4e48) BasedAddress: 0x098C94C8 SizeOfSegment: 0x4000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Cookies\index.dat OBJECT: 0xFF171620(5a59620) Type: 8 Event Object Header: 0xFF171608 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1309620(1a32620) Type: 18 Key Object Header: 0xE1309608 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF1715A0(5a595a0) Type: 8 Event Object Header: 0xFF171588 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E69DA0(5df9da0) Type: 18 Key Object Header: 0xE1E69D88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xFF171420(5a59420) Type: 10 Mutant Object Header: 0xFF171408 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF171460(5a59460) Type: 8 Event Object Header: 0xFF171448 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF171360(5a59360) Type: 12 Semaphore Object Header: 0xFF171348 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1713A0(5a593a0) Type: 12 Semaphore Object Header: 0xFF171388 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF171320(5a59320) Type: 8 Event Object Header: 0xFF171308 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1712E0(5a592e0) Type: 8 Event Object Header: 0xFF1712C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF171260(5a59260) Type: 12 Semaphore Object Header: 0xFF171248 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF171220(5a59220) Type: 12 Semaphore Object Header: 0xFF171208 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1ED0200(606200) Type: 18 Key Object Header: 0xE1ED01E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF1711E0(5a591e0) Type: 8 Event Object Header: 0xFF1711C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288630(5891630) Type: 10 Mutant Object Header: 0xFF288618 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC68730 Name: RasPbFile SecurityDescriptor: 0xE1E5D318(59fc318) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF171160(5a59160) Type: 8 Event Object Header: 0xFF171148 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF171120(5a59120) Type: 8 Event Object Header: 0xFF171108 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1710E0(5a590e0) Type: 8 Event Object Header: 0xFF1710C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF170FA0(611efa0) Type: 8 Event Object Header: 0xFF170F88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EAA460(6f08460) Type: 17 Section Object Header: 0xE1EAA448 GrantedAccess: 4 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: SENS Information Cache SecurityDescriptor: 0xE1EAB3B8(6cf23b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;LC;;;WD)(A;;DC;;;SY) Segment: 0xE12D7968(1954968) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1FE3710(5a27710) Type: 19 Port Object Header: 0xE1FE36F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000003F4.00000368 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE131AAC0(1a82ac0) Type: 18 Key Object Header: 0xE131AAA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE1EFC5C0(6ff95c0) Type: 18 Key Object Header: 0xE1EFC5A8 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE1E39B60(564db60) Type: 18 Key Object Header: 0xE1E39B48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\ OBJECT: 0xFF173A00(44cea00) Type: 8 Event Object Header: 0xFF1739E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1699E0(70919e0) Type: 8 Event Object Header: 0xFF1699C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25FF0(1042ff0) Type: 8 Event Object Header: 0xFCA25FD8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC68730 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF167A70(223da70) Type: 10 Mutant Object Header: 0xFF167A58 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: __TgCommander__ SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF167AC8(223dac8) Type: 26 File Object Header: 0xFF167AB0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\support.com\client\bin\ OBJECT: 0xFF16C730(6f62730) Type: 8 Event Object Header: 0xFF16C718 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: TgSchedUpdateJobsEventName SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16C7A8(6f627a8) Type: 26 File Object Header: 0xFF16C790 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF168D70(7321d70) Type: 8 Event Object Header: 0xFF168D58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: TgSchedUpdateListEventName SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16C770(6f62770) Type: 8 Event Object Header: 0xFF16C758 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: TgSchedUpdateJobsTwoEventName SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF168D30(7321d30) Type: 8 Event Object Header: 0xFF168D18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: TgSchedUpdateListTwoEventName SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF167C70(223dc70) Type: 8 Event Object Header: 0xFF167C58 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC68730 Name: TgSchedNewUserEventName SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF167C30(223dc30) Type: 8 Event Object Header: 0xFF167C18 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 3 Directory: 0xFCC68730 Name: TgSchedExitEvent SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF166DA0(582cda0) Type: 6 Thread Object Header: 0xFF166D88 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000037C ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF166D60(582cd60) Type: 8 Event Object Header: 0xFF166D48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF166DA0(582cda0) Type: 6 Thread Object Header: 0xFF166D88 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000037C ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF166DA0(582cda0) Type: 6 Thread Object Header: 0xFF166D88 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000037C ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF166940(582c940) Type: 6 Thread Object Header: 0xFF166928 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000044C ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF166560(582c560) Type: 6 Thread Object Header: 0xFF166548 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000450 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF1668C0(582c8c0) Type: 8 Event Object Header: 0xFF1668A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1662E0(582c2e0) Type: 6 Thread Object Header: 0xFF1662C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000454 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF1654C0(7a364c0) Type: 10 Mutant Object Header: 0xFF1654A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF165500(7a36500) Type: 8 Event Object Header: 0xFF1654E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF165C20(7a36c20) Type: 8 Event Object Header: 0xFF165C08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D56340(4f14340) Type: 18 Key Object Header: 0xE1D56328 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1BF8560(3db6560) Type: 18 Key Object Header: 0xE1BF8548 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF165B80(7a36b80) Type: 8 Event Object Header: 0xFF165B68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF165AE0(7a36ae0) Type: 8 Event Object Header: 0xFF165AC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13A6020(2b41020) Type: 18 Key Object Header: 0xE13A6008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF165A40(7a36a40) Type: 8 Event Object Header: 0xFF165A28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F36500(784500) Type: 18 Key Object Header: 0xE1F364E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF1659A0(7a369a0) Type: 8 Event Object Header: 0xFF165988 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F36580(784580) Type: 18 Key Object Header: 0xE1F36568 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF165900(7a36900) Type: 8 Event Object Header: 0xFF1658E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EEB3E0(72883e0) Type: 18 Key Object Header: 0xE1EEB3C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF165860(7a36860) Type: 8 Event Object Header: 0xFF165848 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1657C0(7a367c0) Type: 8 Event Object Header: 0xFF1657A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12E97E0(19947e0) Type: 18 Key Object Header: 0xE12E97C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF165720(7a36720) Type: 8 Event Object Header: 0xFF165708 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F96D20(2b2dd20) Type: 18 Key Object Header: 0xE1F96D08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF165680(7a36680) Type: 8 Event Object Header: 0xFF165668 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F36940(784940) Type: 18 Key Object Header: 0xE1F36928 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF1655E0(7a365e0) Type: 8 Event Object Header: 0xFF1655C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF165480(7a36480) Type: 8 Event Object Header: 0xFF165468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF165440(7a36440) Type: 10 Mutant Object Header: 0xFF165428 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF165400(7a36400) Type: 12 Semaphore Object Header: 0xFF1653E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1653C0(7a363c0) Type: 12 Semaphore Object Header: 0xFF1653A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF165360(7a36360) Type: 8 Event Object Header: 0xFF165348 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF165E48(7a36e48) Type: 26 File Object Header: 0xFF165E30 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF165308 (7a36308) Unknown1: 0x37003300 (1) Unknown2: 0x39003900 OBJECT: 0xFF165288(7a36288) Type: 26 File Object Header: 0xFF165270 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF165228 (7a36228) Unknown1: 0x00004200 (1) Unknown2: 0xc7813100 OBJECT: 0xFF1651A8(7a361a8) Type: 26 File Object Header: 0xFF165190 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF164028(7c27028) Type: 26 File Object Header: 0xFF164010 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF164F88(7c27f88) Type: 26 File Object Header: 0xFF164F70 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE13A60A0(2b410a0) Type: 18 Key Object Header: 0xE13A6088 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xE1EE27C0(6fbf7c0) Type: 18 Key Object Header: 0xE1EE27A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE12E6CC0(198acc0) Type: 18 Key Object Header: 0xE12E6CA8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE1F10760(b50760) Type: 18 Key Object Header: 0xE1F10748 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xFF16C770(6f62770) Type: 8 Event Object Header: 0xFF16C758 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: TgSchedUpdateJobsTwoEventName SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF168D30(7321d30) Type: 8 Event Object Header: 0xFF168D18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: TgSchedUpdateListTwoEventName SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF167C70(223dc70) Type: 8 Event Object Header: 0xFF167C58 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC68730 Name: TgSchedNewUserEventName SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF167C30(223dc30) Type: 8 Event Object Header: 0xFF167C18 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 3 Directory: 0xFCC68730 Name: TgSchedExitEvent SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF164EC0(7c27ec0) Type: 8 Event Object Header: 0xFF164EA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF166940(582c940) Type: 6 Thread Object Header: 0xFF166928 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000044C ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF164B80(7c27b80) Type: 8 Event Object Header: 0xFF164B68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF164BE0(7c27be0) Type: 8 Event Object Header: 0xFF164BC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16C730(6f62730) Type: 8 Event Object Header: 0xFF16C718 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: TgSchedUpdateJobsEventName SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF168D70(7321d70) Type: 8 Event Object Header: 0xFF168D58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: TgSchedUpdateListEventName SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF167C30(223dc30) Type: 8 Event Object Header: 0xFF167C18 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 3 Directory: 0xFCC68730 Name: TgSchedExitEvent SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF167C70(223dc70) Type: 8 Event Object Header: 0xFF167C58 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC68730 Name: TgSchedNewUserEventName SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF162400(7b35400) Type: 8 Event Object Header: 0xFF1623E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1644E8(7c274e8) Type: 26 File Object Header: 0xFF1644D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF1643A8 (7c273a8) Type: 0xafd4 Process: 0xFF17D6A0 tgcmd.exe EndpointLinks: {0xFF2333D8:FF1631F8} AfdTransportAddress: 0xFF279168 (5d1f168) DeviceString: \Device\Tcp OBJECT: 0xFF166940(582c940) Type: 6 Thread Object Header: 0xFF166928 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000044C ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF1662E0(582c2e0) Type: 6 Thread Object Header: 0xFF1662C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000454 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF164AA0(7c27aa0) Type: 8 Event Object Header: 0xFF164A88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1662E0(582c2e0) Type: 6 Thread Object Header: 0xFF1662C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000454 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF164A60(7c27a60) Type: 8 Event Object Header: 0xFF164A48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF163020(836020) Type: 12 Semaphore Object Header: 0xFF163008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF164100(7c27100) Type: 12 Semaphore Object Header: 0xFF1640E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF164328(7c27328) Type: 26 File Object Header: 0xFF164310 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1642C8 (7c272c8) Unknown1: 0x00740073 (1) Unknown2: 0x610072 Address Object: 0xFF163E48 (836e48) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF163608:FF164C28} OBJECT: 0xE1C093E0(54013e0) Type: 18 Key Object Header: 0xE1C093C8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASADHLP\ OBJECT: 0xFF163580(836580) Type: 8 Event Object Header: 0xFF163568 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1603E0(70be3e0) Type: 8 Event Object Header: 0xFF1603C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF164788(7c27788) Type: 26 File Object Header: 0xFF164770 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF163148 (836148) Type: 0xafd4 Process: 0xFF17D6A0 tgcmd.exe EndpointLinks: {0xFF164458:FF15CCD8} AfdTransportAddress: 0xFF279168 (5d1f168) DeviceString: \Device\Tcp OBJECT: 0xFF162028(7b35028) Type: 26 File Object Header: 0xFF162010 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1630A8 (8360a8) Unknown1: 0x0401062B (1) Unknown2: 0x2378201 Address Object: 0xFF162E48 (7b35e48) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF162548:FF1635A8} OBJECT: 0xE1E9A690(692c690) Type: 17 Section Object Header: 0xE1E9A678 GrantedAccess: f0007 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1E18208(541a208) BasedAddress: 0x00000080 SizeOfSegment: 0x4000 OBJECT: 0xFF1BAAE0(3e35ae0) Type: 5 Process Object Header: 0xFF1BAAC8 GrantedAccess: 100400 PointerCount: 118 HandleCount: 5 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Explorer.Exe OBJECT: 0xE1EBA6F0(64ab6f0) Type: 4 Token Object Header: 0xE1EBA6D8 GrantedAccess: 2000a PointerCount: 19 HandleCount: 2 SecurityDescriptor: 0xE1EB2778(9a4778) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,c615} ParentToken ID: {0,0} Modified ID: {0,11d67} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF166560(582c560) Type: 6 Thread Object Header: 0xFF166548 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000450 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xE13CD5C0(32ef5c0) Type: 18 Key Object Header: 0xE13CD5A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ OBJECT: 0xFF160BC0(70bebc0) Type: 8 Event Object Header: 0xFF160BA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF160CE0(70bece0) Type: 12 Semaphore Object Header: 0xFF160CC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF160B40(70beb40) Type: 12 Semaphore Object Header: 0xFF160B28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF160B00(70beb00) Type: 12 Semaphore Object Header: 0xFF160AE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1333A00(1aa7a00) Type: 18 Key Object Header: 0xE13339E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xFF15EA88(7c1ba88) Type: 26 File Object Header: 0xFF15EA70 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: Netbios OBJECT: 0xFF15D7A0(a0f7a0) Type: 8 Event Object Header: 0xFF15D788 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15D760(a0f760) Type: 8 Event Object Header: 0xFF15D748 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15D720(a0f720) Type: 8 Event Object Header: 0xFF15D708 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15D6E0(a0f6e0) Type: 8 Event Object Header: 0xFF15D6C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15D6A0(a0f6a0) Type: 8 Event Object Header: 0xFF15D688 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15E2E0(7c1b2e0) Type: 6 Thread Object Header: 0xFF15E2C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000460 ThreadsProcess: 0xFF17D6A0 OBJECT: 0xFF12C760(5abe760) Type: 8 Event Object Header: 0xFF12C748 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15ECC0(7c1bcc0) Type: 8 Event Object Header: 0xFF15ECA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE136EBE0(27a7be0) Type: 18 Key Object Header: 0xE136EBC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE1EE7C20(a44c20) Type: 18 Key Object Header: 0xE1EE7C08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE1322D80(1a7dd80) Type: 18 Key Object Header: 0xE1322D68 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE132C860(1a96860) Type: 18 Key Object Header: 0xE132C848 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xFF15CA20(b14a20) Type: 25 IoCompletion Object Header: 0xFF15CA08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 OBJECT: 0xE1D53820(4f31820) Type: 18 Key Object Header: 0xE1D53808 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xFF235C88(6e37c88) Type: 26 File Object Header: 0xFF235C70 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\AsyncConnectHlp OBJECT: 0xE12F45C0(19c95c0) Type: 18 Key Object Header: 0xE12F45A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE21DB880(6bb9880) Type: 18 Key Object Header: 0xE21DB868 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE131C200(1a65200) Type: 18 Key Object Header: 0xE131C1E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE12EEF60(19aff60) Type: 18 Key Object Header: 0xE12EEF48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE133A3A0(1ab43a0) Type: 18 Key Object Header: 0xE133A388 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE1361A80(229ca80) Type: 18 Key Object Header: 0xE1361A68 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xFF247BA0(679aba0) Type: 8 Event Object Header: 0xFF247B88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E8FDC0(6886dc0) Type: 18 Key Object Header: 0xE1E8FDA8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE12C4D60(1910d60) Type: 18 Key Object Header: 0xE12C4D48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE1F43720(27e720) Type: 18 Key Object Header: 0xE1F43708 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE213FBE0(4567be0) Type: 18 Key Object Header: 0xE213FBC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE13173E0(1ae03e0) Type: 18 Key Object Header: 0xE13173C8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE21B5220(4664220) Type: 18 Key Object Header: 0xE21B5208 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xFF19A2C0(7bb92c0) Type: 8 Event Object Header: 0xFF19A2A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE21BA8C0(3ffa8c0) Type: 18 Key Object Header: 0xE21BA8A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE2098EE0(6e95ee0) Type: 18 Key Object Header: 0xE2098EC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE1E95480(683c480) Type: 18 Key Object Header: 0xE1E95468 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE21C6AA0(7aa1aa0) Type: 18 Key Object Header: 0xE21C6A88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE12C3780(190f780) Type: 18 Key Object Header: 0xE12C3768 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE1EDF580(6f1580) Type: 18 Key Object Header: 0xE1EDF568 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ 23. TABLE: 0xFF187B88(2dd0b88): Table: 0xE1FB7000 QuotaProcess: 0xFF177660 ProcessId: 418 HandleCount: 119 CapturedHandleCount: 119 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1F49C90(4098c90) Type: 17 Section Object Header: 0xE1F49C78 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1F54148(4488148) BasedAddress: 0x09233430 SizeOfSegment: 0xc5000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\PowerPanel\Program\PcfMgr.exe OBJECT: 0xFF176BA0(4556ba0) Type: 8 Event Object Header: 0xFF176B88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF176B60(4556b60) Type: 8 Event Object Header: 0xFF176B48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF176B20(4556b20) Type: 8 Event Object Header: 0xFF176B08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFCC656E8(12826e8) Type: 26 File Object Header: 0xFCC656D0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\ OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFF1751A0(45351a0) Type: 8 Event Object Header: 0xFF175188 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F78110(2139110) Type: 19 Port Object Header: 0xE1F780F8 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000418.00000414 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF179F60(323cf60) Type: 8 Event Object Header: 0xFF179F48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xE1DC1D00(6306d00) Type: 18 Key Object Header: 0xE1DC1CE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF1B5800(2686800) Type: 8 Event Object Header: 0xFF1B57E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1ED3CC0(7a50cc0) Type: 18 Key Object Header: 0xE1ED3CA8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xE1EE2DE0(6fbfde0) Type: 18 Key Object Header: 0xE1EE2DC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xE1EDAEA0(837ea0) Type: 18 Key Object Header: 0xE1EDAE88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE1ED3C40(7a50c40) Type: 18 Key Object Header: 0xE1ED3C28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE13096A0(1a326a0) Type: 18 Key Object Header: 0xE1309688 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF178120(4075120) Type: 8 Event Object Header: 0xFF178108 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF172FE0(58cbfe0) Type: 8 Event Object Header: 0xFF172FC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE130AE20(1a33e20) Type: 18 Key Object Header: 0xE130AE08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE1E1FFA0(540dfa0) Type: 18 Key Object Header: 0xE1E1FF88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF172F40(58cbf40) Type: 8 Event Object Header: 0xFF172F28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF174FA0(448ffa0) Type: 8 Event Object Header: 0xFF174F88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24A988(6869988) Type: 26 File Object Header: 0xFF24A970 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFCC65E70(1282e70) Type: 10 Mutant Object Header: 0xFCC65E58 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: PhoenixPowerPanel SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF16F280(1d07280) Type: 8 Event Object Header: 0xFF16F268 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E9D380(6971380) Type: 18 Key Object Header: 0xE1E9D368 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1F2E920(f37920) Type: 18 Key Object Header: 0xE1F2E908 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF16FC40(1d07c40) Type: 8 Event Object Header: 0xFF16FC28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16FCC0(1d07cc0) Type: 8 Event Object Header: 0xFF16FCA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F30720(cac720) Type: 18 Key Object Header: 0xE1F30708 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE12F5700(19d2700) Type: 18 Key Object Header: 0xE12F56E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1B6AA0(5425aa0) Type: 8 Event Object Header: 0xFF1B6A88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1360620(227a620) Type: 18 Key Object Header: 0xE1360608 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF189440(2c46440) Type: 8 Event Object Header: 0xFF189428 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EDBDE0(7018de0) Type: 18 Key Object Header: 0xE1EDBDC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF18BB60(2b84b60) Type: 8 Event Object Header: 0xFF18BB48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E827C0(66117c0) Type: 18 Key Object Header: 0xE1E827A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF16E8A0(625d8a0) Type: 8 Event Object Header: 0xFF16E888 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B5AE0(2686ae0) Type: 8 Event Object Header: 0xFF1B5AC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1320560(1a6e560) Type: 18 Key Object Header: 0xE1320548 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1B6A20(5425a20) Type: 8 Event Object Header: 0xFF1B6A08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE130E080(1a37080) Type: 18 Key Object Header: 0xE130E068 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1B48E0(34f8e0) Type: 8 Event Object Header: 0xFF1B48C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F734A0(20144a0) Type: 18 Key Object Header: 0xE1F73488 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF16F2C0(1d072c0) Type: 8 Event Object Header: 0xFF16F2A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF16E9A0(625d9a0) Type: 8 Event Object Header: 0xFF16E988 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E940(625d940) Type: 8 Event Object Header: 0xFF16E928 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16EB80(625db80) Type: 8 Event Object Header: 0xFF16EB68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16EB20(625db20) Type: 8 Event Object Header: 0xFF16EB08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17B020(2dc3020) Type: 6 Thread Object Header: 0xFF17B008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000414 ThreadsProcess: 0xFF177660 OBJECT: 0xFF16EAE0(625dae0) Type: 8 Event Object Header: 0xFF16EAC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1FE98F0(61c58f0) Type: 19 Port Object Header: 0xE1FE98D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000418.00000414 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1EDF880(6f1880) Type: 19 Port Object Header: 0xE1EDF868 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCC93030 Name: OLE10 SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000418.00000414 ClientThread: 0x00000000 ServerProcess: 0xFF177660 OBJECT: 0xFCC66520(1283520) Type: 25 IoCompletion Object Header: 0xFCC66508 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFCC66520(1283520) Type: 25 IoCompletion Object Header: 0xFCC66508 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF189580(2c46580) Type: 6 Thread Object Header: 0xFF189568 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000374 ThreadsProcess: 0xFF177660 OBJECT: 0xFF16ED60(625dd60) Type: 8 Event Object Header: 0xFF16ED48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C9120(2965120) Type: 8 Event Object Header: 0xFF1C9108 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C92A0(29652a0) Type: 8 Event Object Header: 0xFF1C9288 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF155C40(dd8c40) Type: 8 Event Object Header: 0xFF155C28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16CF30(6f62f30) Type: 10 Mutant Object Header: 0xFF16CF18 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: DBWinMutex SecurityDescriptor: 0xE1ECC258(7207258) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;SY)(A;;0x1f0001;;;BA) OBJECT: 0xFF152FC0(ea8fc0) Type: 8 Event Object Header: 0xFF152FA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25FF0(1042ff0) Type: 8 Event Object Header: 0xFCA25FD8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC68730 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF17C028(2c66028) Type: 26 File Object Header: 0xFF17C010 GrantedAccess: 120089 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\PROGRA~1\COMMON~1\SONYSH~1\UILIBR~1\UILib.dll OBJECT: 0xE1316670(1a5f670) Type: 17 Section Object Header: 0xE1316658 GrantedAccess: f0005 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1FBA748(6332748) BasedAddress: 0x089F0CC0 SizeOfSegment: 0x180000 SecurityDescriptor: (null) Path: HarddiskVolume1\PROGRA~1\COMMON~1\SONYSH~1\UILIBR~1\UILib.dll OBJECT: 0xFF167548(223d548) Type: 26 File Object Header: 0xFF167530 GrantedAccess: 120089 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\stdole2.tlb OBJECT: 0xE12F2530(19e8530) Type: 17 Section Object Header: 0xE12F2518 GrantedAccess: f0005 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1C0E5E8(73695e8) BasedAddress: 0x09540CC0 SizeOfSegment: 0x40000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\stdole2.tlb OBJECT: 0xFF1519C0(c4f9c0) Type: 10 Mutant Object Header: 0xFF1519A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD62D10(137fd10) Type: 12 Semaphore Object Header: 0xFCD62CF8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: PowerProfileRegistrySemaphore SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) OBJECT: 0xFF144620(306620) Type: 10 Mutant Object Header: 0xFF144608 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF145020(1987020) Type: 6 Thread Object Header: 0xFF145008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000478 ThreadsProcess: 0xFF177660 OBJECT: 0xFF148ED0(19b4ed0) Type: 8 Event Object Header: 0xFF148EB8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 1 Directory: 0xFCC68730 Name: SonyAsyncEvent10164 SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF149D00(eb2d00) Type: 8 Event Object Header: 0xFF149CE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF148F48(19b4f48) Type: 26 File Object Header: 0xFF148F30 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF25ECD0(6397cd0) Type: 12 Semaphore Object Header: 0xFF25ECB8 GrantedAccess: 100002 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: GuardSemmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D30A58(42cba58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xFF1757C0(45357c0) Type: 8 Event Object Header: 0xFF1757A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B3B10(b56b10) Type: 12 Semaphore Object Header: 0xFF1B3AF8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: shell.{090851A5-EB96-11D2-8BE4-00C04FA31A66} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF175800(4535800) Type: 10 Mutant Object Header: 0xFF1757E8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF175840(4535840) Type: 8 Event Object Header: 0xFF175828 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF148768(19b4768) Type: 26 File Object Header: 0xFF148750 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 00000020 OBJECT: 0xFF148E80(19b4e80) Type: 8 Event Object Header: 0xFF148E68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF147600(1b68600) Type: 10 Mutant Object Header: 0xFF1475E8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF147640(1b68640) Type: 8 Event Object Header: 0xFF147628 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF148AE8(19b4ae8) Type: 26 File Object Header: 0xFF148AD0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 00000020 OBJECT: 0xFF1DD650(3d92650) Type: 12 Semaphore Object Header: 0xFF1DD638 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 5 Directory: 0xFCC68730 Name: shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF147928(1b68928) Type: 26 File Object Header: 0xFF147910 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 0000001f OBJECT: 0xFF2726F0(5f256f0) Type: 12 Semaphore Object Header: 0xFF2726D8 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 6 Directory: 0xFCC68730 Name: shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF142980(5a6f980) Type: 8 Event Object Header: 0xFF142968 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25ED70(6397d70) Type: 10 Mutant Object Header: 0xFF25ED58 GrantedAccess: 100000 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: GuardMutexmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D31CB8(42edcb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x100000;;;WD) OBJECT: 0xFF25ED30(6397d30) Type: 8 Event Object Header: 0xFF25ED18 GrantedAccess: 100002 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: GuardEventmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D30A58(42cba58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xE1D30A00(42cba00) Type: 17 Section Object Header: 0xE1D309E8 GrantedAccess: 4 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: mmGlobalPnpInfo SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E78748(6449748) BasedAddress: 0x00000080 SizeOfSegment: 0x40000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF13D5E8(73bf5e8) Type: 26 File Object Header: 0xFF13D5D0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000001\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFF24BC50(66eac50) Type: 10 Mutant Object Header: 0xFF24BC38 GrantedAccess: 100000 PointerCount: 9 HandleCount: 8 Directory: 0xFCC68730 Name: mxrapi SecurityDescriptor: 0xE1EC0298(7a1f298) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xE136EFC0(27a7fc0) Type: 17 Section Object Header: 0xE136EFA8 GrantedAccess: 6 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: WDMAUD_Callbacks SecurityDescriptor: 0xE1E5D3B8(59fc3b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;DCLC;;;WD) Segment: 0xE1E7DC48(6857c48) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF24BC50(66eac50) Type: 10 Mutant Object Header: 0xFF24BC38 GrantedAccess: 100000 PointerCount: 9 HandleCount: 8 Directory: 0xFCC68730 Name: mxrapi SecurityDescriptor: 0xE1EC0298(7a1f298) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xFF24B830(66ea830) Type: 8 Event Object Header: 0xFF24B818 GrantedAccess: 100002 PointerCount: 9 HandleCount: 4 Directory: 0xFCC68730 Name: mixercallback SecurityDescriptor: 0xE1340458(1ac8458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xFF2329F0(70d39f0) Type: 8 Event Object Header: 0xFF2329D8 GrantedAccess: 100002 PointerCount: 10 HandleCount: 4 Directory: 0xFCC68730 Name: hardwaremixercallback SecurityDescriptor: 0xE1340458(1ac8458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xFF132980(72bf980) Type: 6 Thread Object Header: 0xFF132968 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000418.00000488 ThreadsProcess: 0xFF177660 OBJECT: 0xE1FF0B50(72b9b50) Type: 19 Port Object Header: 0xE1FF0B38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000418.00000374 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF135AA0(3c28aa0) Type: 8 Event Object Header: 0xFF135A88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF135E08(3c28e08) Type: 26 File Object Header: 0xFF135DF0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 00000026 OBJECT: 0xFF1E5840(3f07840) Type: 8 Event Object Header: 0xFF1E5828 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E5900(3f07900) Type: 8 Event Object Header: 0xFF1E58E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF147080(1b68080) Type: 8 Event Object Header: 0xFF147068 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 24. TABLE: 0xFF1B6468(5425468): Table: 0xE1FE4000 QuotaProcess: 0xFF172C40 ProcessId: 428 HandleCount: 89 CapturedHandleCount: 89 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1DCD930(5180930) Type: 17 Section Object Header: 0xE1DCD918 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1F87A48(262aa48) BasedAddress: 0x09987428 SizeOfSegment: 0x151000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Sony\Jog Dial Utility\JogServ2.exe OBJECT: 0xFF1727E0(58cb7e0) Type: 8 Event Object Header: 0xFF1727C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1727A0(58cb7a0) Type: 8 Event Object Header: 0xFF172788 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF172740(58cb740) Type: 8 Event Object Header: 0xFF172728 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF287088(590d088) Type: 26 File Object Header: 0xFF287070 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFF1721A0(58cb1a0) Type: 8 Event Object Header: 0xFF172188 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1FE2F50(5932f50) Type: 19 Port Object Header: 0xE1FE2F38 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000428.00000424 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF171FA0(5a59fa0) Type: 8 Event Object Header: 0xFF171F88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xE12EEFA0(19affa0) Type: 18 Key Object Header: 0xE12EEF88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF171EA0(5a59ea0) Type: 8 Event Object Header: 0xFF171E88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE130BDE0(1a34de0) Type: 18 Key Object Header: 0xE130BDC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xE1F53BC0(2f1ebc0) Type: 18 Key Object Header: 0xE1F53BA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xFF171E60(5a59e60) Type: 8 Event Object Header: 0xFF171E48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12DD1A0(19661a0) Type: 18 Key Object Header: 0xE12DD188 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xE1F8BDE0(441ede0) Type: 18 Key Object Header: 0xE1F8BDC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE1D41460(43b6460) Type: 18 Key Object Header: 0xE1D41448 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF17AB08(325db08) Type: 26 File Object Header: 0xFF17AAF0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF1781E0(40751e0) Type: 8 Event Object Header: 0xFF1781C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF170540(611e540) Type: 8 Event Object Header: 0xFF170528 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF170500(611e500) Type: 8 Event Object Header: 0xFF1704E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16FD80(1d07d80) Type: 8 Event Object Header: 0xFF16FD68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16FD40(1d07d40) Type: 8 Event Object Header: 0xFF16FD28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF172860(58cb860) Type: 6 Thread Object Header: 0xFF172848 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000424 ThreadsProcess: 0xFF172C40 OBJECT: 0xFF16FD00(1d07d00) Type: 8 Event Object Header: 0xFF16FCE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1FDF170(6036170) Type: 19 Port Object Header: 0xE1FDF158 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000428.00000424 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1E75AE0(621fae0) Type: 19 Port Object Header: 0xE1E75AC8 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCC93030 Name: OLEe SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000428.00000424 ClientThread: 0x00000000 ServerProcess: 0xFF172C40 OBJECT: 0xFF260E40(6363e40) Type: 25 IoCompletion Object Header: 0xFF260E28 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF260E40(6363e40) Type: 25 IoCompletion Object Header: 0xFF260E28 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF16F1C0(1d071c0) Type: 8 Event Object Header: 0xFF16F1A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13220E0(1a7d0e0) Type: 18 Key Object Header: 0xE13220C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1F16C20(f53c20) Type: 18 Key Object Header: 0xE1F16C08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF16F600(1d07600) Type: 8 Event Object Header: 0xFF16F5E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16F580(1d07580) Type: 8 Event Object Header: 0xFF16F568 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1BFF800(6dbb800) Type: 18 Key Object Header: 0xE1BFF7E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE12E3B40(197eb40) Type: 18 Key Object Header: 0xE12E3B28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF16F500(1d07500) Type: 8 Event Object Header: 0xFF16F4E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12B9920(1960920) Type: 18 Key Object Header: 0xE12B9908 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF16F480(1d07480) Type: 8 Event Object Header: 0xFF16F468 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EEC880(7249880) Type: 18 Key Object Header: 0xE1EEC868 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF16F400(1d07400) Type: 8 Event Object Header: 0xFF16F3E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12A5540(18b0540) Type: 18 Key Object Header: 0xE12A5528 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF16F380(1d07380) Type: 8 Event Object Header: 0xFF16F368 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E020(625d020) Type: 8 Event Object Header: 0xFF16E008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E9E0E0(6a520e0) Type: 18 Key Object Header: 0xE1E9E0C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF16EFA0(625dfa0) Type: 8 Event Object Header: 0xFF16EF88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1BFA7C0(5d347c0) Type: 18 Key Object Header: 0xE1BFA7A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF16EF20(625df20) Type: 8 Event Object Header: 0xFF16EF08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE135BE20(2110e20) Type: 18 Key Object Header: 0xE135BE08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF16EE80(625de80) Type: 8 Event Object Header: 0xFF16EE68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF261F50(615bf50) Type: 10 Mutant Object Header: 0xFF261F38 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: JogServ2 SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF225020(9be020) Type: 6 Thread Object Header: 0xFF225008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.000002E8 ThreadsProcess: 0xFF172C40 OBJECT: 0xE1DC1650(6306650) Type: 19 Port Object Header: 0xE1DC1638 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000428.00000440 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF16E0E0(625d0e0) Type: 8 Event Object Header: 0xFF16E0C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF192400(206e400) Type: 8 Event Object Header: 0xFF1923E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16BB00(65d6b00) Type: 8 Event Object Header: 0xFF16BAE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD62D10(137fd10) Type: 12 Semaphore Object Header: 0xFCD62CF8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: PowerProfileRegistrySemaphore SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) OBJECT: 0xFF2726F0(5f256f0) Type: 12 Semaphore Object Header: 0xFF2726D8 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 6 Directory: 0xFCC68730 Name: shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFCA25FF0(1042ff0) Type: 8 Event Object Header: 0xFCA25FD8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC68730 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF14C900(cf0900) Type: 8 Event Object Header: 0xFF14C8E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14C8C0(cf08c0) Type: 10 Mutant Object Header: 0xFF14C8A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14C880(cf0880) Type: 8 Event Object Header: 0xFF14C868 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14C840(cf0840) Type: 10 Mutant Object Header: 0xFF14C828 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E47FC0(2f1ffc0) Type: 17 Section Object Header: 0xE1E47FA8 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: SeCommon1999 FileMap SecurityDescriptor: 0xE1E541F8(588c1f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE12EA6C8(197a6c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF149BE0(eb2be0) Type: 8 Event Object Header: 0xFF149BC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF147C30(1b68c30) Type: 8 Event Object Header: 0xFF147C18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 1 Directory: 0xFCC68730 Name: SonyAsyncEvent10162 SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1468C0(2658c0) Type: 6 Thread Object Header: 0xFF1468A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000474 ThreadsProcess: 0xFF172C40 OBJECT: 0xFF1474E8(1b684e8) Type: 26 File Object Header: 0xFF1474D0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 00000020 OBJECT: 0xFF1496C0(eb26c0) Type: 8 Event Object Header: 0xFF1496A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF149DE8(eb2de8) Type: 26 File Object Header: 0xFF149DD0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF24B930(66ea930) Type: 13 Timer Object Header: 0xFF24B918 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: SeTimer0 SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF147760(1b68760) Type: 10 Mutant Object Header: 0xFF147748 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1477A0(1b687a0) Type: 8 Event Object Header: 0xFF147788 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF148628(19b4628) Type: 26 File Object Header: 0xFF148610 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 00000020 OBJECT: 0xFF13E980(763d980) Type: 6 Thread Object Header: 0xFF13E968 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.0000047C ThreadsProcess: 0xFF172C40 OBJECT: 0xFF170608(611e608) Type: 26 File Object Header: 0xFF1705F0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 0000001f OBJECT: 0xFF145A40(1987a40) Type: 8 Event Object Header: 0xFF145A28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF13ECA0(763dca0) Type: 8 Event Object Header: 0xFF13EC88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF173380(44ce380) Type: 8 Event Object Header: 0xFF173368 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF134520(3d67520) Type: 8 Event Object Header: 0xFF134508 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E61E0(7661e0) Type: 8 Event Object Header: 0xFF1E61C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 25. TABLE: 0xFF185F88(2ddbf88): Table: 0xE1FE6000 QuotaProcess: 0xFF171B20 ProcessId: 430 HandleCount: 24 CapturedHandleCount: 24 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1F8BBF0(441ebf0) Type: 17 Section Object Header: 0xE1F8BBD8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1D33768(42b7768) BasedAddress: 0x09AD3C38 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Apoint\Apntex.exe OBJECT: 0xFF177080(40b4080) Type: 8 Event Object Header: 0xFF177068 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF174800(448f800) Type: 8 Event Object Header: 0xFF1747E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF177A40(40b4a40) Type: 8 Event Object Header: 0xFF177A28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF1C3C68(93c68) Type: 26 File Object Header: 0xFF1C3C50 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Apoint\ OBJECT: 0xFF174CA0(448fca0) Type: 8 Event Object Header: 0xFF174C88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1FC81B0(30301b0) Type: 19 Port Object Header: 0xE1FC8198 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000430.0000042C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF1850A0(2ddb0a0) Type: 8 Event Object Header: 0xFF185088 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xE13097A0(1a327a0) Type: 18 Key Object Header: 0xE1309788 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF174900(448f900) Type: 6 Thread Object Header: 0xFF1748E8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000430.00000360 ThreadsProcess: 0xFF171B20 OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF174550(448f550) Type: 8 Event Object Header: 0xFF174538 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: Alps_Apfilter_APC_Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF174550(448f550) Type: 8 Event Object Header: 0xFF174538 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC68730 Name: Alps_Apfilter_APC_Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xE136C100(274b100) Type: 17 Section Object Header: 0xE136C0E8 GrantedAccess: f001f PointerCount: 3 HandleCount: 2 Directory: 0xFCC68730 Name: ALPS_GP_DRIVER_SCROLL SecurityDescriptor: 0xE1E541F8(588c1f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1F490E8(40980e8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF16B9C0(65d69c0) Type: 8 Event Object Header: 0xFF16B9A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF169B80(7091b80) Type: 8 Event Object Header: 0xFF169B68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D34C0(6c094c0) Type: 8 Event Object Header: 0xFF1D34A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) 26. TABLE: 0xFF1490E8(eb20e8): Table: 0xE1E2C000 QuotaProcess: 0xFF191C40 ProcessId: 434 HandleCount: 22 CapturedHandleCount: 22 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12F33B0(19bf3b0) Type: 17 Section Object Header: 0xE12F3398 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1E01B68(51b4b68) BasedAddress: 0x09CB3C38 SizeOfSegment: 0x48000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\cmd.exe OBJECT: 0xFF16C1C0(6f621c0) Type: 8 Event Object Header: 0xFF16C1A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12C3A0(5abe3a0) Type: 8 Event Object Header: 0xFF12C388 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF133280(2b40280) Type: 8 Event Object Header: 0xFF133268 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF15BC88(95fc88) Type: 26 File Object Header: 0xFF15BC70 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\ OBJECT: 0xFF15E0C0(7c1b0c0) Type: 8 Event Object Header: 0xFF15E0A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1FF2670(6e58670) Type: 19 Port Object Header: 0xE1FF2658 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000434.00000394 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFF12C6A0(5abe6a0) Type: 8 Event Object Header: 0xFF12C688 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF133D40(2b40d40) Type: 8 Event Object Header: 0xFF133D28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xE1E9C960(6acf960) Type: 18 Key Object Header: 0xE1E9C948 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF12A0A0(69000a0) Type: 8 Event Object Header: 0xFF12A088 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1350DA0(1b0ada0) Type: 18 Key Object Header: 0xE1350D88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE1E9B900(694d900) Type: 18 Key Object Header: 0xE1E9B8E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\ OBJECT: 0xE1C0DC80(35dc80) Type: 18 Key Object Header: 0xE1C0DC68 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\ OBJECT: 0xE1C0AD00(19abd00) Type: 18 Key Object Header: 0xE1C0ACE8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\ 27. TABLE: 0xFF289E08(58c3e08): Table: 0xE2057000 QuotaProcess: 0xFF15B020 ProcessId: 29c HandleCount: 164 CapturedHandleCount: 164 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12BE190(18f5190) Type: 17 Section Object Header: 0xE12BE178 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE13C33A8(31373a8) BasedAddress: 0x08B34C28 SizeOfSegment: 0x26000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\UMGR32.EXE OBJECT: 0xFF1E6660(766660) Type: 8 Event Object Header: 0xFF1E6648 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E66E0(7666e0) Type: 8 Event Object Header: 0xFF1E66C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E66A0(7666a0) Type: 8 Event Object Header: 0xFF1E6688 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFCD25028(1342028) Type: 26 File Object Header: 0xFCD25010 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFCC6CCA0(1289ca0) Type: 8 Event Object Header: 0xFCC6CC88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1E29F10(5455f10) Type: 19 Port Object Header: 0xE1E29EF8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 0000029C.000001A8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF262760(6296760) Type: 8 Event Object Header: 0xFF262748 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation Object Header: 0xFF29A440 GrantedAccess: f016e PointerCount: 28 HandleCount: 17 Directory: 0xFCC663D0 Name: Service-0x0-3e7$ OBJECT: 0xFF298ED8(536eed8) Type: 16 Desktop Object Header: 0xFF298EC0 GrantedAccess: f00cf PointerCount: 344 HandleCount: 10 Directory: 0x00000000 Name: Default OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation Object Header: 0xFF29A440 GrantedAccess: f016e PointerCount: 28 HandleCount: 17 Directory: 0xFCC663D0 Name: Service-0x0-3e7$ OBJECT: 0xE1E420C0(582f0c0) Type: 18 Key Object Header: 0xE1E420A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE1BEBB40(3e26b40) Type: 18 Key Object Header: 0xE1BEBB28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE1D31D80(42edd80) Type: 18 Key Object Header: 0xE1D31D68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1EFFA00(6fbda00) Type: 18 Key Object Header: 0xE1EFF9E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE1320F60(1a6ef60) Type: 18 Key Object Header: 0xE1320F48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF1E9540(7f5540) Type: 8 Event Object Header: 0xFF1E9528 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CDFE0(1914fe0) Type: 8 Event Object Header: 0xFF1CDFC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF240B80(6ad8b80) Type: 8 Event Object Header: 0xFF240B68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26DFE0(5f3afe0) Type: 12 Semaphore Object Header: 0xFF26DFC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD81CA0(139eca0) Type: 8 Event Object Header: 0xFCD81C88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE134B1E0(1aea1e0) Type: 18 Key Object Header: 0xE134B1C8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ OBJECT: 0xFF25CDC0(64a7dc0) Type: 12 Semaphore Object Header: 0xFF25CDA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90660(12ad660) Type: 12 Semaphore Object Header: 0xFCC90648 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1BEBB00(3e26b00) Type: 18 Key Object Header: 0xE1BEBAE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Run\ OBJECT: 0xE1EA2F20(6c85f20) Type: 18 Key Object Header: 0xE1EA2F08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Run\ OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF25D460(639b460) Type: 8 Event Object Header: 0xFF25D448 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28FD60(575bd60) Type: 8 Event Object Header: 0xFF28FD48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF186340(2daf340) Type: 8 Event Object Header: 0xFF186328 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E3840(61c840) Type: 25 IoCompletion Object Header: 0xFF1E3828 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF1E3840(61c840) Type: 25 IoCompletion Object Header: 0xFF1E3828 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFCDBEA00(13dba00) Type: 8 Event Object Header: 0xFCDBE9E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12C020(5abe020) Type: 6 Thread Object Header: 0xFF12C008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.000001A8 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF1E7B60(7e4b60) Type: 8 Event Object Header: 0xFF1E7B48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E79A0(7e49a0) Type: 10 Mutant Object Header: 0xFF1E7988 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2A3900(513a900) Type: 8 Event Object Header: 0xFF2A38E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12C020(5abe020) Type: 6 Thread Object Header: 0xFF12C008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.000001A8 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF1C2D80(6f7dd80) Type: 8 Event Object Header: 0xFF1C2D68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EB83A0(79093a0) Type: 18 Key Object Header: 0xE1EB8388 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF291280(562c280) Type: 8 Event Object Header: 0xFF291268 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1363300(22dc300) Type: 18 Key Object Header: 0xE13632E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xE1320F20(1a6ef20) Type: 18 Key Object Header: 0xE1320F08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFF1CA3E0(6aab3e0) Type: 8 Event Object Header: 0xFF1CA3C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15C9E0(b149e0) Type: 8 Event Object Header: 0xFF15C9C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16CF30(6f62f30) Type: 10 Mutant Object Header: 0xFF16CF18 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC68730 Name: DBWinMutex SecurityDescriptor: 0xE1ECC258(7207258) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;SY)(A;;0x1f0001;;;BA) OBJECT: 0xFCA25FF0(1042ff0) Type: 8 Event Object Header: 0xFCA25FD8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC68730 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF161740(916740) Type: 8 Event Object Header: 0xFF161728 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF187780(2dd0780) Type: 8 Event Object Header: 0xFF187768 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1BEC380(6548380) Type: 18 Key Object Header: 0xE1BEC368 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1BF2B60(7668b60) Type: 18 Key Object Header: 0xE1BF2B48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF15CAA0(b14aa0) Type: 8 Event Object Header: 0xFF15CA88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD22FE0(133ffe0) Type: 8 Event Object Header: 0xFCD22FC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1BD7660(1b14660) Type: 18 Key Object Header: 0xE1BD7648 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE1F464E0(7bd04e0) Type: 18 Key Object Header: 0xE1F464C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFCC922A0(12af2a0) Type: 8 Event Object Header: 0xFCC92288 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E703A0(5f7e3a0) Type: 18 Key Object Header: 0xE1E70388 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF28D020(58b3020) Type: 8 Event Object Header: 0xFF28D008 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E70320(5f7e320) Type: 18 Key Object Header: 0xE1E70308 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF16ACA0(7bbeca0) Type: 8 Event Object Header: 0xFF16AC88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1FD9BE0(695ebe0) Type: 18 Key Object Header: 0xE1FD9BC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF169DA0(7091da0) Type: 8 Event Object Header: 0xFF169D88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2A2C60(517bc60) Type: 8 Event Object Header: 0xFF2A2C48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EAF7E0(71c97e0) Type: 18 Key Object Header: 0xE1EAF7C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF12C8C0(5abe8c0) Type: 8 Event Object Header: 0xFF12C8A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EAF760(71c9760) Type: 18 Key Object Header: 0xE1EAF748 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF29F100(516d100) Type: 8 Event Object Header: 0xFF29F0E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1BF5AC0(3d8cac0) Type: 18 Key Object Header: 0xE1BF5AA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF1E4DE0(7ebde0) Type: 8 Event Object Header: 0xFF1E4DC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF17DDC0(3082dc0) Type: 10 Mutant Object Header: 0xFF17DDA8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1696C0(70916c0) Type: 8 Event Object Header: 0xFF1696A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12C7E0(5abe7e0) Type: 10 Mutant Object Header: 0xFF12C7C8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1503C0(c953c0) Type: 8 Event Object Header: 0xFF1503A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1603A0(70be3a0) Type: 10 Mutant Object Header: 0xFF160388 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21F0E0(94d0e0) Type: 12 Semaphore Object Header: 0xFF21F0C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C5C00(7b6cc00) Type: 12 Semaphore Object Header: 0xFF1C5BE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF169C60(7091c60) Type: 8 Event Object Header: 0xFF169C48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15AB60(84bb60) Type: 8 Event Object Header: 0xFF15AB48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12A020(6900020) Type: 12 Semaphore Object Header: 0xFF12A008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28E440(57a0440) Type: 12 Semaphore Object Header: 0xFF28E428 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E95D00(683cd00) Type: 18 Key Object Header: 0xE1E95CE8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF2084E0(def4e0) Type: 8 Event Object Header: 0xFF2084C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288630(5891630) Type: 10 Mutant Object Header: 0xFF288618 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC68730 Name: RasPbFile SecurityDescriptor: 0xE1E5D318(59fc318) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF280BC0(5bfebc0) Type: 8 Event Object Header: 0xFF280BA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92DC0(12afdc0) Type: 8 Event Object Header: 0xFCC92DA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15E140(7c1b140) Type: 8 Event Object Header: 0xFF15E128 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CD520(1914520) Type: 12 Semaphore Object Header: 0xFF1CD508 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E8500(5bd500) Type: 12 Semaphore Object Header: 0xFF1E84E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CDB80(1914b80) Type: 8 Event Object Header: 0xFF1CDB68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B628(5cf0628) Type: 26 File Object Header: 0xFF27B610 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF1C3308 (93308) OBJECT: 0xFF1CBE68(ae9e68) Type: 26 File Object Header: 0xFF1CBE50 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF185368 (2ddb368) Unknown2: 0xff185388 OBJECT: 0xFF1D5368(6a89368) Type: 26 File Object Header: 0xFF1D5350 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF159D08(1f1d08) Type: 26 File Object Header: 0xFF159CF0 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF1FCBE8(d0bbe8) Type: 26 File Object Header: 0xFF1FCBD0 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE200D340(be0340) Type: 18 Key Object Header: 0xE200D328 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xE200D300(be0300) Type: 18 Key Object Header: 0xE200D2E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE1EBAFE0(64abfe0) Type: 18 Key Object Header: 0xE1EBAFC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE1EBAFA0(64abfa0) Type: 18 Key Object Header: 0xE1EBAF88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xFF1C2CA0(6f7dca0) Type: 8 Event Object Header: 0xFF1C2C88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BC028(1a8d028) Type: 26 File Object Header: 0xFF1BC010 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF1B8B08 (11cb08) Type: 0xafd4 Process: 0xFF15B020 UMGR32.EXE EndpointLinks: {0xFF169AF8:FF1270B8} AfdTransportAddress: 0xFF279168 (5d1f168) DeviceString: \Device\Tcp OBJECT: 0xFF158968(eb6968) Type: 26 File Object Header: 0xFF158950 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1271E8 (440c1e8) Unknown1: 0x206C644D (1) Unknown2: 0xff22d288 Address Object: 0xFF17DE48 (3082e48) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF15A488:FF2518A8} OBJECT: 0xFF209E20(c59e20) Type: 8 Event Object Header: 0xFF209E08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CABE0(6aabbe0) Type: 12 Semaphore Object Header: 0xFF1CABC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF157B00(c3eb00) Type: 12 Semaphore Object Header: 0xFF157AE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F62380(31e3380) Type: 18 Key Object Header: 0xE1F62368 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASADHLP\ OBJECT: 0xFF1CABA0(6aabba0) Type: 8 Event Object Header: 0xFF1CAB88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CCB60(e1fb60) Type: 5 Process Object Header: 0xFF1CCB48 GrantedAccess: 1f0fff PointerCount: 2 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: dfrws2005.exe OBJECT: 0xFF22D020(7b03020) Type: 6 Thread Object Header: 0xFF22D008 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000310.00000440 ThreadsProcess: 0xFF1CCB60 OBJECT: 0xFF2792E0(5d1f2e0) Type: 6 Thread Object Header: 0xFF2792C8 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.000002A4 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF1E8180(5bd180) Type: 6 Thread Object Header: 0xFF1E8168 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.0000030C ThreadsProcess: 0xFF15B020 OBJECT: 0xE1323080(1a86080) Type: 18 Key Object Header: 0xE1323068 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Rpc\NetBIOS\ OBJECT: 0xFF16F660(1d07660) Type: 6 Thread Object Header: 0xFF16F648 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.00000380 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF1BEB40(5dc2b40) Type: 6 Thread Object Header: 0xFF1BEB28 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.00000464 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF1B9020(76f8020) Type: 6 Thread Object Header: 0xFF1B9008 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.00000408 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF1B6020(5425020) Type: 6 Thread Object Header: 0xFF1B6008 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.000001EC ThreadsProcess: 0xFF15B020 OBJECT: 0xFF265A20(5f0ba20) Type: 6 Thread Object Header: 0xFF265A08 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.000003A8 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF16B240(65d6240) Type: 10 Mutant Object Header: 0xFF16B228 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CC820(e1f820) Type: 8 Event Object Header: 0xFF1CC808 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1BFF440(6dbb440) Type: 18 Key Object Header: 0xE1BFF428 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PERFLIB\ OBJECT: 0xFF1CC6A0(e1f6a0) Type: 8 Event Object Header: 0xFF1CC688 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EED820(704a820) Type: 17 Section Object Header: 0xE1EED808 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: Perflib_Perfdata_29c SecurityDescriptor: 0xE1008B78(15d9b78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;CCLCSWRC;;;BA) Segment: 0xE208A528(1a53528) BasedAddress: 0x096F54C0 SizeOfSegment: 0x4000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\Perflib_Perfdata_29c.dat OBJECT: 0xFF1CF7C8(6827c8) Type: 26 File Object Header: 0xFF1CF7B0 GrantedAccess: 13019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\Perflib_Perfdata_29c.dat OBJECT: 0xFF1784A0(40754a0) Type: 8 Event Object Header: 0xFF178488 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE208F4D0(440a4d0) Type: 19 Port Object Header: 0xE208F4B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 0000029C.000001A8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF271FE0(5eb0fe0) Type: 8 Event Object Header: 0xFF271FC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23DE00(6beae00) Type: 8 Event Object Header: 0xFF23DDE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1320DC0(1a6edc0) Type: 18 Key Object Header: 0xE1320DA8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ContentFilter\Performance\ OBJECT: 0xFF15FD90(7aa0d90) Type: 10 Mutant Object Header: 0xFF15FD78 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: ContentFilter_Perf_Library_Lock_PID_29c SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF23C4B0(6ab14b0) Type: 10 Mutant Object Header: 0xFF23C498 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: ContentIndex_Perf_Library_Lock_PID_29c SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE12EF0E0(19b00e0) Type: 18 Key Object Header: 0xE12EF0C8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ContentIndex\Performance\ OBJECT: 0xFCC6B210(1288210) Type: 10 Mutant Object Header: 0xFCC6B1F8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: Fax_Perf_Library_Lock_PID_29c SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1BFABC0(5d34bc0) Type: 18 Key Object Header: 0xE1BFABA8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Fax\Performance\ OBJECT: 0xE1EDEEA0(9fbea0) Type: 18 Key Object Header: 0xE1EDEE88 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\IAS\Performance\ OBJECT: 0xFF17CD30(2c66d30) Type: 10 Mutant Object Header: 0xFF17CD18 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: IAS_Perf_Library_Lock_PID_29c SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF271F10(5eb0f10) Type: 10 Mutant Object Header: 0xFF271EF8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: ISAPISearch_Perf_Library_Lock_PID_29c SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1D15FE0(4252fe0) Type: 18 Key Object Header: 0xE1D15FC8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ISAPISearch\Performance\ OBJECT: 0xFF22D450(7b03450) Type: 10 Mutant Object Header: 0xFF22D438 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: PerfDisk_Perf_Library_Lock_PID_29c SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1EFC720(6ff9720) Type: 18 Key Object Header: 0xE1EFC708 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PerfDisk\Performance\ OBJECT: 0xFF1FD830(e6a830) Type: 10 Mutant Object Header: 0xFF1FD818 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: PerfNet_Perf_Library_Lock_PID_29c SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1D10FE0(3fcefe0) Type: 18 Key Object Header: 0xE1D10FC8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PerfNet\Performance\ OBJECT: 0xFF1C4630(6758630) Type: 10 Mutant Object Header: 0xFF1C4618 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: PerfOS_Perf_Library_Lock_PID_29c SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1EEE580(6eeb580) Type: 18 Key Object Header: 0xE1EEE568 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PerfOS\Performance\ OBJECT: 0xFF1D7D70(458ad70) Type: 10 Mutant Object Header: 0xFF1D7D58 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: PerfProc_Perf_Library_Lock_PID_29c SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1FD6860(4507860) Type: 18 Key Object Header: 0xE1FD6848 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PerfProc\Performance\ OBJECT: 0xE1E191A0(530f1a0) Type: 18 Key Object Header: 0xE1E19188 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Performance\ OBJECT: 0xFF271C30(5eb0c30) Type: 10 Mutant Object Header: 0xFF271C18 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: RemoteAccess_Perf_Library_Lock_PID_29c SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF15CF30(b14f30) Type: 10 Mutant Object Header: 0xFF15CF18 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: RSVP_Perf_Library_Lock_PID_29c SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1EE51C0(8621c0) Type: 18 Key Object Header: 0xE1EE51A8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\RSVP\Performance\ OBJECT: 0xFF12A8B0(69008b0) Type: 10 Mutant Object Header: 0xFF12A898 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: Spooler_Perf_Library_Lock_PID_29c SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1E9D540(6971540) Type: 18 Key Object Header: 0xE1E9D528 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Spooler\Performance\ OBJECT: 0xFF1480D0(19b40d0) Type: 10 Mutant Object Header: 0xFF1480B8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: TapiSrv_Perf_Library_Lock_PID_29c SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1FAFCA0(4491ca0) Type: 18 Key Object Header: 0xE1FAFC88 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\TapiSrv\Performance\ OBJECT: 0xFF1CE730(af5730) Type: 10 Mutant Object Header: 0xFF1CE718 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: Tcpip_Perf_Library_Lock_PID_29c SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1E9F880(6dd6880) Type: 18 Key Object Header: 0xE1E9F868 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Performance\ OBJECT: 0xFF16B740(65d6740) Type: 6 Thread Object Header: 0xFF16B728 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.00000080 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF1E7340(7e4340) Type: 10 Mutant Object Header: 0xFF1E7328 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1135C0(7caf5c0) Type: 6 Thread Object Header: 0xFF1135A8 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.00000300 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF113340(7caf340) Type: 6 Thread Object Header: 0xFF113328 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.00000484 ThreadsProcess: 0xFF15B020 OBJECT: 0xFF113DA0(7cafda0) Type: 6 Thread Object Header: 0xFF113D88 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000029C.00000278 ThreadsProcess: 0xFF15B020 28. TABLE: 0xFF15E168(7c1b168): Table: 0xE2093000 QuotaProcess: 0xFF191640 ProcessId: 250 HandleCount: 35 CapturedHandleCount: 35 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1C07B30(18adb30) Type: 17 Section Object Header: 0xE1C07B18 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE208D4A8(3e414a8) BasedAddress: 0x09545C30 SizeOfSegment: 0x88000 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\dfrws2005.exe OBJECT: 0xFF21AF40(ac6f40) Type: 8 Event Object Header: 0xFF21AF28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12BCA0(5affca0) Type: 8 Event Object Header: 0xFF12BC88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BAE40(3e35e40) Type: 8 Event Object Header: 0xFF1BAE28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF1B8F88(11cf88) Type: 26 File Object Header: 0xFF1B8F70 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF215FE0(b1ffe0) Type: 8 Event Object Header: 0xFF215FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1EBACB0(64abcb0) Type: 19 Port Object Header: 0xE1EBAC98 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000250.00000134 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF21A5E0(ac65e0) Type: 8 Event Object Header: 0xFF21A5C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation Object Header: 0xFF29A440 GrantedAccess: f016e PointerCount: 28 HandleCount: 17 Directory: 0xFCC663D0 Name: Service-0x0-3e7$ OBJECT: 0xFF298ED8(536eed8) Type: 16 Desktop Object Header: 0xFF298EC0 GrantedAccess: f00cf PointerCount: 344 HandleCount: 10 Directory: 0x00000000 Name: Default OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation Object Header: 0xFF29A440 GrantedAccess: f016e PointerCount: 28 HandleCount: 17 Directory: 0xFCC663D0 Name: Service-0x0-3e7$ OBJECT: 0xE1343E80(1adce80) Type: 18 Key Object Header: 0xE1343E68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF21AD00(ac6d00) Type: 8 Event Object Header: 0xFF21ACE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21C020(c00020) Type: 8 Event Object Header: 0xFF21C008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21D080(bbe080) Type: 8 Event Object Header: 0xFF21D068 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21C740(c00740) Type: 8 Event Object Header: 0xFF21C728 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC95D00(12b2d00) Type: 25 IoCompletion Object Header: 0xFCC95CE8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFCC95D00(12b2d00) Type: 25 IoCompletion Object Header: 0xFCC95CE8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF21D460(bbe460) Type: 8 Event Object Header: 0xFF21D448 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17B980(2dc3980) Type: 6 Thread Object Header: 0xFF17B968 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000250.00000134 ThreadsProcess: 0xFF191640 OBJECT: 0xFF21C8E0(c008e0) Type: 8 Event Object Header: 0xFF21C8C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BD288(f0c288) Type: 26 File Object Header: 0xFF1BD270 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe9 OBJECT: 0xFF1E9488(7f5488) Type: 26 File Object Header: 0xFF1E9470 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF15F120(7aa0120) Type: 8 Event Object Header: 0xFF15F108 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF170CC0(611ecc0) Type: 6 Thread Object Header: 0xFF170CA8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000250.000001E4 ThreadsProcess: 0xFF191640 OBJECT: 0xFF1E6588(766588) Type: 26 File Object Header: 0xFF1E6570 GrantedAccess: 160089 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: Mailslot\hxdef-rk100sB4D1BA5D OBJECT: 0xFF1C4988(6758988) Type: 26 File Object Header: 0xFF1C4970 GrantedAccess: 120196 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Mailslot\hxdef-rk100sB4D1BA5D OBJECT: 0xE1E22A80(54d3a80) Type: 17 Section Object Header: 0xE1E22A68 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: _.-=[DFRWS2005]=-._ SecurityDescriptor: 0xE13283D8(1a913d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1C05EE8(5820ee8) BasedAddress: 0x00000080 SizeOfSegment: 0x10000 OBJECT: 0xFF1CE340(af5340) Type: 8 Event Object Header: 0xFF1CE328 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF158CE0(eb6ce0) Type: 6 Thread Object Header: 0xFF158CC8 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000250.00000290 ThreadsProcess: 0xFF191640 29. TABLE: 0xFF15D528(a0f528): Table: 0xE2095000 QuotaProcess: 0xFF16E3C0 ProcessId: 448 HandleCount: 96 CapturedHandleCount: 96 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1E2B4D0(55144d0) Type: 17 Section Object Header: 0xE1E2B4B8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1BDBCE8(3f68ce8) BasedAddress: 0x095904A8 SizeOfSegment: 0x13000 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\nc.exe OBJECT: 0xFF20D1E0(d141e0) Type: 8 Event Object Header: 0xFF20D1C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC606A0(127d6a0) Type: 8 Event Object Header: 0xFCC60688 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CB260(ae9260) Type: 8 Event Object Header: 0xFF1CB248 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF134B48(3d67b48) Type: 26 File Object Header: 0xFF134B30 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFF1CD8A0(19148a0) Type: 8 Event Object Header: 0xFF1CD888 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E8ABF0(6a73bf0) Type: 19 Port Object Header: 0xE1E8ABD8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000448.0000036C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFF1CE300(af5300) Type: 8 Event Object Header: 0xFF1CE2E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1316420(1a5f420) Type: 18 Key Object Header: 0xE1316408 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF264D60(62d3d60) Type: 6 Thread Object Header: 0xFF264D48 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000448.0000036C ThreadsProcess: 0xFF16E3C0 OBJECT: 0xFF1CE200(af5200) Type: 8 Event Object Header: 0xFF1CE1E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E8F9C0(68869c0) Type: 18 Key Object Header: 0xE1E8F9A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF21AC00(ac6c00) Type: 8 Event Object Header: 0xFF21ABE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EFA980(ab7980) Type: 18 Key Object Header: 0xE1EFA968 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF21A940(ac6940) Type: 8 Event Object Header: 0xFF21A928 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation Object Header: 0xFF29A440 GrantedAccess: f016e PointerCount: 28 HandleCount: 17 Directory: 0xFCC663D0 Name: Service-0x0-3e7$ OBJECT: 0xFF298ED8(536eed8) Type: 16 Desktop Object Header: 0xFF298EC0 GrantedAccess: f00cf PointerCount: 344 HandleCount: 10 Directory: 0x00000000 Name: Default OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation Object Header: 0xFF29A440 GrantedAccess: f016e PointerCount: 28 HandleCount: 17 Directory: 0xFCC663D0 Name: Service-0x0-3e7$ OBJECT: 0xFF15F160(7aa0160) Type: 8 Event Object Header: 0xFF15F148 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCE12920(142f920) Type: 8 Event Object Header: 0xFCE12908 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BF760(1a52760) Type: 8 Event Object Header: 0xFF1BF748 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EBE20(3e43e20) Type: 25 IoCompletion Object Header: 0xFF1EBE08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF1EBE20(3e43e20) Type: 25 IoCompletion Object Header: 0xFF1EBE08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF1C5E00(7b6ce00) Type: 8 Event Object Header: 0xFF1C5DE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF264D60(62d3d60) Type: 6 Thread Object Header: 0xFF264D48 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000448.0000036C ThreadsProcess: 0xFF16E3C0 OBJECT: 0xFF15D620(a0f620) Type: 8 Event Object Header: 0xFF15D608 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C42C0(67582c0) Type: 8 Event Object Header: 0xFF1C42A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D2D80(6755d80) Type: 12 Semaphore Object Header: 0xFF1D2D68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12C720(5abe720) Type: 12 Semaphore Object Header: 0xFF12C708 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC78020(1295020) Type: 8 Event Object Header: 0xFCC78008 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23F960(6d42960) Type: 8 Event Object Header: 0xFF23F948 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FC7C0(d0b7c0) Type: 12 Semaphore Object Header: 0xFF1FC7A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF158CA0(eb6ca0) Type: 12 Semaphore Object Header: 0xFF158C88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EC4F60(7c4ff60) Type: 18 Key Object Header: 0xE1EC4F48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASADHLP\ OBJECT: 0xFF27B940(5cf0940) Type: 8 Event Object Header: 0xFF27B928 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1592A0(1f12a0) Type: 8 Event Object Header: 0xFF159288 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6D20(2898d20) Type: 8 Event Object Header: 0xFF1C6D08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFCA25FF0(1042ff0) Type: 8 Event Object Header: 0xFCA25FD8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC68730 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF186680(2daf680) Type: 8 Event Object Header: 0xFF186668 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C6CA0(2898ca0) Type: 8 Event Object Header: 0xFF1C6C88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12C3020(190f020) Type: 18 Key Object Header: 0xE12C3008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1F13880(b1d880) Type: 18 Key Object Header: 0xE1F13868 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1C30E0(930e0) Type: 8 Event Object Header: 0xFF1C30C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C2020(6f7d020) Type: 8 Event Object Header: 0xFF1C2008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1C07C60(18adc60) Type: 18 Key Object Header: 0xE1C07C48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE1EE8220(8c5220) Type: 18 Key Object Header: 0xE1EE8208 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1C20A0(6f7d0a0) Type: 8 Event Object Header: 0xFF1C2088 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E65080(5cb8080) Type: 18 Key Object Header: 0xE1E65068 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF234E00(6c5de00) Type: 8 Event Object Header: 0xFF234DE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F16600(f53600) Type: 18 Key Object Header: 0xE1F165E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF234D80(6c5dd80) Type: 8 Event Object Header: 0xFF234D68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E5D020(59fc020) Type: 18 Key Object Header: 0xE1E5D008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1C1440(7bfc440) Type: 8 Event Object Header: 0xFF1C1428 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C13C0(7bfc3c0) Type: 8 Event Object Header: 0xFF1C13A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F07480(bf5480) Type: 18 Key Object Header: 0xE1F07468 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1E57C0(3f077c0) Type: 8 Event Object Header: 0xFF1E57A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2090560(d3c560) Type: 18 Key Object Header: 0xE2090548 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1E5740(3f07740) Type: 8 Event Object Header: 0xFF1E5728 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE20904E0(d3c4e0) Type: 18 Key Object Header: 0xE20904C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF1E56C0(3f076c0) Type: 8 Event Object Header: 0xFF1E56A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE1DDD940(5138940) Type: 18 Key Object Header: 0xE1DDD928 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF186640(2daf640) Type: 10 Mutant Object Header: 0xFF186628 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF186600(2daf600) Type: 8 Event Object Header: 0xFF1865E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1865C0(2daf5c0) Type: 10 Mutant Object Header: 0xFF1865A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE100DDC0(1610dc0) Type: 18 Key Object Header: 0xE100DDA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xFF1BAFE0(3e35fe0) Type: 8 Event Object Header: 0xFF1BAFC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BAFA0(3e35fa0) Type: 10 Mutant Object Header: 0xFF1BAF88 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BAF60(3e35f60) Type: 12 Semaphore Object Header: 0xFF1BAF48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BAF20(3e35f20) Type: 12 Semaphore Object Header: 0xFF1BAF08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EE5780(862780) Type: 18 Key Object Header: 0xE1EE5768 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF1BAEE0(3e35ee0) Type: 8 Event Object Header: 0xFF1BAEC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288630(5891630) Type: 10 Mutant Object Header: 0xFF288618 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC68730 Name: RasPbFile SecurityDescriptor: 0xE1E5D318(59fc318) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF12BC60(5affc60) Type: 8 Event Object Header: 0xFF12BC48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12BC20(5affc20) Type: 8 Event Object Header: 0xFF12BC08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12BBE0(5affbe0) Type: 8 Event Object Header: 0xFF12BBC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12BBA0(5affba0) Type: 12 Semaphore Object Header: 0xFF12BB88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12BB60(5affb60) Type: 12 Semaphore Object Header: 0xFF12BB48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12BB20(5affb20) Type: 8 Event Object Header: 0xFF12BB08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF188A88(2d15a88) Type: 26 File Object Header: 0xFF188A70 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF125008 (250e008) Unknown1: 0x00000010 (1) Unknown2: 0x6040001 OBJECT: 0xFF2186C8(b186c8) Type: 26 File Object Header: 0xFF2186B0 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF125188 (250e188) Unknown2: 0xff2895a8 OBJECT: 0xFF1FC6E8(d0b6e8) Type: 26 File Object Header: 0xFF1FC6D0 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF125108(250e108) Type: 26 File Object Header: 0xFF1250F0 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF15BE68(95fe68) Type: 26 File Object Header: 0xFF15BE50 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE1DDD900(5138900) Type: 18 Key Object Header: 0xE1DDD8E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xE1DDD8C0(51388c0) Type: 18 Key Object Header: 0xE1DDD8A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE1DDD880(5138880) Type: 18 Key Object Header: 0xE1DDD868 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE1DDD840(5138840) Type: 18 Key Object Header: 0xE1DDD828 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xFF1250C0(250e0c0) Type: 8 Event Object Header: 0xFF1250A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15BD88(95fd88) Type: 26 File Object Header: 0xFF15BD70 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF127008 (440c008) Type: 0xafd4 Process: 0xFF16E3C0 nc.exe EndpointLinks: {0xFF1B8BB8:F80001E8} AfdTransportAddress: 0xFF279168 (5d1f168) DeviceString: \Device\Tcp OBJECT: 0xFF127168(440c168) Type: 26 File Object Header: 0xFF127150 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF15BD28 (95fd28) Unknown1: 0x61746F51 (1) Unknown2: 0x1900000 Address Object: 0xFF16B008 (65d6008) Local Address: 0x0:b80b 0.0.0.0:3000 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1C4128:FF1C4128} 30. TABLE: 0xFF242148(697f148): Table: 0xE2088000 QuotaProcess: 0xFF144020 ProcessId: 144 HandleCount: 212 CapturedHandleCount: 212 TableLevel: 2 StrictFIFO: No OBJECT: 0xE20FF2B0(42842b0) Type: 17 Section Object Header: 0xE20FF298 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE20C25E8(2bf05e8) BasedAddress: 0x0A0E2CB8 SizeOfSegment: 0x26b000 SecurityDescriptor: (null) Path: CdRom0\helix.exe OBJECT: 0xFCC61520(127e520) Type: 8 Event Object Header: 0xFCC61508 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E4900(7eb900) Type: 8 Event Object Header: 0xFF1E48E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF253E60(65f0e60) Type: 8 Event Object Header: 0xFF253E48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF0BB180(7b63180) Type: 8 Event Object Header: 0xFF0BB168 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFF0DC1A0(44ca1a0) Type: 8 Event Object Header: 0xFF0DC188 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE21D79D0(609e9d0) Type: 19 Port Object Header: 0xE21D79B8 GrantedAccess: 1f0001 PointerCount: 11 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000144.00000378 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFF0FAA60(2186a60) Type: 8 Event Object Header: 0xFF0FAA48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF11B860(2c79860) Type: 8 Event Object Header: 0xFF11B848 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xE20165A0(c6f5a0) Type: 18 Key Object Header: 0xE2016588 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE21CC140(75f140) Type: 18 Key Object Header: 0xE21CC128 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xE21D09E0(2e509e0) Type: 18 Key Object Header: 0xE21D09C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE2044660(6750660) Type: 18 Key Object Header: 0xE2044648 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF1267E0(250d7e0) Type: 8 Event Object Header: 0xFF1267C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14F6E0(ec26e0) Type: 8 Event Object Header: 0xFF14F6C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1C0DC20(35dc20) Type: 18 Key Object Header: 0xE1C0DC08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFF0FD260(608b260) Type: 8 Event Object Header: 0xFF0FD248 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF116200(1e8e200) Type: 8 Event Object Header: 0xFF1161E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE21D1EA0(2d51ea0) Type: 18 Key Object Header: 0xE21D1E88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFF0E3680(733a680) Type: 8 Event Object Header: 0xFF0E3668 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0E3640(733a640) Type: 8 Event Object Header: 0xFF0E3628 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF0E28E0(4fd38e0) Type: 8 Event Object Header: 0xFF0E28C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0E28A0(4fd38a0) Type: 8 Event Object Header: 0xFF0E2888 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE21D7E20(609ee20) Type: 18 Key Object Header: 0xE21D7E08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE21D5740(2379740) Type: 18 Key Object Header: 0xE21D5728 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF0DEC80(523cc80) Type: 8 Event Object Header: 0xFF0DEC68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE213E960(6745960) Type: 18 Key Object Header: 0xE213E948 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\ OBJECT: 0xFCD7E2E8(139b2e8) Type: 26 File Object Header: 0xFCD7E2D0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF11F5E0(25ad5e0) Type: 8 Event Object Header: 0xFF11F5C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD628A0(137f8a0) Type: 8 Event Object Header: 0xFCD62888 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25ED30(6397d30) Type: 8 Event Object Header: 0xFF25ED18 GrantedAccess: 100002 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: GuardEventmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D30A58(42cba58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xFF25ED70(6397d70) Type: 10 Mutant Object Header: 0xFF25ED58 GrantedAccess: 100000 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: GuardMutexmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D31CB8(42edcb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x100000;;;WD) OBJECT: 0xFF25ECD0(6397cd0) Type: 12 Semaphore Object Header: 0xFF25ECB8 GrantedAccess: 100002 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: GuardSemmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D30A58(42cba58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xE1D30A00(42cba00) Type: 17 Section Object Header: 0xE1D309E8 GrantedAccess: 4 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: mmGlobalPnpInfo SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E78748(6449748) BasedAddress: 0x00000080 SizeOfSegment: 0x40000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE13A5300(2a31300) Type: 17 Section Object Header: 0xE13A52E8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC68730 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE136EFC0(27a7fc0) Type: 17 Section Object Header: 0xE136EFA8 GrantedAccess: 6 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: WDMAUD_Callbacks SecurityDescriptor: 0xE1E5D3B8(59fc3b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;DCLC;;;WD) Segment: 0xE1E7DC48(6857c48) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF24BC50(66eac50) Type: 10 Mutant Object Header: 0xFF24BC38 GrantedAccess: 100000 PointerCount: 9 HandleCount: 8 Directory: 0xFCC68730 Name: mxrapi SecurityDescriptor: 0xE1EC0298(7a1f298) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xFF1B7248(6e2248) Type: 26 File Object Header: 0xFF1B7230 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000001\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFF24B830(66ea830) Type: 8 Event Object Header: 0xFF24B818 GrantedAccess: 100002 PointerCount: 9 HandleCount: 4 Directory: 0xFCC68730 Name: mixercallback SecurityDescriptor: 0xE1340458(1ac8458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xFF24BC50(66eac50) Type: 10 Mutant Object Header: 0xFF24BC38 GrantedAccess: 100000 PointerCount: 9 HandleCount: 8 Directory: 0xFCC68730 Name: mxrapi SecurityDescriptor: 0xE1EC0298(7a1f298) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xFF2329F0(70d39f0) Type: 8 Event Object Header: 0xFF2329D8 GrantedAccess: 100002 PointerCount: 10 HandleCount: 4 Directory: 0xFCC68730 Name: hardwaremixercallback SecurityDescriptor: 0xE1340458(1ac8458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xFF0C13C0(40723c0) Type: 6 Thread Object Header: 0xFF0C13A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000003E4 ThreadsProcess: 0xFF144020 OBJECT: 0xFF0CC980(4680980) Type: 8 Event Object Header: 0xFF0CC968 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1071A0(1e421a0) Type: 10 Mutant Object Header: 0xFF107188 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16C420(6f62420) Type: 10 Mutant Object Header: 0xFF16C408 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0DD7C0(e627c0) Type: 8 Event Object Header: 0xFF0DD7A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF253D60(65f0d60) Type: 8 Event Object Header: 0xFF253D48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0DD780(e62780) Type: 8 Event Object Header: 0xFF0DD768 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC8E560(12ab560) Type: 8 Event Object Header: 0xFCC8E548 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13257C0(1a8a7c0) Type: 17 Section Object Header: 0xE13257A8 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: DirectSound Administrator shared thread array SecurityDescriptor: 0xE1E541F8(588c1f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE12AAD68(18cbd68) BasedAddress: 0x00000080 SizeOfSegment: 0x5000 OBJECT: 0xFF0D38E0(298c8e0) Type: 8 Event Object Header: 0xFF0D38C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0D38A0(298c8a0) Type: 8 Event Object Header: 0xFF0D3888 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18DAA0(2525aa0) Type: 8 Event Object Header: 0xFF18DA88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0E8DE0(1916de0) Type: 8 Event Object Header: 0xFF0E8DC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1170E0(2210e0) Type: 8 Event Object Header: 0xFF1170C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0FD860(608b860) Type: 8 Event Object Header: 0xFF0FD848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF156360(ca1360) Type: 8 Event Object Header: 0xFF156348 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF102D40(54abd40) Type: 25 IoCompletion Object Header: 0xFF102D28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF102D40(54abd40) Type: 25 IoCompletion Object Header: 0xFF102D28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF10BE00(464de00) Type: 8 Event Object Header: 0xFF10BDE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C06E0(e6e6e0) Type: 6 Thread Object Header: 0xFF1C06C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000378 ThreadsProcess: 0xFF144020 OBJECT: 0xFF1D63E0(58a03e0) Type: 8 Event Object Header: 0xFF1D63C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E6440(766440) Type: 8 Event Object Header: 0xFF1E6428 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FC150(d0b150) Type: 10 Mutant Object Header: 0xFF1FC138 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: DirectSound Administrator shared thread array (lock) SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE1DCEE40(5202e40) Type: 18 Key Object Header: 0xE1DCEE28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\SYSTEM\CurrentControlSet\Enum\PCI\VEN_8086&DEV_2445&SUBSYS_80E0104D&REV_03\3&61AAA01&0&FD\ OBJECT: 0xFF140C20(4faec20) Type: 8 Event Object Header: 0xFF140C08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CB6E0(ae96e0) Type: 8 Event Object Header: 0xFF1CB6C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF198900(19d1900) Type: 8 Event Object Header: 0xFF1988E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0E8DA0(1916da0) Type: 8 Event Object Header: 0xFF0E8D88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF143020(61d020) Type: 8 Event Object Header: 0xFF143008 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18D820(2525820) Type: 8 Event Object Header: 0xFF18D808 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF11B468(2c79468) Type: 26 File Object Header: 0xFF11B450 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000002\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFF113B60(7cafb60) Type: 8 Event Object Header: 0xFF113B48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0E5400(29cc400) Type: 8 Event Object Header: 0xFF0E53E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0EB9A0(6e7a9a0) Type: 8 Event Object Header: 0xFF0EB988 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0E5440(29cc440) Type: 8 Event Object Header: 0xFF0E5428 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0EB9E0(6e7a9e0) Type: 8 Event Object Header: 0xFF0EB9C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14FC80(ec2c80) Type: 8 Event Object Header: 0xFF14FC68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DC500(3f19500) Type: 8 Event Object Header: 0xFF1DC4E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CE840(af5840) Type: 8 Event Object Header: 0xFF1CE828 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C7D60(597d60) Type: 8 Event Object Header: 0xFF1C7D48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF114C40(21c1c40) Type: 8 Event Object Header: 0xFF114C28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1323C0(72bf3c0) Type: 8 Event Object Header: 0xFF1323A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1092C0(6f3b2c0) Type: 8 Event Object Header: 0xFF1092A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF148080(19b4080) Type: 8 Event Object Header: 0xFF148068 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF210460(b12460) Type: 8 Event Object Header: 0xFF210448 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2069A0(daa9a0) Type: 8 Event Object Header: 0xFF206988 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF158360(eb6360) Type: 8 Event Object Header: 0xFF158348 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF178460(4075460) Type: 8 Event Object Header: 0xFF178448 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF119960(dcc960) Type: 8 Event Object Header: 0xFF119948 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF11A0E0(2cc10e0) Type: 8 Event Object Header: 0xFF11A0C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14EF20(dbef20) Type: 8 Event Object Header: 0xFF14EF08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF151520(c4f520) Type: 8 Event Object Header: 0xFF151508 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CA0E0(6aab0e0) Type: 8 Event Object Header: 0xFF1CA0C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC61660(127e660) Type: 8 Event Object Header: 0xFCC61648 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1BF680(1a52680) Type: 8 Event Object Header: 0xFF1BF668 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF158920(eb6920) Type: 8 Event Object Header: 0xFF158908 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF107CA0(1e42ca0) Type: 8 Event Object Header: 0xFF107C88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD1EA00(133ba00) Type: 8 Event Object Header: 0xFCD1E9E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1154E0(3e374e0) Type: 8 Event Object Header: 0xFF1154C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1193E0(dcc3e0) Type: 8 Event Object Header: 0xFF1193C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0E3100(733a100) Type: 8 Event Object Header: 0xFF0E30E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF256B40(656db40) Type: 8 Event Object Header: 0xFF256B28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21E920(9fd920) Type: 8 Event Object Header: 0xFF21E908 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16AF40(7bbef40) Type: 8 Event Object Header: 0xFF16AF28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28B1C0(579d1c0) Type: 8 Event Object Header: 0xFF28B1A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15B3C0(95f3c0) Type: 8 Event Object Header: 0xFF15B3A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF135360(3c28360) Type: 8 Event Object Header: 0xFF135348 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0FB840(7cb6840) Type: 8 Event Object Header: 0xFF0FB828 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14B9E0(1f69e0) Type: 8 Event Object Header: 0xFF14B9C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF102640(54ab640) Type: 8 Event Object Header: 0xFF102628 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF100560(6078560) Type: 8 Event Object Header: 0xFF100548 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0F29A0(71399a0) Type: 8 Event Object Header: 0xFF0F2988 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF11AFE0(2cc1fe0) Type: 8 Event Object Header: 0xFF11AFC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0FA020(2186020) Type: 8 Event Object Header: 0xFF0FA008 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF215400(b1f400) Type: 8 Event Object Header: 0xFF2153E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232020(70d3020) Type: 8 Event Object Header: 0xFF232008 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21E6A0(9fd6a0) Type: 8 Event Object Header: 0xFF21E688 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27A3A0(5cde3a0) Type: 8 Event Object Header: 0xFF27A388 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0EE220(5900220) Type: 8 Event Object Header: 0xFF0EE208 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF259A40(664aa40) Type: 8 Event Object Header: 0xFF259A28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1438E0(61d8e0) Type: 8 Event Object Header: 0xFF1438C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0BA640(5a34640) Type: 6 Thread Object Header: 0xFF0BA628 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000328 ThreadsProcess: 0xFF144020 OBJECT: 0xFF151590(c4f590) Type: 10 Mutant Object Header: 0xFF151578 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: DirectSound Administrator capture focus array (lock) SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE1E94BC0(697abc0) Type: 18 Key Object Header: 0xE1E94BA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\SYSTEM\CurrentControlSet\Enum\PCI\VEN_8086&DEV_2445&SUBSYS_80E0104D&REV_03\3&61AAA01&0&FD\DirectSound\ OBJECT: 0xFF15EEC8(7c1bec8) Type: 26 File Object Header: 0xFF15EEB0 GrantedAccess: 120116 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000002{146F1A80-4791-11D0-A5D6-28DB04C10000}\暠᪇拎ᇏ횥섄 OBJECT: 0xE2046F40(8e0f40) Type: 17 Section Object Header: 0xE2046F28 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC68730 Name: DirectSound Administrator capture focus array SecurityDescriptor: 0xE1E541F8(588c1f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1309C48(1a32c48) BasedAddress: 0x00000080 SizeOfSegment: 0x4000 OBJECT: 0xFF258E60(652be60) Type: 8 Event Object Header: 0xFF258E48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF10AB40(462cb40) Type: 8 Event Object Header: 0xFF10AB28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0D94A0(2d8e4a0) Type: 6 Thread Object Header: 0xFF0D9488 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000128 ThreadsProcess: 0xFF144020 OBJECT: 0xFF16C460(6f62460) Type: 8 Event Object Header: 0xFF16C448 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C8E68(3e08e68) Type: 26 File Object Header: 0xFF1C8E50 GrantedAccess: 120116 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000002{146F1A80-4791-11D0-A5D6-28DB04C10000}\暠᪇拎ᇏ횥섄 OBJECT: 0xFF0FB1E0(7cb61e0) Type: 6 Thread Object Header: 0xFF0FB1C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000002A8 ThreadsProcess: 0xFF144020 OBJECT: 0xFF0E7280(225d280) Type: 6 Thread Object Header: 0xFF0E7268 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000338 ThreadsProcess: 0xFF144020 OBJECT: 0xFF0D18E0(1f218e0) Type: 8 Event Object Header: 0xFF0D18C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2726F0(5f256f0) Type: 12 Semaphore Object Header: 0xFF2726D8 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 6 Directory: 0xFCC68730 Name: shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16E760(625d760) Type: 8 Event Object Header: 0xFF16E748 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DD650(3d92650) Type: 12 Semaphore Object Header: 0xFF1DD638 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 5 Directory: 0xFCC68730 Name: shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF0F0B20(737db20) Type: 8 Event Object Header: 0xFF0F0B08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C9380(2965380) Type: 8 Event Object Header: 0xFF1C9368 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE138EFE0(293dfe0) Type: 18 Key Object Header: 0xE138EFC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xE1D3C320(4372320) Type: 18 Key Object Header: 0xE1D3C308 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF1CBDA0(ae9da0) Type: 8 Event Object Header: 0xFF1CBD88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0D3960(298c960) Type: 8 Event Object Header: 0xFF0D3948 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE21CF520(236a520) Type: 18 Key Object Header: 0xE21CF508 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE12F5960(19d2960) Type: 18 Key Object Header: 0xE12F5948 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF18DD00(2525d00) Type: 8 Event Object Header: 0xFF18DCE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE132F1C0(1a7b1c0) Type: 18 Key Object Header: 0xE132F1A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF10BD80(464dd80) Type: 8 Event Object Header: 0xFF10BD68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E017E0(51b47e0) Type: 18 Key Object Header: 0xE1E017C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF12B360(5aff360) Type: 8 Event Object Header: 0xFF12B348 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE20E3DE0(2acede0) Type: 18 Key Object Header: 0xE20E3DC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF10C740(60a6740) Type: 8 Event Object Header: 0xFF10C728 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0E4BC0(6352bc0) Type: 8 Event Object Header: 0xFF0E4BA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D2E680(42e6680) Type: 18 Key Object Header: 0xE1D2E668 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF0D8220(5227220) Type: 8 Event Object Header: 0xFF0D8208 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F18E00(f36e00) Type: 18 Key Object Header: 0xE1F18DE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF12C840(5abe840) Type: 8 Event Object Header: 0xFF12C828 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E97A00(6ac1a00) Type: 18 Key Object Header: 0xE1E979E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF1E48C0(7eb8c0) Type: 8 Event Object Header: 0xFF1E48A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section Object Header: 0xE1E5D588 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC68730 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF0ED1E0(58bf1e0) Type: 8 Event Object Header: 0xFF0ED1C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2136C30(716fc30) Type: 19 Port Object Header: 0xE2136C18 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000144.00000378 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE201A040(d21040) Type: 19 Port Object Header: 0xE201A028 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCC93030 Name: OLE17 SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000144.00000378 ClientThread: 0x00000000 ServerProcess: 0xFF144020 OBJECT: 0xFF1B3B10(b56b10) Type: 12 Semaphore Object Header: 0xFF1B3AF8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC68730 Name: shell.{090851A5-EB96-11D2-8BE4-00C04FA31A66} SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1353A8(3c283a8) Type: 26 File Object Header: 0xFF135390 GrantedAccess: 120089 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0\AutoPlay\Audio\High1.ogg OBJECT: 0xFF24A380(6869380) Type: 10 Mutant Object Header: 0xFF24A368 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2361E8(6b6b1e8) Type: 26 File Object Header: 0xFF2361D0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0\AutoPlay\Images OBJECT: 0xFF141360(59cd360) Type: 8 Event Object Header: 0xFF141348 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1443A8(3063a8) Type: 26 File Object Header: 0xFF144390 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0\ OBJECT: 0xFCD25220(1342220) Type: 8 Event Object Header: 0xFCD25208 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14D768(caa768) Type: 26 File Object Header: 0xFF14D750 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0\AutoPlay\Images OBJECT: 0xFF16E720(625d720) Type: 8 Event Object Header: 0xFF16E708 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0F9BE0(3e0abe0) Type: 8 Event Object Header: 0xFF0F9BC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1C06E0(e6e6e0) Type: 6 Thread Object Header: 0xFF1C06C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000378 ThreadsProcess: 0xFF144020 OBJECT: 0xFF0F0E00(737de00) Type: 8 Event Object Header: 0xFF0F0DE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF126688(250d688) Type: 26 File Object Header: 0xFF126670 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: Netbios OBJECT: 0xFF0F9960(3e0a960) Type: 12 Semaphore Object Header: 0xFF0F9948 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0D3D40(298cd40) Type: 8 Event Object Header: 0xFF0D3D28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1071E0(1e421e0) Type: 12 Semaphore Object Header: 0xFF1071C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF141980(59cd980) Type: 8 Event Object Header: 0xFF141968 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14A5E0(d0c5e0) Type: 12 Semaphore Object Header: 0xFF14A5C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0D3D80(298cd80) Type: 12 Semaphore Object Header: 0xFF0D3D68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12EA760(197a760) Type: 18 Key Object Header: 0xE12EA748 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASADHLP\ OBJECT: 0xFF1018A0(61d28a0) Type: 8 Event Object Header: 0xFF101888 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF133020(2b40020) Type: 8 Event Object Header: 0xFF133008 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0E10E0(40a70e0) Type: 6 Thread Object Header: 0xFF0E10C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000046C.00000444 ThreadsProcess: 0xFF0E4D60 OBJECT: 0xFF0D31E0(298c1e0) Type: 8 Event Object Header: 0xFF0D31C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0E3B40(733ab40) Type: 6 Thread Object Header: 0xFF0E3B28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.00000470 ThreadsProcess: 0xFF144020 OBJECT: 0xE12D2920(1961920) Type: 18 Key Object Header: 0xE12D2908 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF252AE0(6551ae0) Type: 8 Event Object Header: 0xFF252AC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF114180(21c1180) Type: 6 Thread Object Header: 0xFF114168 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000458.0000024C ThreadsProcess: 0xFF119020 OBJECT: 0xFF120CC0(7acecc0) Type: 8 Event Object Header: 0xFF120CA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EAF690(71c9690) Type: 19 Port Object Header: 0xE1EAF678 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000144.000003D0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF0F78C0(24b58c0) Type: 6 Thread Object Header: 0xFF0F78A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000144.000003D4 ThreadsProcess: 0xFF144020 OBJECT: 0xFF2A0080(5179080) Type: 8 Event Object Header: 0xFF2A0068 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2A00C0(51790c0) Type: 8 Event Object Header: 0xFF2A00A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF29F020(516d020) Type: 8 Event Object Header: 0xFF29F008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 31. TABLE: 0xFF1EA688(294e688): Table: 0xE2118000 QuotaProcess: 0xFF0E4D60 ProcessId: 46c HandleCount: 22 CapturedHandleCount: 22 TableLevel: 2 StrictFIFO: No OBJECT: 0xE21B8FD0(5c55fd0) Type: 17 Section Object Header: 0xE21B8FB8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE21D69E8(1bdc9e8) BasedAddress: 0x087FAC20 SizeOfSegment: 0x48000 SecurityDescriptor: (null) Path: CdRom0\Shells\cmd2k.exe OBJECT: 0xFF1D5820(6a89820) Type: 8 Event Object Header: 0xFF1D5808 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0E8480(1916480) Type: 8 Event Object Header: 0xFF0E8468 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230460(72d2460) Type: 8 Event Object Header: 0xFF230448 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF142E68(5a6fe68) Type: 26 File Object Header: 0xFF142E50 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0\Shells OBJECT: 0xFF0DB5E0(1d525e0) Type: 8 Event Object Header: 0xFF0DB5C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1D45D50(443ad50) Type: 19 Port Object Header: 0xE1D45D38 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 0000046C.00000444 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFF143F20(61df20) Type: 8 Event Object Header: 0xFF143F08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF0D6620(3236620) Type: 8 Event Object Header: 0xFF0D6608 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xE1EA0780(6c61780) Type: 18 Key Object Header: 0xE1EA0768 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF1586C0(eb66c0) Type: 8 Event Object Header: 0xFF1586A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12D0F00(193df00) Type: 18 Key Object Header: 0xE12D0EE8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\ OBJECT: 0xE1E01DE0(51b4de0) Type: 18 Key Object Header: 0xE1E01DC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE1F36E00(784e00) Type: 18 Key Object Header: 0xE1F36DE8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\ OBJECT: 0xE1E93800(68f8800) Type: 18 Key Object Header: 0xE1E937E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\ 32. TABLE: 0xFF251008(65f2008): Table: 0xE1E53000 QuotaProcess: 0xFF119020 ProcessId: 458 HandleCount: 23 CapturedHandleCount: 23 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1E1F670(540d670) Type: 17 Section Object Header: 0xE1E1F658 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE21D69E8(1bdc9e8) BasedAddress: 0x087FAC20 SizeOfSegment: 0x48000 SecurityDescriptor: (null) Path: CdRom0\Shells\cmd2k.exe OBJECT: 0xFF0E8FE0(1916fe0) Type: 8 Event Object Header: 0xFF0E8FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0E84C0(19164c0) Type: 8 Event Object Header: 0xFF0E84A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF0CCC80(4680c80) Type: 8 Event Object Header: 0xFF0CCC68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFCD79028(1396028) Type: 26 File Object Header: 0xFCD79010 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0\Shells OBJECT: 0xFF14D3C0(caa3c0) Type: 8 Event Object Header: 0xFF14D3A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1EED630(704a630) Type: 19 Port Object Header: 0xE1EED618 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000458.0000024C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFF0F0860(737d860) Type: 8 Event Object Header: 0xFF0F0848 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF10A900(462c900) Type: 8 Event Object Header: 0xFF10A8E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 3 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xE12A1EE0(18c4ee0) Type: 18 Key Object Header: 0xE12A1EC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF0E7DE0(225dde0) Type: 8 Event Object Header: 0xFF0E7DC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D54EC0(4ef2ec0) Type: 18 Key Object Header: 0xE1D54EA8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\ OBJECT: 0xE1FE0760(5604760) Type: 18 Key Object Header: 0xE1FE0748 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE12DEAA0(1968aa0) Type: 18 Key Object Header: 0xE12DEA88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\ OBJECT: 0xE12E3D60(197ed60) Type: 18 Key Object Header: 0xE12E3D48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\ OBJECT: 0xFF0DAD60(414dd60) Type: 5 Process Object Header: 0xFF0DAD48 GrantedAccess: 1f0fff PointerCount: 10 HandleCount: 3 SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: dd.exe 33. TABLE: 0xFF158708(eb6708): Table: 0xE20F8000 QuotaProcess: 0xFF0DAD60 ProcessId: 11c HandleCount: 27 CapturedHandleCount: 27 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12E19D0(19719d0) Type: 17 Section Object Header: 0xE12E19B8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE21396E8(23d26e8) BasedAddress: 0x0A3A8C20 SizeOfSegment: 0xe000 SecurityDescriptor: (null) Path: CdRom0\Acquisition\FAU\dd.exe OBJECT: 0xFF270FE0(6069fe0) Type: 8 Event Object Header: 0xFF270FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD25120(1342120) Type: 8 Event Object Header: 0xFCD25108 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25D120(639b120) Type: 8 Event Object Header: 0xFF25D108 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC92EB0(12afeb0) Type: 2 Directory Object Header: 0xFCC92E98 GrantedAccess: 3 PointerCount: 58 HandleCount: 31 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE13881B8(28e61b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF243808(6985808) Type: 26 File Object Header: 0xFF2437F0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0\Shells OBJECT: 0xFCCB1690(12ce690) Type: 2 Directory Object Header: 0xFCCB1678 GrantedAccess: f000f PointerCount: 34 HandleCount: 30 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D134D8(425c4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFF1D2280(6755280) Type: 8 Event Object Header: 0xFF1D2268 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1FB32F0(2e042f0) Type: 19 Port Object Header: 0xE1FB32D8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 0000011C.000003D0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC68540(1285540) Type: 10 Mutant Object Header: 0xFCC68528 GrantedAccess: 1 PointerCount: 32 HandleCount: 31 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE130E150(1a37150) Type: 17 Section Object Header: 0xE130E138 GrantedAccess: f001f PointerCount: 30 HandleCount: 29 SecurityDescriptor: (null) Segment: 0xE1D10648(3fce648) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF148E40(19b4e40) Type: 8 Event Object Header: 0xFF148E28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF10A900(462c900) Type: 8 Event Object Header: 0xFF10A8E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 3 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF193D60(206bd60) Type: 8 Event Object Header: 0xFF193D48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation Object Header: 0xFCA255C0 GrantedAccess: f037f PointerCount: 66 HandleCount: 43 Directory: 0xFCC663D0 Name: WinSta0 OBJECT: 0xFF29E9F8(52099f8) Type: 16 Desktop Object Header: 0xFF29E9E0 GrantedAccess: f01ff PointerCount: 1015 HandleCount: 27 Directory: 0x00000000 Name: Default OBJECT: 0xE12AD660(19ed660) Type: 18 Key Object Header: 0xE12AD648 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFCC68730(1285730) Type: 2 Directory Object Header: 0xFCC68718 GrantedAccess: 2000f PointerCount: 210 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D31618(42ed618) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xE1344720(1add720) Type: 18 Key Object Header: 0xE1344708 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\ OBJECT: 0xE21DD800(751b800) Type: 18 Key Object Header: 0xE21DD7E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\ OBJECT: 0xE12BC1E0(18ef1e0) Type: 18 Key Object Header: 0xE12BC1C8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\ OBJECT: 0xFF1598E8(1f18e8) Type: 26 File Object Header: 0xFF1598D0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) Path: HarddiskVolume4\intrusion2005\audit.log OBJECT: 0xFF1598E8(1f18e8) Type: 26 File Object Header: 0xFF1598D0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) Path: HarddiskVolume4\intrusion2005\audit.log OBJECT: 0xE10010E0(159b0e0) Type: 17 Section Object Header: 0xE10010C8 GrantedAccess: 4 PointerCount: 3 HandleCount: 1 Directory: 0xFCDFD570 Name: PhysicalMemory SecurityDescriptor: 0xE1008B78(15d9b78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;CCLCSWRC;;;BA) Segment: 0xE10007E8(159a7e8) OBJECT: 0xE20F4A50(2e35a50) Type: 19 Port Object Header: 0xE20F4A38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 0000011C.000003D0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF0ED948(58bf948) Type: 26 File Object Header: 0xFF0ED930 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume4\intrusion2005\physicalmemory.dd Handle Tables: 33 ObpRootDirectoryObject: 0x8046AE28(46ae28) \ Directory: 0xFCE00850(141d850) \SeLsaCommandPort OBJECT: 0xE1E283C0(53f23c0) Type: 19 Port SecurityDescriptor: 0xE13040F8(1a1d0f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000F0.000000EC ClientThread: 0x00000000 ServerProcess: 0xFF29BA80 \REGISTRY OBJECT: 0xE10087F0(15d97f0) Type: 18 Key SecurityDescriptor: (null) Path: REGISTRY\ \XactSrvLpcPort OBJECT: 0xE13631C0(22dc1c0) Type: 19 Port SecurityDescriptor: 0xE13040F8(1a1d0f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000E4.000001F0 ClientThread: 0x00000000 ServerProcess: 0xFF29D080 \DbgUiApiPort OBJECT: 0xE1D15CA0(4252ca0) Type: 19 Port SecurityDescriptor: 0xE12CDA78(1932a78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD) Creator: 0000009C.00000098 ClientThread: 0x00000000 ServerProcess: 0xFCC992C0 \DosDevices OBJECT: 0xFCE00510(141d510) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007C38(15a8c38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;OICIIO;GX;;;WD)(A;OICIIO;GA;;;BA)(A;OICIIO;GA;;;SY)(A;OICIIO;GA;;;CO) Target: \?? \SeRmCommandPort OBJECT: 0xE13BC040(2cbd040) Type: 19 Port SecurityDescriptor: 0xE13040F8(1a1d0f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 00000008.00000004 ClientThread: 0x00000000 ServerProcess: 0xFCE00C60 \LsaAuthenticationPort OBJECT: 0xE1E2DDE0(5657de0) Type: 19 Port SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000000F0.00000120 ClientThread: 0x00000000 ServerProcess: 0xFF29BA80 \NlsCacheMutant OBJECT: 0xFCC68540(1285540) Type: 10 Mutant SecurityDescriptor: 0xE1D316B8(42ed6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) \LanmanServerAnnounceEvent OBJECT: 0xFCC96330(12b3330) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \Dfs OBJECT: 0xFCD45F10(1362f10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD826D0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25788 Mup.sys \DbgSsApiPort OBJECT: 0xE1C97100(3c9b100) Type: 19 Port SecurityDescriptor: 0xE12CDA78(1932a78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD) Creator: 0000009C.00000098 ClientThread: 0x00000000 ServerProcess: 0xFCC992C0 \SAM_SERVICE_STARTED OBJECT: 0xFF286AD0(5952ad0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \SmApiPort OBJECT: 0xE13BC320(2cbd320) Type: 19 Port SecurityDescriptor: 0xE1305358(1a41358) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCRC;;;RC)(A;;0x1f0001;;;BA) Creator: 0000009C.00000098 ClientThread: 0x00000000 ServerProcess: 0xFCC992C0 \Fat OBJECT: 0xFCD4C850(1369850) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE11550 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE259A8 Fastfat.sys \ErrorLogPort OBJECT: 0xE1E57B40(5951b40) Type: 19 Port SecurityDescriptor: 0xE13040F8(1a1d0f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000E4.00000168 ClientThread: 0x00000000 ServerProcess: 0xFF29D080 \SystemRoot OBJECT: 0xFCDFD8D0(141a8d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE13055B8(1a415b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCSDRCWDWO;;;SY)(A;;CCRC;;;BA) Target: \Device\Harddisk0\Partition1\WINNT \Cdfs OBJECT: 0xFF1F69D0(35c9d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF1F6AF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF225788 \SystemRoot\System32\Drivers\Cdfs.SYS \EFSInitEvent OBJECT: 0xFF288D50(5891d50) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \SeLsaInitEvent OBJECT: 0xFCC99910(12b6910) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \UniqueSessionIdEvent OBJECT: 0xFCC6DCF0(128acf0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \ArcName\ Directory: 0xFCDFD650(141a650) \ArcName\multi(0)disk(0)rdisk(0) OBJECT: 0xFCE114F0(142e4f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk0\Partition0 \ArcName\multi(0)disk(0)rdisk(0)partition(1) OBJECT: 0xFCD82510(139f510) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk0\Partition1 \ArcName\multi(0)disk(0)fdisk(0) OBJECT: 0xFCD352B0(13522b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Floppy0 \ArcName\multi(0)disk(0)rdisk(0)partition(2) OBJECT: 0xFCE11490(142e490) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk0\Partition2 \NLS\ Directory: 0xFCC67E00(1284e00) \NLS\NlsSectionCP950 OBJECT: 0xE21278E0(6b78e0) Type: 17 Section SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE2123668(554a668) BasedAddress: 0x2EBFCCC8 SizeOfSegment: 0x30022 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\c_950.nls \NLS\NlsSectionCP949 OBJECT: 0xE210B880(406f880) Type: 17 Section SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE21BC0A8(22cc0a8) BasedAddress: 0x0A241CD8 SizeOfSegment: 0x30022 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\c_949.nls \NLS\NlsSectionCType OBJECT: 0xE1D32C60(4275c60) Type: 17 Section SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1321408(1a71408) BasedAddress: 0x2EBA64D0 SizeOfSegment: 0x1b9e SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\ctype.nls \NLS\NlsSectionSortTbls OBJECT: 0xE1D33280(42b7280) Type: 17 Section SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D32BC8(4275bc8) BasedAddress: 0x2EBAA4C0 SizeOfSegment: 0x3580 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\sorttbls.nls \NLS\NlsSectionSortkey OBJECT: 0xE1D329A0(42759a0) Type: 17 Section SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D329E8(42759e8) BasedAddress: 0x2EBA84C8 SizeOfSegment: 0x40004 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\sortkey.nls \NLS\NlsSectionLocale OBJECT: 0xE1D32E40(4275e40) Type: 17 Section SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D32E88(4275e88) BasedAddress: 0x2EBA44D8 SizeOfSegment: 0x2eeec SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\locale.nls \NLS\NlsSectionCP932 OBJECT: 0xE21D28A0(58a38a0) Type: 17 Section SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE20E53C8(2b8c3c8) BasedAddress: 0x08CCB4D0 SizeOfSegment: 0x27c22 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\c_932.nls \NLS\NlsSectionUnicode OBJECT: 0xE1D311A0(42ed1a0) Type: 17 Section SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D311E8(42ed1e8) BasedAddress: 0x2EB9BCD0 SizeOfSegment: 0x15df4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\unicode.nls \NLS\NlsSectionCP936 OBJECT: 0xE20D2FC0(2519fc0) Type: 17 Section SecurityDescriptor: 0xE1D30118(42cb118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE21C84C8(40994c8) BasedAddress: 0x095304C8 SizeOfSegment: 0x30022 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\c_936.nls \Driver\ Directory: 0xFCDF8310(1415310) \Driver\WMI OBJECT: 0xFCDF4C30(1411c30) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Driver\KSecDD OBJECT: 0xFCD4C750(1369750) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25928 KSecDD.sys \Driver\NDIS OBJECT: 0xFCD828F0(139f8f0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE258A8 NDIS.sys \Driver\Beep OBJECT: 0xFCD63E70(1380e70) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD63008 \SystemRoot\System32\Drivers\Beep.SYS \Driver\V124 OBJECT: 0xFF1F6D10(35cd10) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF223508 \SystemRoot\System32\DRIVERS\v124nt.sys \Driver\Raspti OBJECT: 0xFCDBD6F0(13da6f0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBD888 \SystemRoot\System32\DRIVERS\raspti.sys \Driver\Mouclass OBJECT: 0xFCDC4270(13e1270) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC4448 \SystemRoot\System32\DRIVERS\mouclass.sys \Driver\Diskperf OBJECT: 0xFCD86970(13a3970) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25008 Diskperf.sys \Driver\Kbdclass OBJECT: 0xFCD809B0(139d9b0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD80B88 \SystemRoot\System32\DRIVERS\kbdclass.sys \Driver\Compbatt OBJECT: 0xFCD308D0(134d8d0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26D68 compbatt.sys \Driver\NDProxy OBJECT: 0xFCD1E630(133b630) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD1E7C8 \SystemRoot\System32\Drivers\NDProxy.SYS \Driver\VgaSave OBJECT: 0xFCD63350(1380350) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD634E8 \SystemRoot\System32\drivers\vga.sys \Driver\MountMgr OBJECT: 0xFCD4DD50(136ad50) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25D88 MountMgr.sys \Driver\Ptilink OBJECT: 0xFCD7A190(1397190) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7A328 \SystemRoot\System32\DRIVERS\ptilink.sys \Driver\SonyUSBL OBJECT: 0xFCD68030(1385030) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD682E8 \SystemRoot\System32\DRIVERS\SonyUSBL.sys \Driver\wdmaud OBJECT: 0xFF26D530(5f3a530) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF250488 \SystemRoot\system32\drivers\wdmaud.sys \Driver\ohci1394 OBJECT: 0xFCD85AD0(13a2ad0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26E88 ohci1394.sys \Driver\Aspi32 OBJECT: 0xFF270D10(6069d10) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF270EE8 \SystemRoot\System32\Drivers\Aspi32.SYS \Driver\SoftFax OBJECT: 0xFF24BD10(66ead10) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF2316A8 \SystemRoot\System32\DRIVERS\faxnt.sys \Driver\isapnp OBJECT: 0xFCD53C90(1370c90) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F08 isapnp.sys \Driver\atapi OBJECT: 0xFCD4DA50(136aa50) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25CE8 atapi.sys \Driver\E100B OBJECT: 0xFCD445B0(13615b0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD446E8 \SystemRoot\System32\DRIVERS\e100bnt5.sys \Driver\K56 OBJECT: 0xFF25C6D0(64a76d0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25E628 \SystemRoot\System32\DRIVERS\k56nt.sys \Driver\USBSTOR OBJECT: 0xFCCF6BF0(1313bf0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF6D28 \SystemRoot\System32\DRIVERS\USBSTOR.SYS \Driver\DFRWSDRV2005 OBJECT: 0xFF25D890(639b890) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF178B08 \??\c:\winnt\system32\dfrwsdrv.sys \Driver\dmio OBJECT: 0xFCD86870(13a3870) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25FA8 dmio.sys \Driver\RasAcd OBJECT: 0xFCCF0BB0(130dbb0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF0008 \SystemRoot\System32\DRIVERS\rasacd.sys \Driver\uhcd OBJECT: 0xFCD7DCD0(139acd0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7E0C8 \SystemRoot\System32\DRIVERS\uhcd.sys \Driver\audstub OBJECT: 0xFCDBE8F0(13db8f0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBEA88 \SystemRoot\System32\DRIVERS\audstub.sys \Driver\Win32k OBJECT: 0xFF29FB30(516db30) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Driver\winachsf OBJECT: 0xFCDBF950(13dc950) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBFAC8 \SystemRoot\System32\DRIVERS\winachsf.sys \Driver\swenum OBJECT: 0xFCD793B0(13963b0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD79548 \SystemRoot\System32\DRIVERS\swenum.sys \Driver\usbhub OBJECT: 0xFCD353D0(13523d0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD31648 \SystemRoot\System32\DRIVERS\usbhub.sys \Driver\Update OBJECT: 0xFCD78CD0(1395cd0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD78E68 \SystemRoot\System32\DRIVERS\update.sys \Driver\Ftdisk OBJECT: 0xFCD86C10(13a3c10) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27D28 ftdisk.sys \Driver\smwdm OBJECT: 0xFCDC0770(13dd770) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC0E08 \SystemRoot\system32\drivers\smwdm.sys \Driver\Modem OBJECT: 0xFCDBF590(13dc590) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBF6C8 \SystemRoot\System32\Drivers\Modem.SYS \Driver\sysaudio OBJECT: 0xFF25B4D0(65b94d0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24EA48 \SystemRoot\system32\drivers\sysaudio.sys \Driver\Fdc OBJECT: 0xFCD7E7F0(139b7f0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7E988 \SystemRoot\System32\DRIVERS\fdc.sys \Driver\Rasl2tp OBJECT: 0xFCD42910(135f910) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD42AA8 \SystemRoot\System32\DRIVERS\rasl2tp.sys \Driver\AmosNT OBJECT: 0xFF271750(5eb0750) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF271068 \SystemRoot\System32\DRIVERS\amosnt.sys \Driver\Ich OBJECT: 0xFF25E170(6397170) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25E2A8 \SystemRoot\System32\DRIVERS\Ich.sys \Driver\ACPIEC OBJECT: 0xFCDC7B50(13e4b50) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25E88 ACPIEC.sys \Driver\ParVdm OBJECT: 0xFF279D90(5d1fd90) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF280FA8 \SystemRoot\System32\Drivers\ParVdm.SYS \Driver\Fallback OBJECT: 0xFF2749F0(5dce9f0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF274848 \SystemRoot\System32\DRIVERS\fallback.sys \Driver\ACPI_HAL OBJECT: 0xFCDF4D30(1411d30) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Driver\serenum OBJECT: 0xFCD7FD50(139cd50) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7FFA8 \SystemRoot\System32\DRIVERS\serenum.sys \Driver\PptpMiniport OBJECT: 0xFCD7AD50(1397d50) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7B8E8 \SystemRoot\System32\DRIVERS\raspptp.sys \Driver\NetBT OBJECT: 0xFCCA9F30(12c6f30) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCA9B48 \SystemRoot\System32\DRIVERS\netbt.sys \Driver\PCIIde OBJECT: 0xFCDC9270(13e6270) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27F48 PCIIde.sys \Driver\va16w2 OBJECT: 0xFCD497F0(13667f0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25B48 va16w2.sys \Driver\Cdrom OBJECT: 0xFCD26210(1343210) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD26348 \SystemRoot\System32\DRIVERS\cdrom.sys \Driver\Tones OBJECT: 0xFF20B930(ee2930) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF224CA8 \SystemRoot\System32\DRIVERS\tonesnt.sys \Driver\kmixer OBJECT: 0xFF175F30(4535f30) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF1B6D08 \SystemRoot\system32\drivers\kmixer.sys \Driver\Pcmcia OBJECT: 0xFCD86030(13a3030) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27DA8 pcmcia.sys \Driver\va32w2 OBJECT: 0xFCD49A70(1366a70) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25C68 va32w2.sys \Driver\SNC OBJECT: 0xFCD246F0(13416f0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD24888 \SystemRoot\System32\Drivers\SonyNC.sys \Driver\mnmdd OBJECT: 0xFCD62C10(137fc10) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD63428 \SystemRoot\System32\Drivers\mnmdd.SYS \Driver\Tcpip OBJECT: 0xFCCF0370(130d370) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF0508 \SystemRoot\System32\DRIVERS\tcpip.sys \Driver\Wanarp OBJECT: 0xFCCA5D10(12c2d10) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCA6D88 \SystemRoot\System32\DRIVERS\wanarp.sys \Driver\PxHelper OBJECT: 0xFCD26750(1343750) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD26968 \??\C:\WINNT\System32\drivers\PxHelper.sys \Driver\biosview OBJECT: 0xFCD63870(1380870) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD63F48 \SystemRoot\system32\drivers\biosview.sys \Driver\Rksample OBJECT: 0xFCDBFD90(13dcd90) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBFF08 \SystemRoot\System32\DRIVERS\rksample.sys \Driver\Null OBJECT: 0xFCCF37F0(13107f0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF3988 \SystemRoot\System32\Drivers\Null.SYS \Driver\Disk OBJECT: 0xFCD49690(1366690) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Driver\PCI OBJECT: 0xFCDDF230(13fc230) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Driver\sbp2port OBJECT: 0xFCDC8410(13e5410) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25F28 sbp2port.sys \Driver\IPSEC OBJECT: 0xFF1E5270(3f07270) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF29CD68 \SystemRoot\System32\DRIVERS\ipsec.sys \Driver\PartMgr OBJECT: 0xFCD4DE50(136ae50) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25E08 PartMgr.sys \Driver\NdisWan OBJECT: 0xFCD236B0(13406b0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD23848 \SystemRoot\System32\DRIVERS\ndiswan.sys \Driver\NdisTapi OBJECT: 0xFCD23C70(1340c70) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD23E08 \SystemRoot\System32\DRIVERS\ndistapi.sys \Driver\Serial OBJECT: 0xFCD7F030(139c030) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD241A8 \SystemRoot\System32\DRIVERS\serial.sys \Driver\Gpc OBJECT: 0xFCCAA530(12c7530) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCB1228 \SystemRoot\System32\DRIVERS\msgpc.sys \Driver\ACPI OBJECT: 0xFCE149F0(14319f0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Driver\PnpManager OBJECT: 0xFCE18EF0(1435ef0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Driver\Parallel OBJECT: 0xFCD79C90(1396c90) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD79E68 \SystemRoot\System32\DRIVERS\parallel.sys \Driver\Flpydisk OBJECT: 0xFCD1F430(133c430) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD35668 \SystemRoot\System32\DRIVERS\flpydisk.sys \Driver\i81x OBJECT: 0xFCD26D70(1343d70) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD81328 \SystemRoot\System32\DRIVERS\i81xnt5.sys \Driver\AFD OBJECT: 0xFF287DF0(590ddf0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF2886C8 \SystemRoot\System32\drivers\afd.sys \Driver\Fsks OBJECT: 0xFF260B30(6363b30) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD455E8 \SystemRoot\System32\DRIVERS\fsksnt.sys \Driver\Parport OBJECT: 0xFCD7EE70(139be70) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7E008 \SystemRoot\System32\DRIVERS\parport.sys \Driver\IntelIde OBJECT: 0xFCD87030(13a4030) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27E48 intelide.sys \Driver\ApfiltrService OBJECT: 0xFCDC45D0(13e15d0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC4768 \SystemRoot\System32\DRIVERS\Apfiltr.sys \Driver\CmBatt OBJECT: 0xFCD25CD0(1342cd0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD25E68 \SystemRoot\System32\DRIVERS\CmBatt.sys \Driver\SPI OBJECT: 0xFCD24F30(1341f30) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD25148 \SystemRoot\System32\Drivers\SonyPI.sys \Driver\iLINKnet OBJECT: 0xFCD22E90(133fe90) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBD2E8 \SystemRoot\System32\DRIVERS\SonyiNet.sys \Driver\i8042prt OBJECT: 0xFCD80E30(139de30) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD441A8 \SystemRoot\System32\DRIVERS\i8042prt.sys \WmiGuid\ Directory: 0xFCDF4B30(1411b30) \Device\ Directory: 0xFCDFD570(141a570) \Device\KsecDD OBJECT: 0xFCD82F10(139ff10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD4C750 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25928 KSecDD.sys \Device\FSKS0 OBJECT: 0xFF2609D0(63639d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF260B30 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD455E8 \SystemRoot\System32\DRIVERS\fsksnt.sys \Device\Beep OBJECT: 0xFCD63CF0(1380cf0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD63E70 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD63008 \SystemRoot\System32\Drivers\Beep.SYS \Device\Ndis OBJECT: 0xFCD827D0(139f7d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD828F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE258A8 NDIS.sys \Device\00000025 OBJECT: 0xFCD873D0(13a43d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000019 OBJECT: 0xFCD2E7B0(134b7b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00512a OBJECT: 0xFCDF4F10(1411f10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Netbios OBJECT: 0xFCC9AE30(12b7e30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCA62D0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCA61A8 \SystemRoot\System32\DRIVERS\netbios.sys \Device\00000033 OBJECT: 0xFF1DDEB0(3d92eb0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCF6BF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF6D28 \SystemRoot\System32\DRIVERS\USBSTOR.SYS \Device\00000026 OBJECT: 0xFCDC7230(13e4230) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\003928 OBJECT: 0xFCDF5910(1412910) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\003327 OBJECT: 0xFCE16510(1433510) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\002926 OBJECT: 0xFCE16D10(1433d10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\002325 OBJECT: 0xFCDF6A30(1413a30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\KSENUM#00000001 OBJECT: 0xFF25DAF0(639baf0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD793B0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD79548 \SystemRoot\System32\DRIVERS\swenum.sys \Device\00000034 OBJECT: 0xFF1006B0(60786b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCF6BF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF6D28 \SystemRoot\System32\DRIVERS\USBSTOR.SYS \Device\Ip OBJECT: 0xFCCF0230(130d230) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCF0370 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF0508 \SystemRoot\System32\DRIVERS\tcpip.sys \Device\004529 OBJECT: 0xFCE15C30(1432c30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\00000027 OBJECT: 0xFCDC7110(13e4110) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\003026 OBJECT: 0xFCE16B10(1433b10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\KSENUM#00000002 OBJECT: 0xFF24FA70(6743a70) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD793B0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD79548 \SystemRoot\System32\DRIVERS\swenum.sys \Device\Video0 OBJECT: 0xFCDC5038(13e2038) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD26D70 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD81328 \SystemRoot\System32\DRIVERS\i81xnt5.sys \Device\KeyboardClass0 OBJECT: 0xFCDC4030(13e1030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD809B0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD80B88 \SystemRoot\System32\DRIVERS\kbdclass.sys \Device\00000028 OBJECT: 0xFCD49D10(1366d10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\003628 OBJECT: 0xFCDF5F10(1412f10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\NDProxy OBJECT: 0xFCD1E4D0(133b4d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD1E630 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD1E7C8 \SystemRoot\System32\Drivers\NDProxy.SYS \Device\Video1 OBJECT: 0xFCD62040(137f040) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD63350 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD634E8 \SystemRoot\System32\drivers\vga.sys \Device\{48B2AFEE-E0A0-41E0-B2FD-B0E4E3993429} OBJECT: 0xFCD421B0(135f1b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD42910 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD42AA8 \SystemRoot\System32\DRIVERS\rasl2tp.sys \Device\00000029 OBJECT: 0xFCDC03D0(13dd3d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC0770 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC0E08 \SystemRoot\system32\drivers\smwdm.sys \Device\004229 OBJECT: 0xFCDF5310(1412310) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Video2 OBJECT: 0xFCCF2040(130f040) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD62C10 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD63428 \SystemRoot\System32\Drivers\mnmdd.SYS \Device\Serial0 OBJECT: 0xFCD7F5E0(139c5e0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD7F030 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD241A8 \SystemRoot\System32\DRIVERS\serial.sys \Device\PointerClass0 OBJECT: 0xFCD43DB0(1360db0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC4270 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC4448 \SystemRoot\System32\DRIVERS\mouclass.sys \Device\0000000a OBJECT: 0xFCD52A10(136fa10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\USBPDO-0 OBJECT: 0xFCD31990(134e990) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD7DCD0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7E0C8 \SystemRoot\System32\DRIVERS\uhcd.sys \Device\CompositeBattery OBJECT: 0xFCDC9370(13e6370) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD308D0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26D68 compbatt.sys \Device\Processor OBJECT: 0xFCD78BB0(1395bb0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD78CD0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD78E68 \SystemRoot\System32\DRIVERS\update.sys \Device\AcAdapter OBJECT: 0xFCD253D0(13423d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD25CD0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD25E68 \SystemRoot\System32\DRIVERS\CmBatt.sys \Device\ OBJECT: 0xFCD528F0(136f8f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\USBPDO-1 OBJECT: 0xFCD6FB50(138cb50) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD7DCD0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7E0C8 \SystemRoot\System32\DRIVERS\uhcd.sys \Device\SPIDevice0 OBJECT: 0xFCD24AD0(1341ad0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD24F30 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD25148 \SystemRoot\System32\Drivers\SonyPI.sys \Device\0000000c OBJECT: 0xFCD527D0(136f7d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\RawTape OBJECT: 0xFCE14AF0(1431af0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE14E50 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\WMIDataDevice OBJECT: 0xFCDF4430(1411430) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF4C30 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\KSENUM#00000007 OBJECT: 0xFF1FAED0(f6fed0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD793B0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD79548 \SystemRoot\System32\DRIVERS\swenum.sys \Device\USBPDO-2 OBJECT: 0xFCCF6030(1313030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD353D0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD31648 \SystemRoot\System32\DRIVERS\usbhub.sys \Device\FloppyPDO0 OBJECT: 0xFCD359B0(13529b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD7E7F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7E988 \SystemRoot\System32\DRIVERS\fdc.sys \Device\0000001a OBJECT: 0xFCD2E690(134b690) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\0000000d OBJECT: 0xFCD526B0(136f6b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\NTPNP_PCI0000 OBJECT: 0xFCD30490(134d490) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDDF230 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\000521 OBJECT: 0xFCDF7F10(1414f10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\USBPDO-3 OBJECT: 0xFF250A90(6797a90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD353D0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD31648 \SystemRoot\System32\DRIVERS\usbhub.sys \Device\FAX0 OBJECT: 0xFF2227D0(8317d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF24BD10 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF2316A8 \SystemRoot\System32\DRIVERS\faxnt.sys \Device\UdfReadr OBJECT: 0xFCD612B0(137e2b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD61E10 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD61FA8 \SystemRoot\System32\Drivers\UdfReadr.SYS \Device\0000001b OBJECT: 0xFCD2E570(134b570) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\0000000e OBJECT: 0xFCD52590(136f590) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\NTPNP_PCI0001 OBJECT: 0xFCD486D0(13656d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDDF230 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\001823 OBJECT: 0xFCE17510(1434510) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\001222 OBJECT: 0xFCE17030(1434030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\000821 OBJECT: 0xFCDF7910(1414910) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\RasAcd OBJECT: 0xFCCF0A90(130da90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCF0BB0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF0008 \SystemRoot\System32\DRIVERS\rasacd.sys \Device\0000001c OBJECT: 0xFCD2E450(134b450) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\0000000f OBJECT: 0xFCD52470(136f470) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\NTPNP_PCI0002 OBJECT: 0xFCD484D0(13654d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDDF230 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\000221 OBJECT: 0xFCE185F0(14355f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Tcp OBJECT: 0xFCCC5750(12e2750) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCF0370 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF0508 \SystemRoot\System32\DRIVERS\tcpip.sys \Device\V1240 OBJECT: 0xFF1F6BF0(35cbf0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF1F6D10 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF223508 \SystemRoot\System32\DRIVERS\v124nt.sys \Device\ParallelVdm0 OBJECT: 0xFF271370(5eb0370) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF279D90 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF280FA8 \SystemRoot\System32\Drivers\ParVdm.SYS \Device\ParallelPort0 OBJECT: 0xFCD7EB90(139bb90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD7EE70 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7E008 \SystemRoot\System32\DRIVERS\parport.sys \Device\0000001d OBJECT: 0xFCD2E330(134b330) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\HCD0 OBJECT: 0xFCD7D710(139a710) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD7DCD0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7E0C8 \SystemRoot\System32\DRIVERS\uhcd.sys \Device\NTPNP_PCI0010 OBJECT: 0xFCD2CE30(1349e30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDDF230 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\NTPNP_PCI0003 OBJECT: 0xFCDCC030(13e9030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDDF230 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\002425 OBJECT: 0xFCDF6830(1413830) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\001523 OBJECT: 0xFCE17B10(1434b10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\00482a OBJECT: 0xFCE15630(1432630) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\0000002a OBJECT: 0xFCDBEC70(13dbc70) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDBF590 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBF6C8 \SystemRoot\System32\Drivers\Modem.SYS \Device\HCD1 OBJECT: 0xFCD7D170(139a170) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD7DCD0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7E0C8 \SystemRoot\System32\DRIVERS\uhcd.sys \Device\SNCDevice0 OBJECT: 0xFCD244B0(13414b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD246F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD24888 \SystemRoot\System32\Drivers\SonyNC.sys \Device\0000001e OBJECT: 0xFCD2E210(134b210) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\ReadDataPort_0 OBJECT: 0xFCD2ED50(134bd50) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD53C90 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F08 isapnp.sys \Device\NTPNP_PCI0011 OBJECT: 0xFCD2CAD0(1349ad0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDDF230 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\NTPNP_PCI0004 OBJECT: 0xFCDCCE30(13e9e30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDDF230 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\002124 OBJECT: 0xFCDF6E30(1413e30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\HarddiskVolume1 OBJECT: 0xFCE11B10(142eb10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD86C10 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27D28 ftdisk.sys \Device\{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFCD80030(139d030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD445B0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD446E8 \SystemRoot\System32\DRIVERS\e100bnt5.sys \Device\0000001f OBJECT: 0xFCD2D030(134a030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\NTPNP_PCI0012 OBJECT: 0xFCD2C770(1349770) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDDF230 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\RKSAMPLE0 OBJECT: 0xFCDBF350(13dc350) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDBFD90 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBFF08 \SystemRoot\System32\DRIVERS\rksample.sys \Device\NTPNP_PCI0005 OBJECT: 0xFCDCCC30(13e9c30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDDF230 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\003127 OBJECT: 0xFCE16910(1433910) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\002725 OBJECT: 0xFCDF6230(1413230) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\CdRom0 OBJECT: 0xFCD44BD0(1361bd0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD26210 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD26348 \SystemRoot\System32\DRIVERS\cdrom.sys \Device\HarddiskVolume2 OBJECT: 0xFCE117F0(142e7f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD86C10 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27D28 ftdisk.sys \Device\TONES0 OBJECT: 0xFF2242F0(a412f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF20B930 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF224CA8 \SystemRoot\System32\DRIVERS\tonesnt.sys \Device\sysaudio OBJECT: 0xFF24E470(66c5470) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF25B4D0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24EA48 \SystemRoot\system32\drivers\sysaudio.sys \Device\FsWrap OBJECT: 0xFCC9A470(12b7470) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCB1AB0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCB1A28 \SystemRoot\System32\DRIVERS\rdbss.sys \Device\0000002c OBJECT: 0xFCD35890(1352890) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\NTPNP_PCI0006 OBJECT: 0xFCDCC8D0(13e98d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDDF230 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\003728 OBJECT: 0xFCDF5D10(1412d10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\MbMmDp32 OBJECT: 0xFF270B70(6069b70) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF270D10 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF270EE8 \SystemRoot\System32\Drivers\Aspi32.SYS \Device\Parallel0 OBJECT: 0xFCD1C040(1339040) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD79C90 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD79E68 \SystemRoot\System32\DRIVERS\parallel.sys \Device\0000002d OBJECT: 0xFCD312D0(134e2d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD353D0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD31648 \SystemRoot\System32\DRIVERS\usbhub.sys \Device\NTPNP_PCI0007 OBJECT: 0xFCDCC570(13e9570) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDDF230 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\004329 OBJECT: 0xFCE15030(1432030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\HarddiskVolume4 OBJECT: 0xFF17CB50(2c66b50) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD86C10 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27D28 ftdisk.sys \Device\VideoPdo1 OBJECT: 0xFCC61A50(127ea50) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD26D70 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD81328 \SystemRoot\System32\DRIVERS\i81xnt5.sys \Device\004629 OBJECT: 0xFCE15A30(1432a30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\NTPNP_PCI0008 OBJECT: 0xFCD52030(136f030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDDF230 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\0000002e OBJECT: 0xFCD6F750(138c750) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD353D0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD31648 \SystemRoot\System32\DRIVERS\usbhub.sys \Device\ACPIEC OBJECT: 0xFCDC7830(13e4830) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC7B50 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25E88 ACPIEC.sys \Device\004028 OBJECT: 0xFCDF5710(1412710) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\003428 OBJECT: 0xFCE16310(1433310) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\VolumesSafeForWriteAccess OBJECT: 0xFCC94190(12b1190) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \Device\HxDefDriver OBJECT: 0xFF1FC810(d0b810) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF25D890 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF178B08 \??\c:\winnt\system32\dfrwsdrv.sys \Device\0000002f OBJECT: 0xFCCF6930(1313930) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCF6BF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF6D28 \SystemRoot\System32\DRIVERS\USBSTOR.SYS \Device\NTPNP_PCI0009 OBJECT: 0xFCD52E30(136fe30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDDF230 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\Apfiltr OBJECT: 0xFCD339F0(13509f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC45D0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC4768 \SystemRoot\System32\DRIVERS\Apfiltr.sys \Device\PxHelperDevice0 OBJECT: 0xFCD265D0(13435d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD26750 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD26968 \??\C:\WINNT\System32\drivers\PxHelper.sys \Device\wgnthlpr OBJECT: 0xFCD45670(1362670) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD45790 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25828 NaiFsRec.sys \Device\Pcmcia0 OBJECT: 0xFCD86D10(13a3d10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD86030 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27DA8 pcmcia.sys \Device\NetBT_Tcpip_{E41F8207-9EAD-4C09-8BC4-06F8E425196E} OBJECT: 0xFCCA5A30(12c2a30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCA9F30 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCA9B48 \SystemRoot\System32\DRIVERS\netbt.sys \Device\ControlMethodBattery1 OBJECT: 0xFCD25670(1342670) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD25CD0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD25E68 \SystemRoot\System32\DRIVERS\CmBatt.sys \Device\NetBt_Wins_Export OBJECT: 0xFCCA7BF0(12c4bf0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCA9F30 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCA9B48 \SystemRoot\System32\DRIVERS\netbt.sys \Device\NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFCC9AAB0(12b7ab0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCA9F30 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCA9B48 \SystemRoot\System32\DRIVERS\netbt.sys \Device\Sbp2Port0 OBJECT: 0xFCD83030(13a0030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC8410 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25F28 sbp2port.sys \Device\000321 OBJECT: 0xFCE183B0(14353b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\NetbiosSmb OBJECT: 0xFCCA7030(12c4030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCA9F30 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCA9B48 \SystemRoot\System32\DRIVERS\netbt.sys \Device\001022 OBJECT: 0xFCDF7510(1414510) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\000922 OBJECT: 0xFCDF7710(1414710) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\00492a OBJECT: 0xFCE15430(1432430) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\001623 OBJECT: 0xFCE17910(1434910) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\000621 OBJECT: 0xFCDF7D10(1414d10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\MountPointManager OBJECT: 0xFCD4DBB0(136abb0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD4DD50 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25D88 MountMgr.sys \Device\{E41F8207-9EAD-4C09-8BC4-06F8E425196E} OBJECT: 0xFCD22730(133f730) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD22E90 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBD2E8 \SystemRoot\System32\DRIVERS\SonyiNet.sys \Device\00502a OBJECT: 0xFCE15230(1432230) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Smwdm0 OBJECT: 0xFCDC0630(13dd630) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC0770 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC0E08 \SystemRoot\system32\drivers\smwdm.sys \Device\001923 OBJECT: 0xFCE17310(1434310) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\001322 OBJECT: 0xFCE17F10(1434f10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\LanmanServer OBJECT: 0xFF24BE10(66eae10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF22C830 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF22CE68 \SystemRoot\System32\DRIVERS\srv.sys \Device\Mup OBJECT: 0xFCD45890(1362890) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD826D0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25788 Mup.sys \Device\K560 OBJECT: 0xFF25C590(64a7590) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF25C6D0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25E628 \SystemRoot\System32\DRIVERS\k56nt.sys \Device\WANARP OBJECT: 0xFCCA6610(12c3610) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCA5D10 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCA6D88 \SystemRoot\System32\DRIVERS\wanarp.sys \Device\002826 OBJECT: 0xFCE16F10(1433f10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\002225 OBJECT: 0xFCDF6C30(1413c30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Udp OBJECT: 0xFCCC5630(12e2630) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCF0370 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF0508 \SystemRoot\System32\DRIVERS\tcpip.sys \Device\BiosView OBJECT: 0xFCD63750(1380750) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD63870 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD63F48 \SystemRoot\system32\drivers\biosview.sys \Device\002525 OBJECT: 0xFCDF6630(1413630) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\ChangeEventCdRom0 OBJECT: 0xFF278FF0(5d81ff0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \Device\RawIp OBJECT: 0xFCCC5510(12e2510) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCF0370 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF0508 \SystemRoot\System32\DRIVERS\tcpip.sys \Device\ICH0 OBJECT: 0xFF25E850(6397850) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF25E170 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25E2A8 \SystemRoot\System32\DRIVERS\Ich.sys \Device\NdisWanIp OBJECT: 0xFCD7BA70(1398a70) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD236B0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD23848 \SystemRoot\System32\DRIVERS\ndiswan.sys \Device\00000001 OBJECT: 0xFCDF48D0(14118d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF4D30 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\003528 OBJECT: 0xFCDF5030(1412030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Floppy0 OBJECT: 0xFCD31030(134e030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD1F430 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD35668 \SystemRoot\System32\DRIVERS\flpydisk.sys \Device\AmosNTDevice0 OBJECT: 0xFF271610(5eb0610) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF271750 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF271068 \SystemRoot\System32\DRIVERS\amosnt.sys \Device\004729 OBJECT: 0xFCE15830(1432830) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\00000002 OBJECT: 0xFCD88710(13a5710) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\RawDisk OBJECT: 0xFCE14D30(1431d30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE14E50 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\004129 OBJECT: 0xFCDF5510(1412510) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\003227 OBJECT: 0xFCE16710(1433710) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Null OBJECT: 0xFCCF36D0(13106d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCF37F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF3988 \SystemRoot\System32\Drivers\Null.SYS \Device\1394BUS0 OBJECT: 0xFCDCA028(13e7028) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD85AD0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26E88 ohci1394.sys \Device\00000010 OBJECT: 0xFCD52350(136f350) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000003 OBJECT: 0xFCD538B0(13708b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\003828 OBJECT: 0xFCDF5B10(1412b10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\IPSEC OBJECT: 0xFF1ED6F0(816f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF1E5270 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF29CD68 \SystemRoot\System32\DRIVERS\ipsec.sys \Device\004429 OBJECT: 0xFCE15E30(1432e30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\ParTechInc0 OBJECT: 0xFCDBD030(13da030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD7A190 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7A328 \SystemRoot\System32\DRIVERS\ptilink.sys \Device\00000011 OBJECT: 0xFCD2F030(134c030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000004 OBJECT: 0xFCD53790(1370790) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\PhysicalMemory OBJECT: 0xE10010E0(159b0e0) Type: 17 Section SecurityDescriptor: 0xE1008B78(15d9b78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;CCLCSWRC;;;BA) Segment: 0xE10007E8(159a7e8) \Device\LanmanDatagramReceiver OBJECT: 0xFCC96370(12b3370) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCC96510 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC966A8 \SystemRoot\System32\DRIVERS\mrxsmb.sys \Device\NdisTapi OBJECT: 0xFCD23B10(1340b10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD23C70 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD23E08 \SystemRoot\System32\DRIVERS\ndistapi.sys \Device\IPMULTICAST OBJECT: 0xFCCC5870(12e2870) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCF0370 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF0508 \SystemRoot\System32\DRIVERS\tcpip.sys \Device\NdisWan OBJECT: 0xFCD1D030(133a030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD236B0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD23848 \SystemRoot\System32\DRIVERS\ndiswan.sys \Device\ParTechInc1 OBJECT: 0xFCDBDD90(13dad90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD7A190 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7A328 \SystemRoot\System32\DRIVERS\ptilink.sys \Device\00000012 OBJECT: 0xFCD2C4F0(13494f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000005 OBJECT: 0xFCD53670(1370670) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\LanmanRedirector OBJECT: 0xFCC95030(12b2030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCC96510 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC966A8 \SystemRoot\System32\DRIVERS\mrxsmb.sys \Device\Gpc OBJECT: 0xFCCA8E90(12c5e90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCAA530 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCB1228 \SystemRoot\System32\DRIVERS\msgpc.sys \Device\ParTechInc2 OBJECT: 0xFCDBDAF0(13daaf0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD7A190 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7A328 \SystemRoot\System32\DRIVERS\ptilink.sys \Device\00000013 OBJECT: 0xFCD2C230(1349230) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000006 OBJECT: 0xFCD53550(1370550) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\NamedPipe OBJECT: 0xFCCF24D0(130f4d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCF2810 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF29A8 \SystemRoot\System32\Drivers\Npfs.SYS \Device\00000020 OBJECT: 0xFCD2DF10(134af10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\FtControl OBJECT: 0xFCD86A70(13a3a70) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD86C10 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27D28 ftdisk.sys \Device\00000014 OBJECT: 0xFCD2E030(134b030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000007 OBJECT: 0xFCDCD030(13ea030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\000721 OBJECT: 0xFCDF7B10(1414b10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Mailslot OBJECT: 0xFCCF2D90(130fd90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCF2F30 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD62AC8 \SystemRoot\System32\Drivers\Msfs.SYS \Device\FALLBACK0 OBJECT: 0xFF25F6D0(628f6d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF2749F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF274848 \SystemRoot\System32\DRIVERS\fallback.sys \Device\00000021 OBJECT: 0xFCD2DDF0(134adf0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000015 OBJECT: 0xFCD2EC30(134bc30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000008 OBJECT: 0xFCD30110(134d110) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\WMIServiceDevice OBJECT: 0xFCDF4550(1411550) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF4C30 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\000121 OBJECT: 0xFCE18910(1435910) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Afd OBJECT: 0xFF287CB0(590dcb0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF287DF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF2886C8 \SystemRoot\System32\drivers\afd.sys \Device\{A5F8B43B-175B-45CA-9615-2BD6B11D4F33} OBJECT: 0xFCD22030(133f030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDBD6F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBD888 \SystemRoot\System32\DRIVERS\raspti.sys \Device\00000022 OBJECT: 0xFCD2DCD0(134acd0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\Winachsf0 OBJECT: 0xFCDBE040(13db040) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDBF950 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBFAC8 \SystemRoot\System32\DRIVERS\winachsf.sys \Device\000421 OBJECT: 0xFCE181B0(14351b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\00000016 OBJECT: 0xFCD2EB10(134bb10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000009 OBJECT: 0xFCD533F0(13703f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\RawCdRom OBJECT: 0xFCE14C10(1431c10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE14E50 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\001423 OBJECT: 0xFCE17D10(1434d10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\ScsiPort0 OBJECT: 0xFCD4AE90(1367e90) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Ide\IdePort0 \Device\00000030 OBJECT: 0xFCD65030(1382030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCF6BF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF6D28 \SystemRoot\System32\DRIVERS\USBSTOR.SYS \Device\00000023 OBJECT: 0xFCD2DBB0(134abb0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000017 OBJECT: 0xFCD2E9F0(134b9f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\002024 OBJECT: 0xFCDF6030(1413030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\001122 OBJECT: 0xFCDF7310(1414310) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\00000031 OBJECT: 0xFCD788B0(13958b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\{0CC8543F-8126-4073-8C04-07B3E7BFB4C3} OBJECT: 0xFCD7A590(1397590) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD7AD50 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD7B8E8 \SystemRoot\System32\DRIVERS\raspptp.sys \Device\00000024 OBJECT: 0xFCD306B0(134d6b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD85AD0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26E88 ohci1394.sys \Device\00000018 OBJECT: 0xFCD2E8D0(134b8d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE149F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\002625 OBJECT: 0xFCDF6430(1413430) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\001723 OBJECT: 0xFCE17710(1434710) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Windows\ Directory: 0xFCCB1690(12ce690) \Windows\SbApiPort OBJECT: 0xE1DB7440(4fc8440) Type: 19 Port SecurityDescriptor: 0xE13040F8(1a1d0f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0xFCC69480 \Windows\ApiPort OBJECT: 0xE1DB3E20(4f7ce20) Type: 19 Port SecurityDescriptor: 0xE1DB2378(4f7b378) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD)(A;;0x1f0001;;;RC) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0xFCC69480 \RPC Control\ Directory: 0xFCC93030(12b0030) \RPC Control\tapsrvlpc OBJECT: 0xE134F1A0(1b041a0) Type: 19 Port SecurityDescriptor: 0xE12CDA78(1932a78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD) Creator: 000001E0.000002EC ClientThread: 0x00000000 ServerProcess: 0xFF27D020 \RPC Control\spoolss OBJECT: 0xE1E1D040(54c9040) Type: 19 Port SecurityDescriptor: 0xE1E66438(5e30438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100001;;;BU)(A;;0x100001;;;PU)(A;;0x120001;;;WD)(A;;0x1f0001;;;CO)(A;;0x1f0001;;;SY)(A;;0x1f0001;;;BA) Creator: 000001B4.000001B8 ClientThread: 0x00000000 ServerProcess: 0xFF2744C0 \RPC Control\OLE2 OBJECT: 0xE1349940(1ae7940) Type: 19 Port SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000001E0.000001E8 ClientThread: 0x00000000 ServerProcess: 0xFF27D020 \RPC Control\OLE3 OBJECT: 0xE1349560(1ae7560) Type: 19 Port SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000002A0.000002C8 ClientThread: 0x00000000 ServerProcess: 0xFF1F5D60 \RPC Control\OLE5 OBJECT: 0xE1E30420(5571420) Type: 19 Port SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000001B4.000003A8 ClientThread: 0x00000000 ServerProcess: 0xFF2744C0 \RPC Control\OLE6 OBJECT: 0xE134F7E0(1b047e0) Type: 19 Port SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000000B0.000000D4 ClientThread: 0x00000000 ServerProcess: 0xFCA28D60 \RPC Control\ntsvcs OBJECT: 0xE1E41040(57dd040) Type: 19 Port SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000000E4.000000E0 ClientThread: 0x00000000 ServerProcess: 0xFF29D080 \RPC Control\OLE7 OBJECT: 0xE1BF65A0(45145a0) Type: 19 Port SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000334.00000330 ClientThread: 0x00000000 ServerProcess: 0xFF1BAAE0 \RPC Control\OLE10 OBJECT: 0xE1EDF880(6f1880) Type: 19 Port SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000418.00000414 ClientThread: 0x00000000 ServerProcess: 0xFF177660 \RPC Control\policyagent OBJECT: 0xE1E1E2A0(540c2a0) Type: 19 Port SecurityDescriptor: 0xE1E85078(67d4078) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCSDRC;;;WD)(A;;CCSDRC;;;RC)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;BA) Creator: 000000F0.00000208 ClientThread: 0x00000000 ServerProcess: 0xFF29BA80 \RPC Control\OLE17 OBJECT: 0xE201A040(d21040) Type: 19 Port SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000144.00000378 ClientThread: 0x00000000 ServerProcess: 0xFF144020 \RPC Control\OLEc OBJECT: 0xE1C0DA60(35da60) Type: 19 Port SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 000003C4.000003C0 ClientThread: 0x00000000 ServerProcess: 0xFF18B400 \RPC Control\OLEd OBJECT: 0xE1E54B80(588cb80) Type: 19 Port SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 000003CC.000003C8 ClientThread: 0x00000000 ServerProcess: 0xFF18A6E0 \RPC Control\epmapper OBJECT: 0xE1E1C660(5488660) Type: 19 Port SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 00000198.0000019C ClientThread: 0x00000000 ServerProcess: 0xFF27E840 \RPC Control\senssvc OBJECT: 0xE1E26AC0(546dac0) Type: 19 Port SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000001E0.00000234 ClientThread: 0x00000000 ServerProcess: 0xFF27D020 \RPC Control\OLEe OBJECT: 0xE1E75AE0(621fae0) Type: 19 Port SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000428.00000424 ClientThread: 0x00000000 ServerProcess: 0xFF172C40 \RPC Control\LRPC00000228.00000001 OBJECT: 0xE1E26700(546d700) Type: 19 Port SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 00000228.0000020C ClientThread: 0x00000000 ServerProcess: 0xFF244020 \BaseNamedObjects\ Directory: 0xFCC68730(1285730) \BaseNamedObjects\userenv: Machine Group Policy has been applied OBJECT: 0xFF2472D0(679a2d0) Type: 8 Event SecurityDescriptor: 0xE1DEE6F8(519c6f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) \BaseNamedObjects\ZonesCacheCounterMutex OBJECT: 0xFF1977F0(274a7f0) Type: 10 Mutant SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\WINMGMT_COREDLL_UNLOADED OBJECT: 0xFF1EFFF0(6e9ff0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_29c OBJECT: 0xFF1CE730(af5730) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_29c OBJECT: 0xFF1C4630(6758630) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AgentToWkssvcEvent OBJECT: 0xFF1F6570(35c570) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AvSyncStateEventAvSynMgr OBJECT: 0xFF24EF30(66c5f30) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\NAI_VIRUSSCAN_DAVCONSOL OBJECT: 0xE1E9B040(694d040) Type: 17 Section SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E9AC28(692cc28) BasedAddress: 0x08DF6CD8 SizeOfSegment: 0xdf318 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Cons.mmf \BaseNamedObjects\Local OBJECT: 0xFCC686D0(12856d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1D31578(42ed578) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;;;;RC) Target: \BaseNamedObjects \BaseNamedObjects\Shell_NotificationCallbacksOutstanding OBJECT: 0xFF1780D0(40750d0) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\PhoenixPowerPanel OBJECT: 0xFCC65E70(1282e70) Type: 10 Mutant SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\SETTermEvent OBJECT: 0xFF18F810(237b810) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\PowerProfileRegistrySemaphore OBJECT: 0xFCD62D10(137fd10) Type: 12 Semaphore SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) \BaseNamedObjects\__TgCommander__ OBJECT: 0xFF167A70(223da70) Type: 10 Mutant SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\AlpsPointEvent OBJECT: 0xFF1D3590(6c09590) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\AvSyncStateEventEMail OBJECT: 0xFF24F190(6743190) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\NAI_VIRUSSCAN_ODS OBJECT: 0xE1E9D100(6971100) Type: 17 Section SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E39E68(564de68) BasedAddress: 0x08A1B4C0 SizeOfSegment: 0x2ca8 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\VScanOds.mmf \BaseNamedObjects\WFP_IDLE_TRIGGER OBJECT: 0xFF24A2F0(68692f0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\jjCSCSharedEvent_UM_KM OBJECT: 0xFF28A5F0(58445f0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\WkssvcToAgentStartEvent OBJECT: 0xFF1FAFF0(f6fff0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\PnP_Init_Mutex OBJECT: 0xFF285E10(5a1ae10) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\ScNetDrvMsg OBJECT: 0xFF293B10(55dbb10) Type: 8 Event SecurityDescriptor: 0xE1E26858(546d858) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;DC;;;WD)(A;;0x1f0003;;;SY) \BaseNamedObjects\AvSyncStateEventAvsmcpa OBJECT: 0xFF24ED70(66c5d70) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventCCMail OBJECT: 0xFF24EFB0(66c5fb0) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\DHCPNEWIPADDRESS OBJECT: 0xFF281810(5bdd810) Type: 8 Event SecurityDescriptor: 0xE1E5FB18(5bbcb18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100002;;;WD) \BaseNamedObjects\DirectSound Administrator shared thread array (lock) OBJECT: 0xFF1FC150(d0b150) Type: 10 Mutant SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\mixercallback OBJECT: 0xFF24B830(66ea830) Type: 8 Event SecurityDescriptor: 0xE1340458(1ac8458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) \BaseNamedObjects\C:_Documents and Settings_Administrator_Cookies_index.dat_16384 OBJECT: 0xE1F6E4C0(1bce4c0) Type: 17 Section SecurityDescriptor: 0xE1C01258(1a9f258) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE12A1E48(18c4e48) BasedAddress: 0x098C94C8 SizeOfSegment: 0x4000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Cookies\index.dat \BaseNamedObjects\ISAPISearch_Perf_Library_Lock_PID_29c OBJECT: 0xFF271F10(5eb0f10) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\WINMGMT_LOADED OBJECT: 0xFF1EE9D0(74f9d0) Type: 8 Event SecurityDescriptor: 0xE13133D8(1ac03d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA)(A;;0x100002;;;WD) \BaseNamedObjects\WINMGMT_REGISTRATION_DONE OBJECT: 0xFF1EFEB0(6e9eb0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AvSyncStateEventDownScan OBJECT: 0xFF24F210(6743210) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\mxrapi OBJECT: 0xFF24BC50(66eac50) Type: 10 Mutant SecurityDescriptor: 0xE1EC0298(7a1f298) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) \BaseNamedObjects\GuardSemmmGlobalPnpInfoGuard OBJECT: 0xFF25ECD0(6397cd0) Type: 12 Semaphore SecurityDescriptor: 0xE1D30A58(42cba58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) \BaseNamedObjects\userenv: refresh timer for 176:336 OBJECT: 0xFF15CAF0(b14af0) Type: 13 Profile SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AvSyncStateEventInternet OBJECT: 0xFF24F1D0(67431d0) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\NAI_VIRUSSCAN_AVCONSOLEXCL OBJECT: 0xE1E989A0(6be79a0) Type: 17 Section SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E99988(6a4a988) BasedAddress: 0x08DF54C0 SizeOfSegment: 0x13d620 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Scan.mmf \BaseNamedObjects\__R_0000000000d4_SMem__ OBJECT: 0xE1E5D5A0(59fc5a0) Type: 17 Section SecurityDescriptor: 0xE1E5D4F8(59fc4f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1369288(26c4288) BasedAddress: 0x0895ACD8 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb \BaseNamedObjects\c:!documents and settings!administrator!cookies! OBJECT: 0xFF195670(1dae670) Type: 10 Mutant SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\SonyAsyncEvent10162 OBJECT: 0xFF147C30(1b68c30) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\AvSynchOnReqStateChangeMutex OBJECT: 0xFF25D990(639b990) Type: 10 Mutant SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\LSA_RPC_SERVER_ACTIVE OBJECT: 0xFF2965D0(53bd5d0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\crypt32LogoffEvent OBJECT: 0xFF290AF0(560baf0) Type: 8 Event SecurityDescriptor: 0xE1372438(2799438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100000;;;WD) \BaseNamedObjects\TgSchedUpdateJobsEventName OBJECT: 0xFF16C730(6f62730) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\AUTOENRL:TriggerUserEnrollment OBJECT: 0xFF21DB50(bbeb50) Type: 8 Event SecurityDescriptor: 0xE1DEE6F8(519c6f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) \BaseNamedObjects\SENS Started Event OBJECT: 0xFF1BD790(f0c790) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AvSynchStackMutex OBJECT: 0xFF24F450(6743450) Type: 10 Mutant SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\userenv: User Profile setup event OBJECT: 0xFCA25FF0(1042ff0) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\SonyAsyncEvent10164 OBJECT: 0xFF148ED0(19b4ed0) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\DirectSound Administrator capture focus array OBJECT: 0xE2046F40(8e0f40) Type: 17 Section SecurityDescriptor: 0xE1E541F8(588c1f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1309C48(1a32c48) BasedAddress: 0x00000080 SizeOfSegment: 0x4000 \BaseNamedObjects\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! OBJECT: 0xFF195BF0(1daebf0) Type: 10 Mutant SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\DDBurnerMutex OBJECT: 0xFF168790(7321790) Type: 10 Mutant SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\Alps_Apfilter_APC_Event OBJECT: 0xFF174550(448f550) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\WMI_SysEvent_UnLodCtr OBJECT: 0xFF1EFDF0(6e9df0) Type: 8 Event SecurityDescriptor: 0xE13133D8(1ac03d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA)(A;;0x100002;;;WD) \BaseNamedObjects\WINMGMT_MARSHALLING_SERVER OBJECT: 0xFF1F9A30(e90a30) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\ReSyncKernel OBJECT: 0xFF261630(615b630) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\mmGlobalPnpInfo OBJECT: 0xE1D30A00(42cba00) Type: 17 Section SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E78748(6449748) BasedAddress: 0x00000080 SizeOfSegment: 0x40000 \BaseNamedObjects\userenv: refresh timer for 176:948 OBJECT: 0xFF22C930(7aef930) Type: 13 Profile SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AvSyncStateMapping OBJECT: 0xE1E7C200(6657200) Type: 17 Section SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E7E3A8(662c3a8) BasedAddress: 0x08D2C4D0 SizeOfSegment: 0xdea80 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\Sync_map.mmf \BaseNamedObjects\NAI_VIRUSSCAN_AVCONSOLSCAN OBJECT: 0xE1E98C40(6be7c40) Type: 17 Section SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E99008(6a4a008) BasedAddress: 0x08DF2CC0 SizeOfSegment: 0x13d620 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Excl.mmf \BaseNamedObjects\NAI_VIRUSSCAN_OAS_EXL OBJECT: 0xE1E95880(683c880) Type: 17 Section SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12C99E8(19299e8) BasedAddress: 0x08DE04C8 SizeOfSegment: 0x6590 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dVS_Excl.mmf \BaseNamedObjects\userenv: User Group Policy has been applied OBJECT: 0xFF224830(a41830) Type: 8 Event SecurityDescriptor: 0xE1DEE6F8(519c6f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) \BaseNamedObjects\WINMGMT_CORE_DB_WRITE OBJECT: 0xFF1EFF70(6e9f70) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57} OBJECT: 0xFF19B610(5a5610) Type: 12 Semaphore SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\ShellReadyEvent OBJECT: 0xFF1904D0(214a4d0) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\winlogon: User GPO Event 85442 OBJECT: 0xFF21D7D0(bbe7d0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AUTOENRL: machine refresh timer for 176:736 OBJECT: 0xFF1CBF50(ae9f50) Type: 13 Profile SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\SC_AutoStartComplete OBJECT: 0xFF2971B0(53791b0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\_.-=[DFRWS2005]=-._ OBJECT: 0xE1E22A80(54d3a80) Type: 17 Section SecurityDescriptor: 0xE13283D8(1a913d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1C05EE8(5820ee8) BasedAddress: 0x00000080 SizeOfSegment: 0x10000 \BaseNamedObjects\NAI_VIRUSSCAN_GEN OBJECT: 0xE1E8A160(6a73160) Type: 17 Section SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12C3E48(190fe48) BasedAddress: 0x08D084D8 SizeOfSegment: 0x2630 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\VScanGen.mmf \BaseNamedObjects\_.-=[DFRWS2005]=-._ OBJECT: 0xE1E22A80(54d3a80) Type: 17 Section SecurityDescriptor: 0xE13283D8(1a913d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1C05EE8(5820ee8) BasedAddress: 0x00000080 SizeOfSegment: 0x10000 \BaseNamedObjects\DBWinMutex OBJECT: 0xFF16CF30(6f62f30) Type: 10 Mutant SecurityDescriptor: 0xE1ECC258(7207258) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;SY)(A;;0x1f0001;;;BA) \BaseNamedObjects\TgSchedUpdateListTwoEventName OBJECT: 0xFF168D30(7321d30) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\TgSchedNewUserEventName OBJECT: 0xFF167C70(223dc70) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\ScmCreatedEvent OBJECT: 0xFF2740F0(5dce0f0) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\NtmsDatafileBackupEvent OBJECT: 0xFF2A2BF0(517bbf0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\WINMGMT_MARSHALLING_SERVER_TERMINATE OBJECT: 0xFF1F63D0(35c3d0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\Global OBJECT: 0xFCC68950(1285950) Type: 3 SymbolicLink SecurityDescriptor: 0xE1D31578(42ed578) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;;;;RC) Target: \BaseNamedObjects \BaseNamedObjects\WINMGMT_COREDLL_CANSHUTDOWN OBJECT: 0xFF1F6410(35c410) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\ContentFilter_Perf_Library_Lock_PID_29c OBJECT: 0xFF15FD90(7aa0d90) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\ActSaverSEEvent OBJECT: 0xFF1B4EB0(34feb0) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\AlpsPointEuropa OBJECT: 0xFCDBFA90(13dca90) Type: 10 Mutant SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\AUTOENRL:TriggerMachineEnrollment OBJECT: 0xFF1BCE50(1a8de50) Type: 8 Event SecurityDescriptor: 0xE1DEE6F8(519c6f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) \BaseNamedObjects\WINMGMT_KEEP_NEW_CLIENTS_AT_BAY OBJECT: 0xFF1EFD30(6e9d30) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\Microsoft.RPC_Registry_Server OBJECT: 0xFF245550(6914550) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\DmioLoaded OBJECT: 0xFF261670(615b670) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_29c OBJECT: 0xFF1480D0(19b40d0) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\Alps_Auto OBJECT: 0xFF2651F0(5f0b1f0) Type: 10 Mutant SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\VSCAN_GEN_SEMAPHORE OBJECT: 0xFF25D030(639b030) Type: 10 Mutant SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AgentExistsEvent OBJECT: 0xFF28A5B0(58445b0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\NAI_VIRUSSCAN_AVCONSOL OBJECT: 0xE1E95680(683c680) Type: 17 Section SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12CAEC8(192aec8) BasedAddress: 0x08DE6CC0 SizeOfSegment: 0x6160 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\AVConsol.mmf \BaseNamedObjects\c:!documents and settings!administrator!local settings!history!history.ie5! OBJECT: 0xFF194EF0(202bef0) Type: 10 Mutant SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\WininetProxyRegistryMutex OBJECT: 0xFF19AB70(7bb9b70) Type: 10 Mutant SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\WinSta0_DesktopSwitch OBJECT: 0xFF29EDD0(5209dd0) Type: 8 Event SecurityDescriptor: 0xE1DE8458(510b458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100000;;;WD) \BaseNamedObjects\WDMAUD_Path_Size OBJECT: 0xE13A5300(2a31300) Type: 17 Section SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E820C8(66110c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 \BaseNamedObjects\HKserv OBJECT: 0xFCDBEB90(13dbb90) Type: 10 Mutant SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\NtmsSvcStopEvent OBJECT: 0xFF27B710(5cf0710) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\NAI_VS_STAT OBJECT: 0xFF230850(72d2850) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\SvcctrlStartEvent_A3752DX OBJECT: 0xFF296BD0(53bdbd0) Type: 8 Event SecurityDescriptor: 0xE1E1ABD8(537cbd8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-18 G: S-1-5-18 D:(A;;0x100000;;;WD)(A;;0x1f0003;;;SY) \BaseNamedObjects\Spooler_Perf_Library_Lock_PID_29c OBJECT: 0xFF12A8B0(69008b0) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AUTOENRL: user refresh timer for 176:212 OBJECT: 0xFF1BE550(5dc2550) Type: 13 Profile SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\C:_Documents and Settings_Administrator_Local Settings_Temporary Internet Files_Content.IE5_index.dat_32768 OBJECT: 0xE1F6E5C0(1bce5c0) Type: 17 Section SecurityDescriptor: 0xE1C01258(1a9f258) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1F6D9C8(200a9c8) BasedAddress: 0x098C8CC0 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat \BaseNamedObjects\_!MSFTHISTORY!_ OBJECT: 0xFF195C50(1daec50) Type: 10 Mutant SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\WINMGMT_CORE_BACKUP_DONE OBJECT: 0xFF1EFE70(6e9e70) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_29c OBJECT: 0xFF1FD830(e6a830) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\HPlugEjectEvent OBJECT: 0xFF18B2D0(2b842d0) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\AvSyncStateEventVsStat OBJECT: 0xFF24F290(6743290) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\IPSEC_POLICY_CHANGE_NOTIFY OBJECT: 0xFF23AA10(6d9ea10) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AvSyncStateEventScan32USER OBJECT: 0xFF24ED30(66c5d30) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\Sens Hidden Window Cleanup Event OBJECT: 0xFF22DDB0(7b03db0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\hardwaremixercallback OBJECT: 0xFF2329F0(70d39f0) Type: 8 Event SecurityDescriptor: 0xE1340458(1ac8458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) \BaseNamedObjects\SENS Information Cache OBJECT: 0xE1EAA460(6f08460) Type: 17 Section SecurityDescriptor: 0xE1EAB3B8(6cf23b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;LC;;;WD)(A;;DC;;;SY) Segment: 0xE12D7968(1954968) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 \BaseNamedObjects\WininetStartupMutex OBJECT: 0xFF1D4A10(45aaa10) Type: 10 Mutant SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\TgSchedExitEvent OBJECT: 0xFF167C30(223dc30) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\JogServ2 OBJECT: 0xFF261F50(615bf50) Type: 10 Mutant SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\RasPbFile OBJECT: 0xFF288630(5891630) Type: 10 Mutant SecurityDescriptor: 0xE1E5D318(59fc318) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) \BaseNamedObjects\NtmsDbChangeNotificationMutex OBJECT: 0xFF1CA210(6aab210) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_29c OBJECT: 0xFF271C30(5eb0c30) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_29c OBJECT: 0xFF22D450(7b03450) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\Perflib_Perfdata_29c OBJECT: 0xE1EED820(704a820) Type: 17 Section SecurityDescriptor: 0xE1008B78(15d9b78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;CCLCSWRC;;;BA) Segment: 0xE208A528(1a53528) BasedAddress: 0x096F54C0 SizeOfSegment: 0x4000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\Perflib_Perfdata_29c.dat \BaseNamedObjects\FaxStartedEvent OBJECT: 0xFF12B310(5aff310) Type: 8 Event SecurityDescriptor: 0xE1338438(1aaf438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) \BaseNamedObjects\NAI_VIRUSSCAN_ODS_EXL OBJECT: 0xE1E9F520(6dd6520) Type: 17 Section SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12CF408(191b408) BasedAddress: 0x08E08CC8 SizeOfSegment: 0x6590 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dExclDef.mmf \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1} OBJECT: 0xFF1DD650(3d92650) Type: 12 Semaphore SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\WDMAUD_Device_Interface_Path OBJECT: 0xE13911C0(295b1c0) Type: 17 Section SecurityDescriptor: 0xE1D30B78(42cbb78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E82588(6611588) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 \BaseNamedObjects\GuardEventmmGlobalPnpInfoGuard OBJECT: 0xFF25ED30(6397d30) Type: 8 Event SecurityDescriptor: 0xE1D30A58(42cba58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) \BaseNamedObjects\Fax_Perf_Library_Lock_PID_29c OBJECT: 0xFCC6B210(1288210) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AvSyncStateEventAvConsole OBJECT: 0xFF25BA10(65b9a10) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\DmAdminStop OBJECT: 0xFF2615D0(615b5d0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\ContentIndex_Perf_Library_Lock_PID_29c OBJECT: 0xFF23C4B0(6ab14b0) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\_SHuassist.mtx OBJECT: 0xFCCA9B10(12c6b10) Type: 10 Mutant SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\WINMGMT_PROVIDER_CANSHUTDOWN OBJECT: 0xFF223710(8e6710) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\ZonesCounterMutex OBJECT: 0xFF198C50(19d1c50) Type: 10 Mutant SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\RotHintTable OBJECT: 0xE1D57600(45cc600) Type: 17 Section SecurityDescriptor: 0xE1D3B378(1) Segment: 0xE1DC6008(50d5008) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 \BaseNamedObjects\NAI_VIRUSSCAN_OAS OBJECT: 0xE1E8D2A0(67d22a0) Type: 17 Section SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE136EB08(27a7b08) BasedAddress: 0x08DC6CC0 SizeOfSegment: 0x4a8c SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\VScanOas.mmf \BaseNamedObjects\userenv: user policy refresh event OBJECT: 0xFF1D6D10(58a0d10) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventManagement0 OBJECT: 0xFF24EEB0(66c5eb0) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventVsConfig OBJECT: 0xFF24EF70(66c5f70) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventVshWin32 OBJECT: 0xFF24F250(6743250) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\NAI_VIRUSSCAN_ODS_SCAN OBJECT: 0xE1E9F260(6dd6260) Type: 17 Section SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12B8808(18de808) BasedAddress: 0x08E10CD0 SizeOfSegment: 0x6590 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dScanDef.mmf \BaseNamedObjects\shell.{090851A5-EB96-11D2-8BE4-00C04FA31A66} OBJECT: 0xFF1B3B10(b56b10) Type: 12 Semaphore SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_index.dat_32768 OBJECT: 0xE1F73A60(2014a60) Type: 17 Section SecurityDescriptor: 0xE1C01258(1a9f258) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1F73CC8(2014cc8) BasedAddress: 0x098D6CC8 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat \BaseNamedObjects\WininetConnectionMutex OBJECT: 0xFF19A170(7bb9170) Type: 10 Mutant SecurityDescriptor: 0xE1C01698(1a9f698) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\WkssvcToAgentStopEvent OBJECT: 0xFF25B230(65b9230) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\RouterPreInitEvent OBJECT: 0xFF271A50(5eb0a50) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AvSyncStateEventManagement1 OBJECT: 0xFF24EE70(66c5e70) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\IPSEC_POLICY_CHANGE_EVENT OBJECT: 0xFF2352D0(6e372d0) Type: 8 Event SecurityDescriptor: 0xE1E182D8(541a2d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-18 G: S-1-5-18 D:(A;;0x1f0003;;;BA) \BaseNamedObjects\LDMAdmin OBJECT: 0xFF261590(615b590) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\PnP_No_Pending_Install_Events OBJECT: 0xFF27DCB0(5c70cb0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\Session OBJECT: 0xFCC68670(1285670) Type: 3 SymbolicLink SecurityDescriptor: 0xE1D31578(42ed578) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;;;;RC) Target: \Sessions\BNOLINKS \BaseNamedObjects\IAS_Perf_Library_Lock_PID_29c OBJECT: 0xFF17CD30(2c66d30) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\SeTimer0 OBJECT: 0xFF24B930(66ea930) Type: 13 Profile SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\ALPS_GP_DRIVER_SCROLL OBJECT: 0xE136C100(274b100) Type: 17 Section SecurityDescriptor: 0xE1E541F8(588c1f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1F490E8(40980e8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 \BaseNamedObjects\ExplorerIsShellMutex OBJECT: 0xFF1D24B0(67554b0) Type: 10 Mutant SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\wkssvc: MUP finished initializing event OBJECT: 0xFF1EE810(74f810) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AvSyncStateEventManagement2 OBJECT: 0xFF24EE30(66c5e30) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D} OBJECT: 0xFF2726F0(5f256f0) Type: 12 Semaphore SecurityDescriptor: 0xE1ED0018(606018) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\TgSchedUpdateListEventName OBJECT: 0xFF168D70(7321d70) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\AvSyncStateEventManagement3 OBJECT: 0xFF24EDF0(66c5df0) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\WINMGMT_COREDLL_LOADED OBJECT: 0xFF1EFFB0(6e9fb0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\SonyAsyncEvent10130 OBJECT: 0xFF173A90(44cea90) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\SeCommon1999 FileMap OBJECT: 0xE1E47FC0(2f1ffc0) Type: 17 Section SecurityDescriptor: 0xE1E541F8(588c1f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE12EA6C8(197a6c8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 \BaseNamedObjects\userenv: machine policy refresh event OBJECT: 0xFF1E92D0(7f52d0) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventManagement4 OBJECT: 0xFF24EDB0(66c5db0) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventLauncher OBJECT: 0xFF24EEF0(66c5ef0) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventScan32 OBJECT: 0xFF24F150(6743150) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\DirectSound Administrator shared thread array OBJECT: 0xE13257C0(1a8a7c0) Type: 17 Section SecurityDescriptor: 0xE1E541F8(588c1f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE12AAD68(18cbd68) BasedAddress: 0x00000080 SizeOfSegment: 0x5000 \BaseNamedObjects\VSCAN_OAS_SEMAPHORE OBJECT: 0xFF250ED0(6797ed0) Type: 10 Mutant SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventConfWiz OBJECT: 0xFF24EFF0(66c5ff0) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventMcUpdate OBJECT: 0xFF24E030(66c5030) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\WDMAUD_Callbacks OBJECT: 0xE136EFC0(27a7fc0) Type: 17 Section SecurityDescriptor: 0xE1E5D3B8(59fc3b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;DCLC;;;WD) Segment: 0xE1E7DC48(6857c48) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 \BaseNamedObjects\winlogon: machine GPO Event 34810 OBJECT: 0xFF1E9C30(7f5c30) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\WINMGMT_NEED_REGISTRATION OBJECT: 0xFF1EFEF0(6e9ef0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\PS_SERVICE_STARTED OBJECT: 0xFF242570(697f570) Type: 8 Event SecurityDescriptor: 0xE1DE8458(510b458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100000;;;WD) \BaseNamedObjects\DirectSound Administrator capture focus array (lock) OBJECT: 0xFF151590(c4f590) Type: 10 Mutant SecurityDescriptor: 0xE1EE0118(3c9a118) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\GuardMutexmmGlobalPnpInfoGuard OBJECT: 0xFF25ED70(6397d70) Type: 10 Mutant SecurityDescriptor: 0xE1D31CB8(42edcb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x100000;;;WD) \BaseNamedObjects\RSVP_Perf_Library_Lock_PID_29c OBJECT: 0xFF15CF30(b14f30) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_29c OBJECT: 0xFF1D7D70(458ad70) Type: 10 Mutant SecurityDescriptor: 0xE12EC5D8(19a45d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\TgSchedUpdateJobsTwoEventName OBJECT: 0xFF16C770(6f62770) Type: 8 Event SecurityDescriptor: 0xE13306D8(1ac26d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\WMI_SysEvent_LodCtr OBJECT: 0xFF1EFE30(6e9e30) Type: 8 Event SecurityDescriptor: 0xE13133D8(1ac03d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA)(A;;0x100002;;;WD) \BaseNamedObjects\AvSyncStateEventNaAmgCfg OBJECT: 0xFF24ECB0(66c5cb0) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventMcStub OBJECT: 0xFF24ECF0(66c5cf0) Type: 8 Event SecurityDescriptor: 0xE1DC2F58(6308f58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvServiceOptionsFlushEvent OBJECT: 0xFF25BC30(65b9c30) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \??\ Directory: 0xFCE00630(141d630) \??\D: OBJECT: 0xFCE11390(142e390) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume2 TargetObject: 0xFCE117F0 \??\Volume{bf50ce30-d140-11d9-9869-806d6172696f} OBJECT: 0xFCE113F0(142e3f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume1 TargetObject: 0xFCE11B10 \??\NDIS OBJECT: 0xFCD4C6D0(13696d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Ndis TargetObject: 0xFCD827D0 \??\PCI#VEN_8086&DEV_2445&SUBSYS_80E0104D&REV_03#3&61aaa01&0&FD#{65e8773d-8f56-11d0-a3b9-00a0c9223196} OBJECT: 0xFCD1ED90(133bd90) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0008 TargetObject: 0xFCD52030 \??\FSKS0 OBJECT: 0xFF260C30(6363c30) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\FSKS0 TargetObject: 0xFF2609D0 \??\DISPLAY1 OBJECT: 0xFCD226D0(133f6d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Video0 TargetObject: 0xFCDC5038 \??\STORAGE#Volume#1&30a96598&0&Signature5CDFECDCOffset7E00Length2629FF3200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFF1758F0(45358f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume4 TargetObject: 0xFF17CB50 \??\FDC#GENERIC_FLOPPY_DRIVE#5&35ef02a&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCD68E30(1385e30) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\FloppyPDO0 TargetObject: 0xFCD359B0 \??\ACPI#PNP0303#4&2ab4e1f1&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} OBJECT: 0xFCD730D0(13900d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\0000001c TargetObject: 0xFCD2E450 \??\DISPLAY2 OBJECT: 0xFCD63290(1380290) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Video1 TargetObject: 0xFCD62040 \??\Root#SYSTEM#0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196} OBJECT: 0xFCD698B0(13868b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00502a TargetObject: 0xFCE15230 \??\ACPI#PNP0401#4&2ab4e1f1&0#{97f76ef0-f883-11d0-af1f-0000f800845c} OBJECT: 0xFCD32130(134f130) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000022 TargetObject: 0xFCD2DCD0 \??\DmIoDaemon OBJECT: 0xFCD861B0(13a31b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\DmControl\DmIoDaemon TargetObject: 0xFCD86210 \??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} OBJECT: 0xFCDE01F0(13fd1f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000003 TargetObject: 0xFCD538B0 \??\Ip OBJECT: 0xFCCF0470(130d470) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Ip TargetObject: 0xFCCF0230 \??\DISPLAY3 OBJECT: 0xFCD62B50(137fb50) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Video2 TargetObject: 0xFCCF2040 \??\E: OBJECT: 0xFCDBCF70(13d9f70) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\CdRom0 TargetObject: 0xFCD44BD0 \??\IPSECDev OBJECT: 0xFF1E2230(4001230) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\IPSEC TargetObject: 0xFF1ED6F0 \??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} OBJECT: 0xFCD6B850(1388850) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\004529 TargetObject: 0xFCE15C30 \??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} OBJECT: 0xFCDDF910(13fc910) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000002 TargetObject: 0xFCD88710 \??\{48B2AFEE-E0A0-41E0-B2FD-B0E4E3993429} OBJECT: 0xFCD1EBB0(133bbb0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\{48B2AFEE-E0A0-41E0-B2FD-B0E4E3993429} TargetObject: 0xFCD421B0 \??\$VDMLPT1 OBJECT: 0xFF2714D0(5eb04d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1331158(1ac3158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\ParallelVdm0 TargetObject: 0xFF271370 \??\USB#Vid_054c&Pid_0056#5&c3eea8&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} OBJECT: 0xFCCF68D0(13138d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\USBPDO-2 TargetObject: 0xFCCF6030 \??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} OBJECT: 0xFCD69B90(1386b90) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00502a TargetObject: 0xFCE15230 \??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a} OBJECT: 0xFCD32030(134f030) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000026 TargetObject: 0xFCDC7230 \??\CompositeBattery OBJECT: 0xFCE151D0(14321d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\CompositeBattery TargetObject: 0xFCDC9370 \??\F: OBJECT: 0xFF20B2F0(ee22f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume4 TargetObject: 0xFF17CB50 \??\Volume{bf50ce31-d140-11d9-9869-806d6172696f} OBJECT: 0xFCE11330(142e330) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume2 TargetObject: 0xFCE117F0 \??\SBP2#Sony&i.LINK_DVD-ROM_Drive&LUN0#0800460300ca8454#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCD212F0(133e2f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Sbp2\潓祮&⹩䥌䭎䐠䑖刭䵏䐠楲敶&0&08004603_00ca8454_Instance00 TargetObject: 0xFCD83B70 \??\WMIDataDevice OBJECT: 0xFCDF61D0(14131d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\WMIDataDevice TargetObject: 0xFCDF4430 \??\COM1 OBJECT: 0xFCD32530(134f530) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Serial0 TargetObject: 0xFCD7F5E0 \??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196} OBJECT: 0xFCD69BF0(1386bf0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00502a TargetObject: 0xFCE15230 \??\PIPE OBJECT: 0xFCC93E30(12b0e30) Type: 3 SymbolicLink SecurityDescriptor: 0xE1331158(1ac3158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\NamedPipe TargetObject: 0xFCCF24D0 \??\FAX0 OBJECT: 0xFF24C550(65cb550) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\FAX0 TargetObject: 0xFF2227D0 \??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000} OBJECT: 0xFCD69CB0(1386cb0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00502a TargetObject: 0xFCE15230 \??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788} OBJECT: 0xFF24E170(66c5170) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\KSENUM#00000002 TargetObject: 0xFF24FA70 \??\UdfReadr OBJECT: 0xFCD61F10(137ef10) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\UdfReadr TargetObject: 0xFCD612B0 \??\COM3 OBJECT: 0xFCDBF290(13dc290) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Winachsf0 TargetObject: 0xFCDBE040 \??\UNC OBJECT: 0xFCC93D70(12b0d70) Type: 3 SymbolicLink SecurityDescriptor: 0xE1331158(1ac3158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\Mup TargetObject: 0xFCD45890 \??\USB#ROOT_HUB#4&13d6cd5a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} OBJECT: 0xFCD350B0(13520b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\USBPDO-0 TargetObject: 0xFCD31990 \??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196} OBJECT: 0xFCD69C50(1386c50) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00502a TargetObject: 0xFCE15230 \??\HCD0 OBJECT: 0xFCDC4370(13e1370) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HCD0 TargetObject: 0xFCD7D710 \??\V1240 OBJECT: 0xFCC6FF70(128cf70) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\V1240 TargetObject: 0xFF1F6BF0 \??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} OBJECT: 0xFCD6AC10(1387c10) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\004729 TargetObject: 0xFCE15830 \??\HCD1 OBJECT: 0xFCD7D110(139a110) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HCD1 TargetObject: 0xFCD7D170 \??\Volume{3b8360a0-d5cb-11d9-9872-0800460222f0} OBJECT: 0xFF146D70(265d70) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume4 TargetObject: 0xFF17CB50 \??\PhysicalDrive0 OBJECT: 0xFCE12970(142f970) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk0\DR0 TargetObject: 0xFCE12030 \??\USB#Vid_0d49&Pid_5020#Y42L8W0E____#{a5dcbf10-6530-11d2-901f-00c04fb951ed} OBJECT: 0xFF0F42D0(60122d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\USBPDO-3 TargetObject: 0xFF250A90 \??\PRN OBJECT: 0xFCC93DD0(12b0dd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1331158(1ac3158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \DosDevices\LPT1 \??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} OBJECT: 0xFCD69A90(1386a90) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00502a TargetObject: 0xFCE15230 \??\PCI#VEN_8086&DEV_2449&SUBSYS_30138086&REV_03#4&13b53951&0&40F0#{ad498944-762f-11d0-8dcb-00c04fc3358c} OBJECT: 0xFCD74730(1391730) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0012 TargetObject: 0xFCD2C770 \??\{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFCDBCDD0(13d9dd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} TargetObject: 0xFCD80030 \??\RKSAMPLE0 OBJECT: 0xFCD7D0B0(139a0b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\RKSAMPLE0 TargetObject: 0xFCDBF350 \??\PhysicalDrive1 OBJECT: 0xFCD64030(1381030) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk1\DR3 TargetObject: 0xFCD659F0 \??\CdRom0 OBJECT: 0xFCD44B70(1361b70) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\CdRom0 TargetObject: 0xFCD44BD0 \??\TONES0 OBJECT: 0xFF224410(a41410) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\TONES0 TargetObject: 0xFF2242F0 \??\sysaudio OBJECT: 0xFF24F7F0(67437f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\sysaudio TargetObject: 0xFF24E470 \??\fsWrap OBJECT: 0xFCC9A8B0(12b78b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\FsWrap \??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} OBJECT: 0xFCD697F0(13867f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00502a TargetObject: 0xFCE15230 \??\ACPI#ThermalZone#ATF0#{4afa3d51-74a7-11d0-be5e-00a0c9062857} OBJECT: 0xFCD530D0(13700d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000006 TargetObject: 0xFCD53550 \??\S: OBJECT: 0xFCD645D0(13815d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk1\DP(1)0-0+4 TargetObject: 0xFCD64230 \??\Volume{bf50ce32-d140-11d9-9869-0800460222f0} OBJECT: 0xFCDBCE30(13d9e30) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\CdRom0 TargetObject: 0xFCD44BD0 \??\PhysicalDrive2 OBJECT: 0xFF25FB90(628fb90) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk2\DR7 TargetObject: 0xFF0C1BF0 \??\MbMmDp32 OBJECT: 0xFF270E10(6069e10) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\MbMmDp32 TargetObject: 0xFF270B70 \??\ACPI#PNP0501#4&2ab4e1f1&0#{86e0d1e0-8089-11d0-9ce4-08003e301f73} OBJECT: 0xFCD32EF0(134fef0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000021 TargetObject: 0xFCD2DDF0 \??\Global OBJECT: 0xFCE00570(141d570) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007C38(15a8c38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;OICIIO;GX;;;WD)(A;OICIIO;GA;;;BA)(A;OICIIO;GA;;;SY)(A;OICIIO;GA;;;CO) Target: \?? \??\Apfiltr OBJECT: 0xFCD1F230(133c230) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Apfiltr TargetObject: 0xFCD339F0 \??\HxDefDriver OBJECT: 0xFF1C4210(6758210) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HxDefDriver TargetObject: 0xFF1FC810 \??\PxHelperDevice0 OBJECT: 0xFCD26570(1343570) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\PxHelperDevice0 TargetObject: 0xFCD265D0 \??\USB#ROOT_HUB#4&889adf6&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} OBJECT: 0xFCD684B0(13854b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\USBPDO-1 TargetObject: 0xFCD6FB50 \??\WGNTHLPR OBJECT: 0xFCD82570(139f570) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\wgnthlpr TargetObject: 0xFCD45670 \??\Pcmcia0 OBJECT: 0xFCD88B70(13a5b70) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Pcmcia0 TargetObject: 0xFCD86D10 \??\Volume{6ef5db51-0826-11d5-91ea-d8eb1c843889} OBJECT: 0xFCD64630(1381630) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk1\DP(1)0-0+4 TargetObject: 0xFCD64230 \??\Volume{77c3bd41-075c-11d5-9f1a-806d6172696f} OBJECT: 0xFCD68DD0(1385dd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Floppy0 TargetObject: 0xFCD31030 \??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788} OBJECT: 0xFF24E0F0(66c50f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\KSENUM#00000002 TargetObject: 0xFF24FA70 \??\PCI#VEN_8086&DEV_2446&SUBSYS_80E0104D&REV_03#3&61aaa01&0&FE#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42} OBJECT: 0xFCD1ED30(133bd30) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0009 TargetObject: 0xFCD52E30 \??\PCI#VEN_8086&DEV_2445&SUBSYS_80E0104D&REV_03#3&61aaa01&0&FD#{6994ad04-93ef-11d0-a3cc-00a0c9223196} OBJECT: 0xFCD1EEB0(133beb0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0008 TargetObject: 0xFCD52030 \??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1} OBJECT: 0xFCD69850(1386850) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00502a TargetObject: 0xFCE15230 \??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000} OBJECT: 0xFCD699D0(13869d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00502a TargetObject: 0xFCE15230 \??\Root#SYSTEM#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196} OBJECT: 0xFCD69910(1386910) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00502a TargetObject: 0xFCE15230 \??\Root#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} OBJECT: 0xFCD32BD0(134fbd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00482a TargetObject: 0xFCE15630 \??\STORAGE#Volume#1&30a96598&0&SignatureC5E4C5E4Offset7E00Length179FE0800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCE11290(142e290) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume1 TargetObject: 0xFCE11B10 \??\Root#SYSTEM#0000#{085aff00-62ce-11cf-a5d6-28db04c10000} OBJECT: 0xFCD69970(1386970) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00502a TargetObject: 0xFCE15230 \??\ACPI#SNY6001#4&2ab4e1f1&0#{08f3ee1a-8854-11d2-bd7a-080046019d65} OBJECT: 0xFCD32FD0(134ffd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\0000001f TargetObject: 0xFCD2D030 \??\MountPointManager OBJECT: 0xFCD4DB50(136ab50) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\MountPointManager TargetObject: 0xFCD4DBB0 \??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788} OBJECT: 0xFF24E090(66c5090) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\KSENUM#00000002 TargetObject: 0xFF24FA70 \??\{E41F8207-9EAD-4C09-8BC4-06F8E425196E} OBJECT: 0xFCD6ABB0(1387bb0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\{E41F8207-9EAD-4C09-8BC4-06F8E425196E} TargetObject: 0xFCD22730 \??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} OBJECT: 0xFCD1EA50(133ba50) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\004429 TargetObject: 0xFCE15E30 \??\DmConfig OBJECT: 0xFCD85130(13a2130) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\DmControl\DmConfig TargetObject: 0xFCD86490 \??\WanArp OBJECT: 0xFCCA65B0(12c35b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\WANARP TargetObject: 0xFCCA6610 \??\K560 OBJECT: 0xFF25EFD0(6397fd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\K560 TargetObject: 0xFF25C590 \??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCD470D0(13640d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\000421 TargetObject: 0xFCE181B0 \??\BiosView OBJECT: 0xFCD63970(1380970) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\BiosView TargetObject: 0xFCD63750 \??\STORAGE#Volume#1&30a96598&0&SignatureC5E4C5E4Offset179FF0400Length20A215400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCD4C510(1369510) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume2 TargetObject: 0xFCE117F0 \??\SBP2#Sony&i.LINK_DVD-ROM_Drive&LUN0#0800460300ca8454#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCDBCFD0(13d9fd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Sbp2\潓祮&⹩䥌䭎䐠䑖刭䵏䐠楲敶&0&08004603_00ca8454_Instance00 TargetObject: 0xFCD83B70 \??\DmTrace OBJECT: 0xFCD86150(13a3150) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\DmControl\DmTrace \??\A: OBJECT: 0xFCD68D70(1385d70) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Floppy0 TargetObject: 0xFCD31030 \??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCDC8030(13e5030) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\000321 TargetObject: 0xFCE183B0 \??\ICH0 OBJECT: 0xFF25E270(6397270) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\ICH0 TargetObject: 0xFF25E850 \??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} OBJECT: 0xFCD69790(1386790) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00502a TargetObject: 0xFCE15230 \??\NDISWANIP OBJECT: 0xFCD1E730(133b730) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NdisWanIp TargetObject: 0xFCD7BA70 \??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788} OBJECT: 0xFF25E570(6397570) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\KSENUM#00000002 TargetObject: 0xFF24FA70 \??\AmosNTDevice0 OBJECT: 0xFF271850(5eb0850) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\AmosNTDevice0 TargetObject: 0xFF271610 \??\Scsi0: OBJECT: 0xFCD4D550(136a550) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Ide\IdePort0 TargetObject: 0xFCD4A030 \??\ACPI#PNP0501#4&2ab4e1f1&0#{4d36e978-e325-11ce-bfc1-08002be10318} OBJECT: 0xFCD327B0(134f7b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000021 TargetObject: 0xFCD2DDF0 \??\STORAGE#RemovableMedia#7&1f016071&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCD64D10(1381d10) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk1\DP(1)0-0+4 TargetObject: 0xFCD64230 \??\PCI#VEN_8086&DEV_2445&SUBSYS_80E0104D&REV_03#3&61aaa01&0&FD#{dda54a40-1e4c-11d1-a050-405705c10000} OBJECT: 0xFCD1EE50(133be50) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0008 TargetObject: 0xFCD52030 \??\1394BUS0 OBJECT: 0xFCDE3030(1400030) Type: 3 SymbolicLink SecurityDescriptor: 0xE1331158(1ac3158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\1394BUS0 TargetObject: 0xFCDCA028 \??\USBSTOR#Disk&Ven_Sony&Prod_MSC-U02&Rev_1.00#6&b6e8466&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCD64DD0(1381dd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000030 TargetObject: 0xFCD65030 \??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} OBJECT: 0xFCD69D90(1386d90) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00502a TargetObject: 0xFCE15230 \??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} OBJECT: 0xFCD6B270(1388270) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\004629 TargetObject: 0xFCE15A30 \??\PTILINK1 OBJECT: 0xFCD7A290(1397290) Type: 3 SymbolicLink SecurityDescriptor: 0xE1331158(1ac3158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\ParTechInc0 TargetObject: 0xFCDBD030 \??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407} OBJECT: 0xFCD69A30(1386a30) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00502a TargetObject: 0xFCE15230 \??\NdisWan OBJECT: 0xFCD6B0F0(13880f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NdisWan TargetObject: 0xFCD1D030 \??\IPMULTICAST OBJECT: 0xFCCF0170(130d170) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\IPMULTICAST TargetObject: 0xFCCC5870 \??\STORAGE#RemovableMedia#7&1f016071&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCD64170(1381170) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk1\DP(1)0-0+4 TargetObject: 0xFCD64230 \??\LPT1 OBJECT: 0xFCD49CB0(1366cb0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1331158(1ac3158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\Parallel0 TargetObject: 0xFCD1C040 \??\PTILINK2 OBJECT: 0xFCD7A130(1397130) Type: 3 SymbolicLink SecurityDescriptor: 0xE1331158(1ac3158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\ParTechInc1 TargetObject: 0xFCDBDD90 \??\Shadow OBJECT: 0xFCC96610(12b3610) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\LanmanRedirector TargetObject: 0xFCC95030 \??\PTILINK3 OBJECT: 0xFCD7A0D0(13970d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1331158(1ac3158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\ParTechInc2 TargetObject: 0xFCDBDAF0 \??\SmwdmDev OBJECT: 0xFCDC05D0(13dd5d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Smwdm0 TargetObject: 0xFCDC0630 \??\FtControl OBJECT: 0xFCD53AF0(1370af0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\FtControl TargetObject: 0xFCD86A70 \??\C: OBJECT: 0xFCD4C4B0(13694b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume1 TargetObject: 0xFCE11B10 \??\MAILSLOT OBJECT: 0xFCC93EF0(12b0ef0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1331158(1ac3158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\MailSlot \??\WMIServiceDevice OBJECT: 0xFCE18150(1435150) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\WMIServiceDevice TargetObject: 0xFCDF4550 \??\FALLBACK0 OBJECT: 0xFF2747D0(5dce7d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\FALLBACK0 TargetObject: 0xFF25F6D0 \??\ACPI#PNP0F13#4&2ab4e1f1&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd} OBJECT: 0xFCD1F110(133c110) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\0000001d TargetObject: 0xFCD2E330 \??\AUX OBJECT: 0xFCD6A3F0(13873f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1331158(1ac3158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \DosDevices\COM1 \??\PCI#VEN_8086&DEV_2446&SUBSYS_80E0104D&REV_03#3&61aaa01&0&FE#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4} OBJECT: 0xFCD1EC10(133bc10) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0009 TargetObject: 0xFCD52E30 \??\NUL OBJECT: 0xFCC93E90(12b0e90) Type: 3 SymbolicLink SecurityDescriptor: 0xE1331158(1ac3158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\Null TargetObject: 0xFCCF36D0 \??\PCI#VEN_8086&DEV_2445&SUBSYS_80E0104D&REV_03#3&61aaa01&0&FD#{65e8773e-8f56-11d0-a3b9-00a0c9223196} OBJECT: 0xFCD1EDF0(133bdf0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0008 TargetObject: 0xFCD52030 \??\{A5F8B43B-175B-45CA-9615-2BD6B11D4F33} OBJECT: 0xFCD6B210(1388210) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\{A5F8B43B-175B-45CA-9615-2BD6B11D4F33} TargetObject: 0xFCD22030 \??\Conexant-Ambit SoftK56 Data,Fax ICH Modem OBJECT: 0xFCDBF170(13dc170) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0009 TargetObject: 0xFCD52E30 \??\GLOBALROOT OBJECT: 0xFCE005D0(141d5d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007C38(15a8c38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;OICIIO;GX;;;WD)(A;OICIIO;GA;;;BA)(A;OICIIO;GA;;;SY)(A;OICIIO;GA;;;CO) Target: \??\USBSTOR#Disk&Ven_Maxtor&Prod_5000DV_v01.00.00&Rev_0100#6&204eb1f5&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFF150850(c95850) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000034 TargetObject: 0xFF1006B0 \??\ACPI#SNY5001#4&2ab4e1f1&0#{f304eb09-5c5f-11d2-b53f-0800460198ac} OBJECT: 0xFCD32810(134f810) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000020 TargetObject: 0xFCD2DF10 \??\IDE#DiskHITACHI_DK23BA-15_______________________00E1A0E2#5&33f38e66&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCE11FD0(142efd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Ide\IdeDeviceP0T0L0-2 TargetObject: 0xFCD49030 \??\{0CC8543F-8126-4073-8C04-07B3E7BFB4C3} OBJECT: 0xFCD6B7F0(13887f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\{0CC8543F-8126-4073-8C04-07B3E7BFB4C3} TargetObject: 0xFCD7A590 \??\DmInfo OBJECT: 0xFCD2C390(1349390) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\DmControl\DmInfo TargetObject: 0xFCD86350 \FileSystem\ Directory: 0xFCE18030(1435030) \FileSystem\NetBIOS OBJECT: 0xFCCA62D0(12c32d0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCA61A8 \SystemRoot\System32\DRIVERS\netbios.sys \FileSystem\Fastfat OBJECT: 0xFCE11550(142e550) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE259A8 Fastfat.sys \FileSystem\Rdbss OBJECT: 0xFCCB1AB0(12ceab0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCB1A28 \SystemRoot\System32\DRIVERS\rdbss.sys \FileSystem\UdfReadr OBJECT: 0xFCD61E10(137ee10) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD61FA8 \SystemRoot\System32\Drivers\UdfReadr.SYS \FileSystem\Msfs OBJECT: 0xFCCF2F30(130ff30) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD62AC8 \SystemRoot\System32\Drivers\Msfs.SYS \FileSystem\MRxSmb OBJECT: 0xFCC96510(12b3510) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC966A8 \SystemRoot\System32\DRIVERS\mrxsmb.sys \FileSystem\NtfsRecognizer OBJECT: 0xFCCF3AB0(1310ab0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD649F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD64968 \SystemRoot\System32\Drivers\Fs_Rec.SYS \FileSystem\UdfsCdRomRecognizer OBJECT: 0xFCCF3D90(1310d90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD649F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD64968 \SystemRoot\System32\Drivers\Fs_Rec.SYS \FileSystem\Srv OBJECT: 0xFF22C830(7aef830) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF22CE68 \SystemRoot\System32\DRIVERS\srv.sys \FileSystem\NaiFsRec OBJECT: 0xFCD45790(1362790) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25828 NaiFsRec.sys \FileSystem\Mup OBJECT: 0xFCD826D0(139f6d0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25788 Mup.sys \FileSystem\RAW OBJECT: 0xFCE14E50(1431e50) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \FileSystem\Npfs OBJECT: 0xFCCF2810(130f810) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCF29A8 \SystemRoot\System32\Drivers\Npfs.SYS \FileSystem\Fs_Rec OBJECT: 0xFCD649F0(13819f0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD64968 \SystemRoot\System32\Drivers\Fs_Rec.SYS \FileSystem\Cdfs OBJECT: 0xFF1F6AF0(35caf0) Type: 24 Driver SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF225788 \SystemRoot\System32\Drivers\Cdfs.SYS \FileSystem\CdfsRecognizer OBJECT: 0xFCCF3EB0(1310eb0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD649F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD64968 \SystemRoot\System32\Drivers\Fs_Rec.SYS \FileSystem\UdfsDiskRecognizer OBJECT: 0xFCCF3C70(1310c70) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD649F0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD64968 \SystemRoot\System32\Drivers\Fs_Rec.SYS \ObjectTypes\ Directory: 0xFCE00730(141d730) \ObjectTypes\Directory OBJECT: 0xFCE254A0(14424a0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Mutant OBJECT: 0xFCDFE940(141b940) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Thread OBJECT: 0xFCE00040(141d040) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Controller OBJECT: 0xFCDF8820(1415820) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Profile OBJECT: 0xFCDFE320(141b320) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Event OBJECT: 0xFCE001A0(141d1a0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Type OBJECT: 0xFCE255A0(14425a0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Section OBJECT: 0xFCDFD480(141a480) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\EventPair OBJECT: 0xFCDFEA40(141ba40) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\SymbolicLink OBJECT: 0xFCE253A0(14423a0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Desktop OBJECT: 0xFCDFDF40(141af40) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Timer OBJECT: 0xFCDFE420(141b420) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\File OBJECT: 0xFCDF8420(1415420) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\WindowStation OBJECT: 0xFCDFD040(141a040) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Driver OBJECT: 0xFCDF8620(1415620) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\WmiGuid OBJECT: 0xFCDF47E0(14117e0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Device OBJECT: 0xFCDF8720(1415720) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Token OBJECT: 0xFCE252A0(14422a0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\IoCompletion OBJECT: 0xFCDF8520(1415520) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Process OBJECT: 0xFCE25160(1442160) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Adapter OBJECT: 0xFCDF8920(1415920) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Key OBJECT: 0xFCDFCA40(1419a40) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Job OBJECT: 0xFCE00F40(141df40) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\WaitablePort OBJECT: 0xFCDF8BE0(1415be0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Port OBJECT: 0xFCDF8CE0(1415ce0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Callback OBJECT: 0xFCDFE840(141b840) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Semaphore OBJECT: 0xFCDFE520(141b520) Type: 1 Type SecurityDescriptor: (null) \Security\ Directory: 0xFCDFD730(141a730) \Security\TRKWKS_EVENT OBJECT: 0xFCDF8A10(1415a10) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \Security\TRKWKS_PORT OBJECT: 0xFF1F65C0(35c5c0) Type: 20 Adapter \Security\LSA_AUTHENTICATION_INITIALIZED OBJECT: 0xFCE00150(141d150) Type: 8 Event SecurityDescriptor: 0xE1368D98(2696d98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x120001;;;WD)(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \Security\NetworkProviderLoad OBJECT: 0xFF29E750(5209750) Type: 8 Event SecurityDescriptor: 0xE132AD18(1a97d18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;BA) \Callback\ Directory: 0xFCDFF2D0(141c2d0) \Callback\SetSystemTime OBJECT: 0xFCDFE6D0(141b6d0) Type: 11 Callback SecurityDescriptor: 0xE1007A18(15a8a18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120000;;;BA) \Callback\PowerState OBJECT: 0xFCDFE610(141b610) Type: 11 Callback SecurityDescriptor: 0xE1007A18(15a8a18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120000;;;BA) \Callback\SetSystemState OBJECT: 0xFCDFE670(141b670) Type: 11 Callback SecurityDescriptor: 0xE1007A18(15a8a18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120000;;;BA) \KnownDlls\ Directory: 0xFCC92EB0(12afeb0) \KnownDlls\gdi32.dll OBJECT: 0xE13C3340(3137340) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13C43E8(31fd3e8) BasedAddress: 0x2E8F3C20 SizeOfSegment: 0x3c000 SecurityDescriptor: (null) Path: HarddiskVolume1gdi32.dll \KnownDlls\imagehlp.dll OBJECT: 0xE13C5FC0(32a0fc0) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13C5008(32a0008) BasedAddress: 0x2E8F5C38 SizeOfSegment: 0x22000 SecurityDescriptor: (null) Path: HarddiskVolume1imagehlp.dll \KnownDlls\url.dll OBJECT: 0xE13CA600(32c8600) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13C7828(3284828) BasedAddress: 0x2E914C20 SizeOfSegment: 0x17000 SecurityDescriptor: (null) Path: HarddiskVolume1url.dll \KnownDlls\MPR.dll OBJECT: 0xE13CD7E0(32ef7e0) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE1378E08(2822e08) BasedAddress: 0x2E92D420 SizeOfSegment: 0x10000 SecurityDescriptor: (null) Path: HarddiskVolume1MPR.dll \KnownDlls\ole32.dll OBJECT: 0xE13C5220(32a0220) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13C6468(32c1468) BasedAddress: 0x2E8FDC38 SizeOfSegment: 0xf5000 SecurityDescriptor: (null) Path: HarddiskVolume1ole32.dll \KnownDlls\urlmon.dll OBJECT: 0xE13CC040(330c040) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13CB008(330b008) BasedAddress: 0x2E917430 SizeOfSegment: 0x71000 SecurityDescriptor: (null) Path: HarddiskVolume1urlmon.dll \KnownDlls\lz32.dll OBJECT: 0xE13C5900(32a0900) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13C4608(31fd608) BasedAddress: 0x2E8FAC30 SizeOfSegment: 0x6000 SecurityDescriptor: (null) Path: HarddiskVolume1lz32.dll \KnownDlls\olesvr32.dll OBJECT: 0xE13C7B80(3284b80) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13C89C8(32a59c8) BasedAddress: 0x2E908430 SizeOfSegment: 0x9000 SecurityDescriptor: (null) Path: HarddiskVolume1olesvr32.dll \KnownDlls\wldap32.dll OBJECT: 0xE13CB3E0(330b3e0) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13CB428(330b428) BasedAddress: 0x2E922428 SizeOfSegment: 0x29000 SecurityDescriptor: (null) Path: HarddiskVolume1wldap32.dll \KnownDlls\shell32.dll OBJECT: 0xE13C7360(3284360) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13C95C8(32e65c8) BasedAddress: 0x2E911C30 SizeOfSegment: 0x242000 SecurityDescriptor: (null) Path: HarddiskVolume1shell32.dll \KnownDlls\user32.dll OBJECT: 0xE13CBC40(330bc40) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13CCD28(330cd28) BasedAddress: 0x2E91A428 SizeOfSegment: 0x64000 SecurityDescriptor: (null) Path: HarddiskVolume1user32.dll \KnownDlls\version.dll OBJECT: 0xE13CCAA0(330caa0) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13C91E8(32e61e8) BasedAddress: 0x2E91C430 SizeOfSegment: 0x7000 SecurityDescriptor: (null) Path: HarddiskVolume1version.dll \KnownDlls\olecli32.dll OBJECT: 0xE13C8D80(32a5d80) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE1331B68(1ac3b68) BasedAddress: 0x2E903438 SizeOfSegment: 0x13000 SecurityDescriptor: (null) Path: HarddiskVolume1olecli32.dll \KnownDlls\KnownDllPath OBJECT: 0xFCC93190(12b0190) Type: 3 SymbolicLink SecurityDescriptor: 0xE13C02B8(30dc2b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCRC;;;RC)(A;;CCSDRCWDWO;;;BA) Target: C:\WINNT\system32 \KnownDlls\COMCTL32.DLL OBJECT: 0xE13CEB80(3350b80) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13CDD28(32efd28) BasedAddress: 0x2E927438 SizeOfSegment: 0x89000 SecurityDescriptor: (null) Path: HarddiskVolume1COMCTL32.DLL \KnownDlls\advapi32.dll OBJECT: 0xE13C4920(31fd920) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13C3A88(3137a88) BasedAddress: 0x2E8E8438 SizeOfSegment: 0x5a000 SecurityDescriptor: (null) Path: HarddiskVolume1advapi32.dll \KnownDlls\oleaut32.dll OBJECT: 0xE13C61E0(32c11e0) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13C8008(32a5008) BasedAddress: 0x2E900C28 SizeOfSegment: 0x95000 SecurityDescriptor: (null) Path: HarddiskVolume1oleaut32.dll \KnownDlls\SHLWAPI.DLL OBJECT: 0xE13CC160(330c160) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13CE008(3350008) BasedAddress: 0x2E924C28 SizeOfSegment: 0x4a000 SecurityDescriptor: (null) Path: HarddiskVolume1SHLWAPI.DLL \KnownDlls\wow32.dll OBJECT: 0xE13CD460(32ef460) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13CFE88(3371e88) BasedAddress: 0x2E932420 SizeOfSegment: 0x40000 SecurityDescriptor: (null) Path: HarddiskVolume1wow32.dll \KnownDlls\olecnv32.dll OBJECT: 0xE13C7E40(3284e40) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13C7F28(3284f28) BasedAddress: 0x2E906428 SizeOfSegment: 0xb000 SecurityDescriptor: (null) Path: HarddiskVolume1olecnv32.dll \KnownDlls\comdlg32.dll OBJECT: 0xE13C3720(3137720) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13C46C8(31fd6c8) BasedAddress: 0x2E8E4C28 SizeOfSegment: 0x3e000 SecurityDescriptor: (null) Path: HarddiskVolume1comdlg32.dll \KnownDlls\wininet.dll OBJECT: 0xE13CC5C0(330c5c0) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13CB788(330b788) BasedAddress: 0x2E92F430 SizeOfSegment: 0x74000 SecurityDescriptor: (null) Path: HarddiskVolume1wininet.dll \KnownDlls\olethk32.dll OBJECT: 0xE13C8780(32a5780) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13C6008(32c1008) BasedAddress: 0x2E90BC28 SizeOfSegment: 0x15000 SecurityDescriptor: (null) Path: HarddiskVolume1olethk32.dll \KnownDlls\MSVCRT.DLL OBJECT: 0xE13CD920(32ef920) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13CE908(3350908) BasedAddress: 0x2E92A428 SizeOfSegment: 0x46000 SecurityDescriptor: (null) Path: HarddiskVolume1MSVCRT.DLL \KnownDlls\rpcrt4.dll OBJECT: 0xE13C9040(32e6040) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13C7488(3284488) BasedAddress: 0x2E90E438 SizeOfSegment: 0x70000 SecurityDescriptor: (null) Path: HarddiskVolume1rpcrt4.dll \KnownDlls\kernel32.dll OBJECT: 0xE13C6B00(32c1b00) Type: 17 Section SecurityDescriptor: 0xE13C26D8(31706d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13C5B88(32a0b88) BasedAddress: 0x2E8F8C20 SizeOfSegment: 0xb5000 SecurityDescriptor: (null) Path: HarddiskVolume1kernel32.dll \Device\DmControl\ Directory: 0xFCD87150(13a4150) \Device\DmControl\VxKernel2VoldEvent OBJECT: 0xFCDE0690(13fd690) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \Device\DmControl\DmIoDaemon OBJECT: 0xFCD86210(13a3210) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD86870 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25FA8 dmio.sys \Device\DmControl\DmConfig OBJECT: 0xFCD86490(13a3490) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD86870 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25FA8 dmio.sys \Device\DmControl\DmPnP OBJECT: 0xFCDC8510(13e5510) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD86870 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25FA8 dmio.sys \Device\DmControl\DmInfo OBJECT: 0xFCD86350(13a3350) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD86870 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25FA8 dmio.sys \Device\HarddiskDmVolumes\ Directory: 0xFCD86790(13a3790) \Device\Ide\ Directory: 0xFCDC9190(13e6190) \Device\Ide\IdeDeviceP0T0L0-2 OBJECT: 0xFCD49030(1366030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD4DA50 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25CE8 atapi.sys \Device\Ide\IdePort0 OBJECT: 0xFCD4A030(1367030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD4DA50 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25CE8 atapi.sys \Device\Ide\PciIde0Channel0-0 OBJECT: 0xFCD874F0(13a44f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD87030 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27E48 intelide.sys \Device\Ide\PciIde0 OBJECT: 0xFCD87910(13a4910) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD87030 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27E48 intelide.sys \Device\Harddisk0\ Directory: 0xFCD49370(1366370) \Device\Harddisk0\DP(2)0x179ff0400-0x20a215400+2 OBJECT: 0xFCD4CD90(1369d90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD49690 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Device\Harddisk0\DR0 OBJECT: 0xFCE12030(142f030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD49690 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Device\Harddisk0\DP(1)0x7e00-0x179fe0800+1 OBJECT: 0xFCD4C030(1369030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD49690 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Device\Harddisk0\Partition0 OBJECT: 0xFCE125B0(142f5b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk0\DR0 \Device\Harddisk0\Partition1 OBJECT: 0xFCE11D10(142ed10) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume1 \Device\Harddisk0\Partition2 OBJECT: 0xFCE119B0(142e9b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume2 \Device\Harddisk1\ Directory: 0xFCD65E30(1382e30) \Device\Harddisk1\DR3 OBJECT: 0xFCD659F0(13829f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD49690 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Device\Harddisk1\DP(1)0-0+4 OBJECT: 0xFCD64230(1381230) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD49690 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Device\Harddisk1\Partition0 OBJECT: 0xFCD64FD0(1381fd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk1\DR3 \Device\Harddisk1\Partition1 OBJECT: 0xFCD641D0(13811d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk1\DP(1)0-0+4 \Device\Harddisk2\ Directory: 0xFF236650(6b6b650) \Device\Harddisk2\DP(1)0x7e00-0x2629ff3200+8 OBJECT: 0xFF0F2A10(7139a10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD49690 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Device\Harddisk2\DR7 OBJECT: 0xFF0C1BF0(4072bf0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD49690 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Device\Harddisk2\Partition0 OBJECT: 0xFF0CF870(2bca870) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk2\DR7 \Device\Harddisk2\Partition1 OBJECT: 0xFF255690(656e690) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume4 \Device\Sbp2\ Directory: 0xFCDC8650(13e5650) \Device\Sbp2\潓祮&⹩䥌䭎䐠䑖刭䵏䐠楲敶&0&08004603_00ca8454_Instance00 OBJECT: 0xFCD83B70(13a0b70) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC8410 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25F28 sbp2port.sys \Device\WinDfs\ Directory: 0xFCE11690(142e690) \Device\WinDfs\Root OBJECT: 0xFCD459D0(13629d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD826D0 SecurityDescriptor: 0xE12AAC98(18cbc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25788 Mup.sys \Device\Scsi\ Directory: 0xFCD49990(1366990) \Windows\WindowStations\ Directory: 0xFCC663D0(12833d0) \Windows\WindowStations\Service-0x0-3e7$ OBJECT: 0xFF29A458(5307458) Type: 15 WindowStation \Windows\WindowStations\WinSta0 OBJECT: 0xFCA255D8(10425d8) Type: 15 WindowStation \Windows\WindowStations\SAWinSta OBJECT: 0xFF23C358(6ab1358) Type: 15 WindowStation \BaseNamedObjects\Restricted\ Directory: 0xFCC68590(1285590) \Device\DmControl\RawDmVolumes\ Directory: 0xFCD866B0(13a36b0) \Device\HarddiskDmVolumes\PhysicalDmVolumes\ Directory: 0xFCD865D0(13a35d0) Directory Count: 28 Object Count: 783 PsActiveProcessHead: 0x8046B980(46b980) PsIdleProcess 0x00000000(1) KiIdleProcess 0x8046D160(46d160) + 0 Idle Source: from_KiIdleProcess Eprocess Block: 0x8046D160 (0x46d160) SecurityDescriptor: (null) Session: 0x0 DirectoryTableBase: 0x30000 Process Environment Block: 0x00000000 Loader module block: 0x00000000 Command Line: Section: 0x00000000 (0x0) Section Base Address: 0x00000000 () SectionBasedAddress: 0x00000000 ) SizeOfSegment: 0x0 SectionFileName: Handle Table: 0xFCE256E8 (0x14426e8) Count: 65 TableCode: 0xE1002000 Process exiting: 0 VAD Root: 0x00000000(1) Private: 0 Modified: 0 Locked: 0 AccessToken: 0xE10011F0(159b1f0) SecurityDescriptor: 0xE1001158(159b158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-32-544 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,3ea} ParentToken ID: {0,0} Modified ID: {0,3e9} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Thread List Head: 0x8046D1B0 THREAD: 0x8046D3F0 (0x46d3f0) Cid: 0.0 SecurityDescriptor: (null) Teb: 0x00000000(0) ThreadsProcess: 0x8046D160 Priority: 16 Base Priority: 0 Priority decrement: 0 Win32Thread: 0x00000000 Running WaitListHead: 0x8046D44C Contents: 00000000:00000000 Queue List: 0x00000000:00000000 WaitBlockList: 0x8046D45C(46d45c) PostBlockList: 0x00000000:00000000 Queue: 0x00000000 Start Address: 0x00000000 Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x80471640 Stack Limit: 0x8046E640 Kernel Stack: 0x80471390(470000 46f000 46e000 470000 46f000 46e000 ) Resident: 1 + 8 System Source: from_active_process_list Eprocess Block: 0xFCE00C60 (0x141dc44) SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x30000 Process Environment Block: 0x00000000 Loader module block: 0x00000000 Command Line: Section: 0x00000000 (0x0) Section Base Address: 0x00000000 () SectionBasedAddress: 0x00000000 ) SizeOfSegment: 0x0 SectionFileName: Handle Table: 0xFCE256E8 (0x14426e8) Count: 65 TableCode: 0xE1002000 Process exiting: 0 VAD Root: 0xFCDFD868(141a868) Private: 4 Modified: 43003 Locked: 0 AccessToken: 0xE10011F0(159b1f0) SecurityDescriptor: 0xE1001158(159b158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-32-544 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,3ea} ParentToken ID: {0,0} Modified ID: {0,3e9} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Thread List Head: 0xFCE00CB0 THREAD: 0xFCE009E0 (0x141d9e0) Cid: 8.4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 0 Base Priority: 0 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrFreePage) KernelMode Non-Alertable WaitListHead: 0xFCE00A3C Contents: FCDFCB7C:FF17495C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCE00A4C(141da4c) PostBlockList: 0xE12A1310:E12A2390 Queue: 0x00000000 Start Address: 0x8054B6B8 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0824000 Stack Limit: 0xF0821000 Kernel Stack: 0xF08239C4(15c2000 15c1000 1600000 15c2000 15c1000 1600000 ) Resident: 1 THREAD: 0xFCE00280 (0x141d280) Cid: 8.c CreateTime: 0x1c56966cf6aac0 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFCE002DC Contents: FF248DFC:FCC996DC Queue List: 0xFCDFF130:8046AFE0 WaitBlockList: 0xFCE002EC(141d2ec) PostBlockList: 0xFCE00444:FCE00444 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF082C000 Stack Limit: 0xF0829000 Kernel Stack: 0xF082BD34(Paged< 0:5af000> NA NA Paged< 0:5af000> NA NA ) Resident: 0 THREAD: 0xFCDFF020 (0x141c020) Cid: 8.10 CreateTime: 0x1c56966cf6aac0 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFCDFF07C Contents: FF0E72DC:FF0FB23C Queue List: 0xFCDFFEB0:FCE00390 WaitBlockList: 0xFCDFF08C(141c08c) PostBlockList: 0xFCDFF1E4:FCDFF1E4 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0830000 Stack Limit: 0xF082D000 Kernel Stack: 0xF082FD34(15b5000 2899000 1d5a000 15b5000 2899000 1d5a000 ) Resident: 1 THREAD: 0xFCDFFDA0 (0x141cda0) Cid: 8.14 CreateTime: 0x1c56966cf6aac0 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFCDFFDFC Contents: FCDFF8FC:FF23AA9C Queue List: 0xFCDFFC30:FCDFF130 WaitBlockList: 0xFCDFFE0C(141ce0c) PostBlockList: 0xFCDFFF64:FCDFFF64 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0834000 Stack Limit: 0xF0831000 Kernel Stack: 0xF0833D34(15b9000 c8b000 150c000 15b9000 c8b000 150c000 ) Resident: 1 THREAD: 0xFCDFFB20 (0x141cb20) Cid: 8.18 CreateTime: 0x1c56966cf6aac0 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCDFFB7C Contents: 8047FCA8:FF19269C Queue List: 0xFCDFF9B0:FCDFFEB0 WaitBlockList: 0xFCDFFB8C(141cb8c) PostBlockList: 0xFCDFFCE4:FCDFFCE4 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0838000 Stack Limit: 0xF0835000 Kernel Stack: 0xF083774C(384000 2341000 3409000 384000 2341000 3409000 ) Resident: 1 THREAD: 0xFCDFF8A0 (0x141c8a0) Cid: 8.1c CreateTime: 0x1c56966cf6aac0 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFCDFF8FC Contents: FF14691C:FCDFFDFC Queue List: 0x8046AFE0:FCDFFC30 WaitBlockList: 0xFCDFF90C(141c90c) PostBlockList: 0xFCDFFA64:FCDFFA64 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF083C000 Stack Limit: 0xF0839000 Kernel Stack: 0xF083BD34(15e1000 38a8000 3787000 15e1000 38a8000 3787000 ) Resident: 1 THREAD: 0xFCDFF620 (0x141c620) Cid: 8.20 CreateTime: 0x1c56966cf6aac0 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 12 Base Priority: 12 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFCDFF67C Contents: FF266D5C:FF1FE07C Queue List: 0xFCDFF4B0:8046B01C WaitBlockList: 0xFCDFF68C(141c68c) PostBlockList: 0xFCDFF7E4:FCDFF7E4 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0840000 Stack Limit: 0xF083D000 Kernel Stack: 0xF083FD34(Paged< 0:96f000> NA NA Paged< 0:96f000> NA NA ) Resident: 0 THREAD: 0xFCDFF3A0 (0x141c3a0) Cid: 8.24 CreateTime: 0x1c56966cf6aac0 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 13 Base Priority: 12 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFCDFF3FC Contents: FF0FB23C:FF18A07C Queue List: 0xFCDFE130:FCDFF730 WaitBlockList: 0xFCDFF40C(141c40c) PostBlockList: 0xFCDFF564:FCDFF564 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0844000 Stack Limit: 0xF0841000 Kernel Stack: 0xF0843D34(5af6000 33d7000 31f8000 5af6000 33d7000 31f8000 ) Resident: 1 THREAD: 0xFCDFE020 (0x141b020) Cid: 8.28 CreateTime: 0x1c56966cf6aac0 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 12 Base Priority: 12 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFCDFE07C Contents: FF18307C:FF25143C Queue List: 0x8046B01C:FCDFF4B0 WaitBlockList: 0xFCDFE08C(141b08c) PostBlockList: 0xFCDFE1E4:FCDFE1E4 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0848000 Stack Limit: 0xF0845000 Kernel Stack: 0xF0847D34(15cd000 NA NA 15cd000 NA NA ) Resident: 0 THREAD: 0xFCDFEDA0 (0x141bda0) Cid: 8.2c CreateTime: 0x1c56966cf6aac0 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 15 Base Priority: 15 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCDFEDFC Contents: FF271CDC:FF1141DC Queue List: 0x8046B058:8046B058 WaitBlockList: 0xFCDFEE0C(141be0c) PostBlockList: 0xFCDFEF64:FCDFEF64 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF084C000 Stack Limit: 0xF0849000 Kernel Stack: 0xF084BD34(15d1000 15d0000 15cf000 15d1000 15d0000 15cf000 ) Resident: 1 THREAD: 0xFCDFEB20 (0x141bb20) Cid: 8.30 CreateTime: 0x1c56966cf6aac0 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 14 Base Priority: 14 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCDFEB7C Contents: FF29FD7C:FCDFC07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCDFEB8C(141bb8c) PostBlockList: 0xFCDFECE4:FCDFECE4 Queue: 0x00000000 Start Address: 0x804C27A2 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0850000 Stack Limit: 0xF084D000 Kernel Stack: 0xF084FCF8(15d5000 15d4000 15d3000 15d5000 15d4000 15d3000 ) Resident: 1 THREAD: 0xFCDFD1E0 (0x141a1e0) Cid: 8.34 CreateTime: 0x1c56966cf9b920 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 18 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrVirtualMemory) UserMode Non-Alertable WaitListHead: 0xFCDFD23C Contents: FF14507C:FF18861C Queue List: 0x00000000:00000000 WaitBlockList: 0x80473370(473370) PostBlockList: 0xFCDFD3A4:FCDFD3A4 Queue: 0x00000000 Start Address: 0x80438A78 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0854000 Stack Limit: 0xF0851000 Kernel Stack: 0xF0853D20(15de000 72b2000 3a5f000 15de000 72b2000 3a5f000 ) Resident: 1 THREAD: 0xFCDFC020 (0x1419020) Cid: 8.38 CreateTime: 0x1c56966cf9b920 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 17 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrFreePage) KernelMode Non-Alertable WaitListHead: 0xFCDFC07C Contents: FCDFEB7C:FCDFCDFC Queue List: 0x00000000:00000000 WaitBlockList: 0x804733A8(4733a8) PostBlockList: 0xFCDFC1E4:FCDFC1E4 Queue: 0x00000000 Start Address: 0x804ED709 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0858000 Stack Limit: 0xF0855000 Kernel Stack: 0xF0857CDC(1601000 1640000 15df000 1601000 1640000 15df000 ) Resident: 1 THREAD: 0xFCDFCDA0 (0x1419da0) Cid: 8.3c CreateTime: 0x1c56966cf9b920 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCDFCDFC Contents: FCDFC07C:FCDFCB7C Queue List: 0x00000000:00000000 WaitBlockList: 0xF085BD40(15e4d40) PostBlockList: 0xFCDFCF64:FCDFCF64 Queue: 0x00000000 Start Address: 0x80461830 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF085C000 Stack Limit: 0xF0859000 Kernel Stack: 0xF085BCC0(15e4000 1603000 1602000 15e4000 1603000 1602000 ) Resident: 1 THREAD: 0xFCDFCB20 (0x1419b20) Cid: 8.40 CreateTime: 0x1c56966cf9b920 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 23 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCDFCB7C Contents: FCDFCDFC:FCE00A3C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCDFCB8C(1419b8c) PostBlockList: 0xFCDFCCE4:FCDFCCE4 Queue: 0x00000000 Start Address: 0x8046192F \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0860000 Stack Limit: 0xF085D000 Kernel Stack: 0xF085FD40(15e7000 15e6000 15e5000 15e7000 15e6000 15e5000 ) Resident: 1 THREAD: 0xFCDFC2E0 (0x14192e0) Cid: 8.44 CreateTime: 0x1c56966d090100 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCDFC33C Contents: FCDF807C:8047FCA8 Queue List: 0x80474A40:80474A40 WaitBlockList: 0xFCDFC34C(141934c) PostBlockList: 0xFCDFC4A4:FCDFC4A4 Queue: 0x00000000 Start Address: 0x8041E013 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0864000 Stack Limit: 0xF0861000 Kernel Stack: 0xF0863D4C(18bd000 18bc000 189b000 18bd000 18bc000 189b000 ) Resident: 1 THREAD: 0xFCDF8020 (0x1415020) Cid: 8.48 CreateTime: 0x1c56966d090100 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 17 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCDF807C Contents: FCDC889C:FCDFC33C Queue List: 0x80474A68:80474A68 WaitBlockList: 0xFCDF808C(141508c) PostBlockList: 0xFCDF81E4:FCDF81E4 Queue: 0x00000000 Start Address: 0x8041E013 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0868000 Stack Limit: 0xF0865000 Kernel Stack: 0xF0867D4C(18e1000 1940000 18bf000 18e1000 1940000 18bf000 ) Resident: 1 THREAD: 0xFCE13020 (0x1430020) Cid: 8.4c CreateTime: 0x1c56966d2790c0 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCE1307C Contents: FCD61A3C:FCD1CDFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA10E80(7d1ce80) PostBlockList: 0xFCE131E4:FCE131E4 Queue: 0x00000000 Start Address: 0xFCA0586A ACPI.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF086C000 Stack Limit: 0xF0869000 Kernel Stack: 0xF086BD1C(19f0000 19ef000 19ee000 19f0000 19ef000 19ee000 ) Resident: 1 THREAD: 0xFCD30BC0 (0x134dbc0) Cid: 8.50 CreateTime: 0x1c56966d2c2650 2005-06-05 00:32:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 17 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrVirtualMemory) KernelMode Non-Alertable WaitListHead: 0xFCD30C1C Contents: FCA2941C:FF24D3DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD30C2C(134dc2c) PostBlockList: 0xFCD30D84:FCD30D84 Queue: 0x00000000 Start Address: 0x8043BD41 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0870000 Stack Limit: 0xF086D000 Kernel Stack: 0xF086FD2C(1a19000 1a18000 1a17000 1a19000 1a18000 1a17000 ) Resident: 1 THREAD: 0xFCDC8840 (0x13e5840) Cid: 8.54 CreateTime: 0x1c56966d9d3a30 2005-06-05 00:32:28Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCDC889C Contents: FCD33B7C:FCDF807C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCDC88AC(13e58ac) PostBlockList: 0xFCDC8A04:FCDC8A04 Queue: 0x00000000 Start Address: 0xFC9A5C4E dmio.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0878000 Stack Limit: 0xF0875000 Kernel Stack: 0xF0877D3C(1abb000 1aba000 1ad9000 1abb000 1aba000 1ad9000 ) Resident: 1 THREAD: 0xFCD45020 (0x1362020) Cid: 8.58 CreateTime: 0x1c56966106b6c50 2005-06-05 00:32:33Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCD4507C Contents: FCD1D8FC:FCCF083C Queue List: 0xFC91EB18:FC91EB18 WaitBlockList: 0xFCD4508C(136208c) PostBlockList: 0xFCD451E4:FCD451E4 Queue: 0x00000000 Start Address: 0xFC91F218 NDIS.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF087C000 Stack Limit: 0xF0879000 Kernel Stack: 0xF087BD50(1b0e000 1b0d000 1b0c000 1b0e000 1b0d000 1b0c000 ) Resident: 1 THREAD: 0xFCD33B20 (0x1350b20) Cid: 8.5c CreateTime: 0x1c5696611b57cd0 2005-06-05 00:32:35Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCD33B7C Contents: FCD1D67C:FCDC889C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD33B8C(1350b8c) PostBlockList: 0xFCD33CE4:FCD33CE4 Queue: 0x00000000 Start Address: 0xF04A2E66 \SystemRoot\System32\DRIVERS\Apfiltr.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08B0000 Stack Limit: 0xF08AD000 Kernel Stack: 0xF08AFD48(2713000 2712000 2711000 2713000 2712000 2711000 ) Resident: 1 THREAD: 0xFCD1D8A0 (0x133a8a0) Cid: 8.68 CreateTime: 0x1c5696612b7bb80 2005-06-05 00:32:37Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCD1D8FC Contents: FCC996DC:FCD4507C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD1D90C(133a90c) PostBlockList: 0xFCD1DA64:FCD1DA64 Queue: 0x00000000 Start Address: 0xF04F1AF1 \SystemRoot\System32\DRIVERS\raspptp.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08C8000 Stack Limit: 0xF08C5000 Kernel Stack: 0xF08C7D20(2877000 2876000 2855000 2877000 2876000 2855000 ) Resident: 1 THREAD: 0xFCD1D620 (0x133a620) Cid: 8.6c CreateTime: 0x1c5696612b7bb80 2005-06-05 00:32:37Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCD1D67C Contents: FCD1CDFC:FCD33B7C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD1D68C(133a68c) PostBlockList: 0xFCD1D7E4:FCD1D7E4 Queue: 0x00000000 Start Address: 0xF04F1B76 \SystemRoot\System32\DRIVERS\raspptp.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08CC000 Stack Limit: 0xF08C9000 Kernel Stack: 0xF08CBD20(28c9000 28e8000 28e7000 28c9000 28e8000 28e7000 ) Resident: 1 THREAD: 0xFCD1CDA0 (0x1339da0) Cid: 8.70 CreateTime: 0x1c5696612b7bb80 2005-06-05 00:32:37Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCD1CDFC Contents: FCE1307C:FCD1D67C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD1CE0C(1339e0c) PostBlockList: 0xFCD1CF64:FCD1CF64 Queue: 0x00000000 Start Address: 0xF07AB206 \SystemRoot\System32\DRIVERS\SonyiNet.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08D0000 Stack Limit: 0xF08CD000 Kernel Stack: 0xF08CFC7C(28cc000 28cb000 28ca000 28cc000 28cb000 28ca000 ) Resident: 1 THREAD: 0xFCD619E0 (0x137e9e0) Cid: 8.64 CreateTime: 0x1c5696613e4c370 2005-06-05 00:32:39Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCD61A3C Contents: FCD617BC:FCE1307C Queue List: 0xFCD61DA8:FCD61DA8 WaitBlockList: 0xFCD61A4C(137ea4c) PostBlockList: 0xFCD61BA4:FCD61BA4 Queue: 0x00000000 Start Address: 0xF8389CCC \SystemRoot\System32\Drivers\UdfReadr.SYS Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08C4000 Stack Limit: 0xF08C1000 Kernel Stack: 0xF08C3CF8(2871000 2890000 286f000 2871000 2890000 286f000 ) Resident: 1 THREAD: 0xFCD61760 (0x137e760) Cid: 8.74 CreateTime: 0x1c5696613e4c370 2005-06-05 00:32:39Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCD617BC Contents: FCD6153C:FCD61A3C Queue List: 0xFCD61CD0:FCD61CD0 WaitBlockList: 0xFCD617CC(137e7cc) PostBlockList: 0xFCD61924:FCD61924 Queue: 0x00000000 Start Address: 0xF8389CCC \SystemRoot\System32\Drivers\UdfReadr.SYS Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08E0000 Stack Limit: 0xF08DD000 Kernel Stack: 0xF08DFCF8(2a48000 2a47000 2a46000 2a48000 2a47000 2a46000 ) Resident: 1 THREAD: 0xFCD614E0 (0x137e4e0) Cid: 8.78 CreateTime: 0x1c5696613e4c370 2005-06-05 00:32:39Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCD6153C Contents: FCCF083C:FCD617BC Queue List: 0xFCD61D3C:FCD61D3C WaitBlockList: 0xFCD6154C(137e54c) PostBlockList: 0xFCD616A4:FCD616A4 Queue: 0x00000000 Start Address: 0xF8389CCC \SystemRoot\System32\Drivers\UdfReadr.SYS Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08E4000 Stack Limit: 0xF08E1000 Kernel Stack: 0xF08E3CF8(2a4c000 2a4b000 2a4a000 2a4c000 2a4b000 2a4a000 ) Resident: 1 THREAD: 0xFCCF07E0 (0x130d7e0) Cid: 8.7c CreateTime: 0x1c5696613e7d1d0 2005-06-05 00:32:39Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCCF083C Contents: FCD4507C:FCD6153C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCCF084C(130d84c) PostBlockList: 0xFCCF09A4:FCCF09A4 Queue: 0x00000000 Start Address: 0xF0922D8E \SystemRoot\System32\DRIVERS\rasacd.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08E8000 Stack Limit: 0xF08E5000 Kernel Stack: 0xF08E7D38(2a36000 2a15000 2a54000 2a36000 2a15000 2a54000 ) Resident: 1 THREAD: 0xFCC96020 (0x12b3020) Cid: 8.84 CreateTime: 0x1c5696613fd3670 2005-06-05 00:32:39Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCC9607C Contents: FF29607C:FF25C25C Queue List: 0xFCC9A42C:FCC9A42C WaitBlockList: 0xFCC9608C(12b308c) PostBlockList: 0xFCC961E4:FCC961E4 Queue: 0x00000000 Start Address: 0xF82AAC0F \SystemRoot\System32\DRIVERS\rdbss.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08F0000 Stack Limit: 0xF08ED000 Kernel Stack: 0xF08EFCF4(2b0b000 2b0a000 2b09000 2b0b000 2b0a000 2b09000 ) Resident: 1 THREAD: 0xFCC96B20 (0x12b3b20) Cid: 8.88 CreateTime: 0x1c5696613fd3670 2005-06-05 00:32:39Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCC96B7C Contents: FF29CA7C:FF28C07C Queue List: 0xFCC9A3BC:FCC9A3BC WaitBlockList: 0xFCC96B8C(12b3b8c) PostBlockList: 0xFCC96CE4:FCC96CE4 Queue: 0x00000000 Start Address: 0xF82AAC0F \SystemRoot\System32\DRIVERS\rdbss.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08F8000 Stack Limit: 0xF08F5000 Kernel Stack: 0xF08F7CF4(2c0a000 2c09000 2c08000 2c0a000 2c09000 2c08000 ) Resident: 1 THREAD: 0xFCC968A0 (0x12b38a0) Cid: 8.8c CreateTime: 0x1c5696613fd3670 2005-06-05 00:32:39Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCC968FC Contents: FF29DCFC:FF1EDCBC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCC9690C(12b390c) PostBlockList: 0xFCC96A64:FCC96A64 Queue: 0x00000000 Start Address: 0xF82A24BC \SystemRoot\System32\DRIVERS\rdbss.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08FC000 Stack Limit: 0xF08F9000 Kernel Stack: 0xF08FBD38(2c0d000 2c0c000 2c0b000 2c0d000 2c0c000 2c0b000 ) Resident: 1 THREAD: 0xFCC99680 (0x12b6680) Cid: 8.94 CreateTime: 0x1c56966147c0b00 2005-06-05 00:32:40Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCC996DC Contents: FCE002DC:FCD1D8FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCC996EC(12b66ec) PostBlockList: 0xFCC99844:FCC99844 Queue: 0x00000000 Start Address: 0x8050EC01 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0884000 Stack Limit: 0xF0881000 Kernel Stack: 0xF0883A18(Paged< 0:425000> NA NA Paged< 0:425000> NA NA ) Resident: 0 THREAD: 0xFF248DA0 (0x681bda0) Cid: 8.27c CreateTime: 0x1c569661d764500 2005-06-05 00:32:55Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF248DFC Contents: FF248B7C:FCE002DC Queue List: 0xFF249684:FF249684 WaitBlockList: 0xFF248E0C(681be0c) PostBlockList: 0xFF248F64:FF248F64 Queue: 0x00000000 Start Address: 0xF7CB1116 \SystemRoot\System32\DRIVERS\srv.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xFC7A3000 Stack Limit: 0xFC7A0000 Kernel Stack: 0xFC7A2D3C(Paged< 0:727000> NA NA Paged< 0:727000> NA NA ) Resident: 0 THREAD: 0xFF248B20 (0x681bb20) Cid: 8.280 CreateTime: 0x1c569661d77cc30 2005-06-05 00:32:55Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF248B7C Contents: FF17B9DC:FF248DFC Queue List: 0xF7CAFE54:F7CAFE54 WaitBlockList: 0xFF248B8C(681bb8c) PostBlockList: 0xFF248CE4:FF248CE4 Queue: 0x00000000 Start Address: 0xF7CB1116 \SystemRoot\System32\DRIVERS\srv.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FB9000 Stack Limit: 0xF7FB6000 Kernel Stack: 0xF7FB8D3C(Paged< 0:726000> NA NA Paged< 0:726000> NA NA ) Resident: 0 THREAD: 0xFF271C80 (0x5eb0c80) Cid: 8.3fc CreateTime: 0x1c5696aac97150 2005-06-05 01:01:01Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFF271CDC Contents: FF294A3C:FCE00A3C Queue List: 0xFCC9A34C:FCC9A34C WaitBlockList: 0xFF271CEC(5eb0cec) PostBlockList: 0xFF271E44:FF271E44 Queue: 0x00000000 Start Address: 0xF82AB8B8 \SystemRoot\System32\DRIVERS\rdbss.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B14000 Stack Limit: 0xF7B11000 Kernel Stack: 0xF7B13CF4(ff2000 71be000 797f000 ff2000 71be000 797f000 ) Resident: 1 THREAD: 0xFF0F8CE0 (0x22adce0) Cid: 8.388 CreateTime: 0x1c569d8302341d0 2005-06-05 14:09:29Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 24 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFF0F8D3C Contents: FF28907C:FF1ECDFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF0F8D4C(22add4c) PostBlockList: 0xFF0F8EA4:FF0F8EA4 Queue: 0x00000000 Start Address: 0xF771B346 \SystemRoot\system32\drivers\kmixer.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF78CF000 Stack Limit: 0xF78CC000 Kernel Stack: 0xF78CED40(6165000 32cc000 72e000 6165000 32cc000 72e000 ) Resident: 1 THREAD: 0xFF192640 (0x206e640) Cid: 8.3e0 CreateTime: 0x1c569d830310280 2005-06-05 14:09:29Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 24 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFF19269C Contents: 8047FCA8:FCDFFB7C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1926AC(206e6ac) PostBlockList: 0xFF192804:FF192804 Queue: 0x00000000 Start Address: 0xF771B346 \SystemRoot\system32\drivers\kmixer.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8107000 Stack Limit: 0xF8104000 Kernel Stack: 0xF8106D40(5dbb000 6b9e000 22df000 5dbb000 6b9e000 22df000 ) Resident: 1 + 9c smss.exe Source: from_active_process_list Eprocess Block: 0xFCC992C0 (0x12b62a4) CreateTime: 0x1c56966147f1960 2005-06-05 00:32:40Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x3104000 Process Environment Block: 0x7FFDF000 (30fb000) Loader module block: 0x00161E90 (30fb00c) Command Line: \SystemRoot\System32\smss.exe Section: 0x00000000 (0x0) Section Base Address: 0x48580000 (3123000) SectionBasedAddress: 0x00000000 ) SizeOfSegment: 0x0 SectionFileName: Handle Table: 0xFCC99228 (0x12b6228) Count: 33 TableCode: 0xE13C1000 Process exiting: 0 VAD Root: 0xFCC99588(12b6588) Private: 46 Modified: 1 Locked: 0 AccessToken: 0xE13C0C70(30dcc70) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,416b} ParentToken ID: {0,0} Modified ID: {0,4742} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege 0x48580000 0x4858E000 (3123000) smss.exe \SystemRoot\System32\smss.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001106A0 BaseDllName address: 0x00161F10 FullDllName physical address: 311f6a0 BaseDllName physical address: 3111f10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00161F80 BaseDllName address: 0x00161FA4 FullDllName physical address: 3111f80 BaseDllName physical address: 3111fa4 0x68010000 0x68106000 (31d9000) sfcfiles.dll C:\WINNT\System32\sfcfiles.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00163AE0 BaseDllName address: 0x00163B28 FullDllName physical address: 3132ae0 BaseDllName physical address: 3132b28 Thread List Head: 0xFCC99310 THREAD: 0xFCC94D60 (0x12b1d60) Cid: 9c.98 CreateTime: 0x1c56966147f1960 2005-06-05 00:32:40Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(3141000) ThreadsProcess: 0xFCC992C0 smss.exe Priority: 12 Base Priority: 11 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFCC94DBC Contents: FCC944BC:FF17B9DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCC94DCC(12b1dcc) PostBlockList: 0xFCC94F24:FCC94F24 Queue: 0x00000000 Start Address: 0x48589586 \SystemRoot\System32\smss.exe Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0888000 Stack Limit: 0xF0885000 Kernel Stack: 0xF0887930(Paged< 0:863000> NA NA Paged< 0:863000> NA NA ) Resident: 0 User stack base: 0x00160000(3180000 NA NA ) User stack Limit: 0x0015D000 THREAD: 0xFCC94460 (0x12b1460) Cid: 9c.60 CreateTime: 0x1c5696614853620 2005-06-05 00:32:40Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(3167000) ThreadsProcess: 0xFCC992C0 smss.exe Priority: 12 Base Priority: 11 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCC944BC Contents: FCC9421C:FCC94DBC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCC944CC(12b14cc) PostBlockList: 0xFCC94624:FCC94624 Queue: 0x00000000 Start Address: 0x48587ED6 \SystemRoot\System32\smss.exe Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08C0000 Stack Limit: 0xF08BD000 Kernel Stack: 0xF08BFC5C(Paged< 0:862000> NA NA Paged< 0:862000> NA NA ) Resident: 0 User stack base: 0x002A0000(3186000 NA NA ) User stack Limit: 0x0029D000 THREAD: 0xFCC941C0 (0x12b11c0) Cid: 9c.a0 CreateTime: 0x1c5696614853620 2005-06-05 00:32:40Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(3169000) ThreadsProcess: 0xFCC992C0 smss.exe Priority: 13 Base Priority: 11 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCC9421C Contents: FCC6907C:FCC944BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCC9422C(12b122c) PostBlockList: 0xFCC94384:FCC94384 Queue: 0x00000000 Start Address: 0x48587ED6 \SystemRoot\System32\smss.exe LPC Server thread working on message Id 0x5 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF088C000 Stack Limit: 0xF0889000 Kernel Stack: 0xF088BC5C(Paged< 0:861000> NA NA Paged< 0:861000> NA NA ) Resident: 0 User stack base: 0x002E0000(3168000 NA NA ) User stack Limit: 0x002DD000 THREAD: 0xFCC69020 (0x1286020) Cid: 9c.a8 CreateTime: 0x1c5696616b16e60 2005-06-05 00:32:43Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(4258000) ThreadsProcess: 0xFCC992C0 smss.exe Priority: 13 Base Priority: 11 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCC6907C Contents: FCC69DDC:FCC9421C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCC6908C(128608c) PostBlockList: 0xFCC691E4:FCC691E4 Queue: 0x00000000 Start Address: 0x48582F0F \SystemRoot\System32\smss.exe Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0894000 Stack Limit: 0xF0891000 Kernel Stack: 0xF0893C5C(Paged< 0:860000> NA NA Paged< 0:860000> NA NA ) Resident: 0 User stack base: 0x00330000(4257000 NA NA ) User stack Limit: 0x0032D000 THREAD: 0xFCC69D80 (0x1286d80) Cid: 9c.a4 CreateTime: 0x1c5696616b16e60 2005-06-05 00:32:43Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(427a000) ThreadsProcess: 0xFCC992C0 smss.exe Priority: 12 Base Priority: 11 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCC69DDC Contents: FCC69A9C:FCC6907C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCC69DEC(1286dec) PostBlockList: 0xFCC69F44:FCC69F44 Queue: 0x00000000 Start Address: 0x48582CA4 \SystemRoot\System32\smss.exe LPC Server thread working on message Id 0x2 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xFC7AB000 Stack Limit: 0xFC7A8000 Kernel Stack: 0xFC7AAC5C(Paged< 0:85f000> NA NA Paged< 0:85f000> NA NA ) Resident: 0 User stack base: 0x00370000(4259000 NA NA ) User stack Limit: 0x0036D000 THREAD: 0xFCC69A40 (0x1286a40) Cid: 9c.ac CreateTime: 0x1c5696616b16e60 2005-06-05 00:32:43Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(429c000) ThreadsProcess: 0xFCC992C0 smss.exe Priority: 13 Base Priority: 11 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCC69A9C Contents: FF26F6FC:FCC69DDC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCC69AAC(1286aac) PostBlockList: 0xFCC69C04:FCC69C04 Queue: 0x00000000 Start Address: 0x77F9992F C:\WINNT\System32\ntdll.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xFC7A7000 Stack Limit: 0xFC7A4000 Kernel Stack: 0xFC7A6C5C(Paged< 0:85e000> NA NA Paged< 0:85e000> NA NA ) Resident: 0 User stack base: 0x003B0000(429b000 NA NA ) User stack Limit: 0x003AD000 + b4 csrss.exe Source: from_active_process_list Eprocess Block: 0xFCC69480 (0x1286464) CreateTime: 0x1c5696616b2f590 2005-06-05 00:32:43Z SecurityDescriptor: 0xE1D15998(4252998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x20c79;;;SY) Session: 0x0 DirectoryTableBase: 0x429f000 Process Environment Block: 0x7FFDF000 (4299000) Loader module block: 0x00161E90 (429900c) Command Line: C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 Section: 0xE12B48D0 (0x19b28d0) Section Base Address: 0x5FFF0000 () SectionBasedAddress: 0x2EB88430 ) SizeOfSegment: 0x4000 SectionFileName: \WINNT\system32\csrss.exe 0xe1315d48 (0x1a54d48) Handle Table: 0xFCC6DC48 (0x128ac48) Count: 332 TableCode: 0xE1D2D000 Process exiting: 0 VAD Root: 0xFF14DB28(caab28) Private: 174 Modified: 464 Locked: 0 AccessToken: 0xE1D15A50(4252a50) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,474c} ParentToken ID: {0,0} Modified ID: {0,4742} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege 0x5FFF0000 0x5FFF4000 (1) csrss.exe \??\C:\WINNT\system32\csrss.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00110524 BaseDllName address: 0x00161F10 FullDllName physical address: 42dd524 BaseDllName physical address: 4342f10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x44004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00161F80 BaseDllName address: 0x00161FA4 FullDllName physical address: 4342f80 BaseDllName physical address: 4342fa4 0x5FF90000 0x5FF9C000 (42a4000) CSRSRV.dll C:\WINNT\system32\CSRSRV.dll Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00162418 BaseDllName address: 0x001623F8 FullDllName physical address: 42e3418 BaseDllName physical address: 42e33f8 0x5FFA0000 0x5FFAC000 (42b0000) basesrv.dll C:\WINNT\system32\basesrv.dll Flags: 0x4004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00162D40 BaseDllName address: 0x00162D20 FullDllName physical address: 42e3d40 BaseDllName physical address: 42e3d20 0x5FFB0000 0x5FFF0000 (42de000) winsrv.dll C:\WINNT\system32\winsrv.dll Flags: 0x4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00162F80 BaseDllName address: 0x00162F60 FullDllName physical address: 42e3f80 BaseDllName physical address: 42e3f60 0x77E10000 0x77E74000 (3382000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00163038 BaseDllName address: 0x00163018 FullDllName physical address: 42fd038 BaseDllName physical address: 42fd018 0x77E80000 0x77F35000 (3234000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x001630F8 BaseDllName address: 0x001630D0 FullDllName physical address: 42fd0f8 BaseDllName physical address: 42fd0d0 0x77F40000 0x77F7C000 (31f2000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00162B70 BaseDllName address: 0x00163190 FullDllName physical address: 42e3b70 BaseDllName physical address: 42fd190 Thread List Head: 0xFCC694D0 THREAD: 0xFCC60AC0 (0x127dac0) Cid: b4.b8 CreateTime: 0x1c569661731ca20 2005-06-05 00:32:44Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(4f85000) ThreadsProcess: 0xFCC69480 csrss.exe Priority: 15 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1EC4008 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFCC60B1C Contents: FF27BA9C:FF28907C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCC60B2C(127db2c) PostBlockList: 0xE1C53D10:E1D55930 Queue: 0x00000000 Start Address: 0x5FFB28FE C:\WINNT\system32\winsrv.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7F22000 Stack Limit: 0xF7F1F000 Kernel Stack: 0xF7F21930(Paged< 0:a1f000> NA NA Paged< 0:a1f000> NA NA ) Resident: 0 User stack base: 0x003C0000(4f64000 NA NA NA NA NA ) User stack Limit: 0x003BA000 THREAD: 0xFCA297A0 (0x10467a0) Cid: b4.bc CreateTime: 0x1c56966173e03a0 2005-06-05 00:32:44Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(4f71000) ThreadsProcess: 0xFCC69480 csrss.exe Priority: 14 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1DB3C08 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCA297FC Contents: FF0E113C:FF26D9FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA2980C(104680c) PostBlockList: 0xFCA29964:FCA29964 Queue: 0x00000000 Start Address: 0x5FF93E25 C:\WINNT\system32\CSRSRV.dll LPC Server thread working on message Id 0x11a2 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF05C0000 Stack Limit: 0xF05BD000 Kernel Stack: 0xF05BFC5C(4fa4000 6b97000 39f8000 4fa4000 6b97000 39f8000 ) Resident: 1 User stack base: 0x00410000(4f70000 3d8a000 NA NA ) User stack Limit: 0x0040C000 THREAD: 0xFCA293C0 (0x10463c0) Cid: b4.c0 CreateTime: 0x1c569661745a790 2005-06-05 00:32:44Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(4f74000) ThreadsProcess: 0xFCC69480 csrss.exe Priority: 14 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCA2941C Contents: FCA2807C:FCD30C1C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA2942C(104642c) PostBlockList: 0xFCA29584:FCA29584 Queue: 0x00000000 Start Address: 0x77F9992F C:\WINNT\System32\ntdll.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08B8000 Stack Limit: 0xF08B5000 Kernel Stack: 0xF08B7C5C(Paged< 0:91e000> NA NA Paged< 0:91e000> NA NA ) Resident: 0 User stack base: 0x00530000(4f73000 NA NA NA ) User stack Limit: 0x0052C000 THREAD: 0xFCA28020 (0x1045020) Cid: b4.c4 CreateTime: 0x1c569661745a790 2005-06-05 00:32:44Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(4f56000) ThreadsProcess: 0xFCC69480 csrss.exe Priority: 14 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCA2807C Contents: FF29807C:FCA2941C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA2808C(104508c) PostBlockList: 0xFCA281E4:FCA281E4 Queue: 0x00000000 Start Address: 0x5FF937D6 C:\WINNT\system32\CSRSRV.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08D4000 Stack Limit: 0xF08D1000 Kernel Stack: 0xF08D3C5C(Paged< 0:91d000> NA NA Paged< 0:91d000> NA NA ) Resident: 0 User stack base: 0x00570000(4f35000 NA NA NA ) User stack Limit: 0x0056C000 THREAD: 0xFCA264E0 (0x10434e0) Cid: b4.c8 CreateTime: 0x1c56966176bdb40 2005-06-05 00:32:45Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(5018000) ThreadsProcess: 0xFCC69480 csrss.exe Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1DBE828 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCA2653C Contents: FF26D9FC:FF29077C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA2654C(104354c) PostBlockList: 0xFCA266A4:FCA266A4 Queue: 0x00000000 Start Address: 0x5FF93E25 C:\WINNT\system32\CSRSRV.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF05D0000 Stack Limit: 0xF05CD000 Kernel Stack: 0xF05CFC5C(6301000 7ad9000 60ba000 6301000 7ad9000 60ba000 ) Resident: 1 User stack base: 0x005C0000(5017000 442b000 NA NA ) User stack Limit: 0x005BC000 THREAD: 0xFF29FD20 (0x516dd20) Cid: b4.cc CreateTime: 0x1c5696617c911b0 2005-06-05 00:32:45Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCC69480 csrss.exe Priority: 19 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1DE82E8 Wait:(WrUserRequest) KernelMode Alertable WaitListHead: 0xFF29FD7C Contents: FCDFFB7C:FCDFEB7C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF2A3108(513a108) PostBlockList: 0xFF29FEE4:FF29FEE4 Queue: 0x00000000 Start Address: 0xA000A3A0 \??\C:\WINNT\system32\win32k.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0900000 Stack Limit: 0xF08FD000 Kernel Stack: 0xF08FFAF0(2d20000 2cbf000 2cbe000 2d20000 2cbf000 2cbe000 ) Resident: 1 THREAD: 0xFF29F5E0 (0x516d5e0) Cid: b4.d0 CreateTime: 0x1c5696617c911b0 2005-06-05 00:32:45Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCC69480 csrss.exe Priority: 16 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1DED008 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF29F63C Contents: FF17495C:FF28F77C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF29F508(516d508) PostBlockList: 0xFF29F7A4:FF29F7A4 Queue: 0x00000000 Start Address: 0xA0009EC3 \??\C:\WINNT\system32\win32k.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08DC000 Stack Limit: 0xF08D9000 Kernel Stack: 0xF08DBC68(59a3000 NA NA 59a3000 NA NA ) Resident: 0 THREAD: 0xFF298020 (0x536e020) Cid: b4.f4 CreateTime: 0x1c569661824c0f0 2005-06-05 00:32:46Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCC69480 csrss.exe Priority: 16 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1E13168 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF29807C Contents: FF28C07C:FCA2807C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF298F88(536ef88) PostBlockList: 0xFF2981E4:FF2981E4 Queue: 0x00000000 Start Address: 0xA0009EC3 \??\C:\WINNT\system32\win32k.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8353000 Stack Limit: 0xF8350000 Kernel Stack: 0xF8352C68(Paged< 0:91c000> NA NA Paged< 0:91c000> NA NA ) Resident: 0 THREAD: 0xFF26D9A0 (0x5f3a9a0) Cid: b4.210 CreateTime: 0x1c569661b4b93f0 2005-06-05 00:32:51Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(6928000) ThreadsProcess: 0xFCC69480 csrss.exe Priority: 14 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1E89788 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF26D9FC Contents: FF1C993C:FCA2653C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF26DA0C(5f3aa0c) PostBlockList: 0xFF26DB64:FF26DB64 Queue: 0x00000000 Start Address: 0x5FF93E25 C:\WINNT\system32\CSRSRV.dll LPC Server thread working on message Id 0x11a4 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF80C3000 Stack Limit: 0xF80C0000 Kernel Stack: 0xF80C2C5C(671d000 299b000 3bfc000 671d000 299b000 3bfc000 ) Resident: 0 User stack base: 0x00AD0000(68e7000 3bde000 NA NA ) User stack Limit: 0x00ACC000 THREAD: 0xFF170860 (0x611e860) Cid: b4.438 CreateTime: 0x1c5696645eb91e0 2005-06-05 00:34:03Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD8000(1b7e000) ThreadsProcess: 0xFCC69480 csrss.exe Priority: 15 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1E73EA8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF1708BC Contents: FF0D94FC:FF13207C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1708CC(611e8cc) PostBlockList: 0xFF170A24:FF170A24 Queue: 0x00000000 Start Address: 0x5FFB341A C:\WINNT\system32\winsrv.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7D5B000 Stack Limit: 0xF7D56000 Kernel Stack: 0xF7D5AC20(20d7000 434d000 3b8e000 252f000 3a30000 20d7000 434d000 3b8e000 252f000 3a30000 ) Resident: 1 User stack base: 0x00E20000(6178000 556000 NA NA ) User stack Limit: 0x00E1C000 THREAD: 0xFF28C020 (0x5795020) Cid: b4.3b8 CreateTime: 0x1c56968846f5f90 2005-06-05 00:50:06Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD7000(3df5000) ThreadsProcess: 0xFCC69480 csrss.exe Priority: 14 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1FBB6E8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF28C07C Contents: FCC96B7C:FF29807C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28C08C(579508c) PostBlockList: 0xFF28C1E4:FF28C1E4 Queue: 0x00000000 Start Address: 0x5FFB341A C:\WINNT\system32\winsrv.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7867000 Stack Limit: 0xF7864000 Kernel Stack: 0xF7866C20(Paged< 0:91b000> NA NA Paged< 0:91b000> NA NA ) Resident: 0 User stack base: 0x00FA0000(6174000 7ab8000 NA NA ) User stack Limit: 0x00F9C000 + b0 winlogon.exe Source: from_active_process_list Eprocess Block: 0xFCA28D60 (0x1045d44) CreateTime: 0x1c569661745a790 2005-06-05 00:32:44Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x4fe4000 Process Environment Block: 0x7FFDF000 (4f92000) Loader module block: 0x00071E90 (4f9200c) Command Line: winlogon.exe Section: 0xE12F7E50 (0x19e9e50) Section Base Address: 0x01000000 (4560000) SectionBasedAddress: 0x2E8C3430 ) SizeOfSegment: 0x2d000 SectionFileName: \WINNT\system32\winlogon.exe 0xe1db5148 (0x4fc6148) Handle Table: 0xFCC68BC8 (0x1285bc8) Count: 352 TableCode: 0xE1DBB000 Process exiting: 0 VAD Root: 0xFF29E168(5209168) Private: 824 Modified: 931 Locked: 0 AccessToken: 0xE1DBACD0(4fb1cd0) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,48ce} ParentToken ID: {0,0} Modified ID: {0,c512} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege Enabled 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled 0x01000000 0x0102D000 (4560000) winlogon.exe \??\C:\WINNT\system32\winlogon.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00020524 BaseDllName address: 0x00071F10 FullDllName physical address: 4f76524 BaseDllName physical address: 4fbbf10 0x77F80000 0x77FFA000 (1) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F88 BaseDllName address: 0x00071FAC FullDllName physical address: 4fbbf88 BaseDllName physical address: 4fbbfac 0x78000000 0x78046000 (1) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072420 BaseDllName address: 0x00072400 FullDllName physical address: 4fbc420 BaseDllName physical address: 4fbc400 0x77E80000 0x77F35000 (1) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724E0 BaseDllName address: 0x000724B8 FullDllName physical address: 4fbc4e0 BaseDllName physical address: 4fbc4b8 0x77DB0000 0x77E0A000 (1) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000725B8 BaseDllName address: 0x00072590 FullDllName physical address: 4fbc5b8 BaseDllName physical address: 4fbc590 0x77D40000 0x77DB0000 (1) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072670 BaseDllName address: 0x00072650 FullDllName physical address: 4fbc670 BaseDllName physical address: 4fbc650 0x77F40000 0x77F7C000 (1) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072728 BaseDllName address: 0x00072708 FullDllName physical address: 4fbc728 BaseDllName physical address: 4fbc708 0x77E10000 0x77E74000 (1) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000727D8 BaseDllName address: 0x000727B8 FullDllName physical address: 4fbc7d8 BaseDllName physical address: 4fbc7b8 0x77C10000 0x77C6D000 (5006000) USERENV.DLL C:\WINNT\system32\USERENV.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072890 BaseDllName address: 0x00072870 FullDllName physical address: 4fbc890 BaseDllName physical address: 4fbc870 0x769A0000 0x769A7000 (1) NDDEAPI.DLL C:\WINNT\system32\NDDEAPI.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072C18 BaseDllName address: 0x00072BF8 FullDllName physical address: 4fbcc18 BaseDllName physical address: 4fbcbf8 0x76980000 0x7699B000 (1) SFC.DLL C:\WINNT\system32\SFC.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072CB0 BaseDllName address: 0x00072578 FullDllName physical address: 4fbccb0 BaseDllName physical address: 4fbc578 0x68010000 0x68106000 (1) sfcfiles.dll C:\WINNT\system32\sfcfiles.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072E10 BaseDllName address: 0x00072DE8 FullDllName physical address: 4fbce10 BaseDllName physical address: 4fbcde8 0x77BE0000 0x77BEF000 (4fda000) SECUR32.DLL C:\WINNT\system32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072EC8 BaseDllName address: 0x00072EA8 FullDllName physical address: 4fbcec8 BaseDllName physical address: 4fbcea8 0x690F0000 0x690FB000 (1) PROFMAP.DLL C:\WINNT\system32\PROFMAP.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072F80 BaseDllName address: 0x00072F60 FullDllName physical address: 4fbcf80 BaseDllName physical address: 4fbcf60 0x75170000 0x751BF000 (5046000) NETAPI32.dll C:\WINNT\system32\NETAPI32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073058 BaseDllName address: 0x00073030 FullDllName physical address: 4ffe058 BaseDllName physical address: 4ffe030 0x751C0000 0x751C6000 (5028000) NETRAP.DLL C:\WINNT\system32\NETRAP.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073110 BaseDllName address: 0x000730F0 FullDllName physical address: 4ffe110 BaseDllName physical address: 4ffe0f0 0x75150000 0x7515F000 (503b000) SAMLIB.DLL C:\WINNT\system32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000731C8 BaseDllName address: 0x000731A8 FullDllName physical address: 4ffe1c8 BaseDllName physical address: 4ffe1a8 0x75030000 0x75044000 (5085000) WS2_32.DLL C:\WINNT\system32\WS2_32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073280 BaseDllName address: 0x00073260 FullDllName physical address: 4ffe280 BaseDllName physical address: 4ffe260 0x75020000 0x75028000 (5066000) WS2HELP.DLL C:\WINNT\system32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073338 BaseDllName address: 0x00073318 FullDllName physical address: 4ffe338 BaseDllName physical address: 4ffe318 0x77950000 0x77979000 (3349000) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000733F0 BaseDllName address: 0x000733D0 FullDllName physical address: 4ffe3f0 BaseDllName physical address: 4ffe3d0 0x77980000 0x779A4000 (505b000) DNSAPI.DLL C:\WINNT\system32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000734A8 BaseDllName address: 0x00073488 FullDllName physical address: 4ffe4a8 BaseDllName physical address: 4ffe488 0x75050000 0x75058000 (503c000) WSOCK32.DLL C:\WINNT\system32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073560 BaseDllName address: 0x00073540 FullDllName physical address: 4ffe560 BaseDllName physical address: 4ffe540 0x67D80000 0x67DD4000 (1) msgina.dll C:\WINNT\system32\msgina.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0007C460 BaseDllName address: 0x0007C440 FullDllName physical address: 5322460 BaseDllName physical address: 5322440 0x69800000 0x69A42000 (1) SHELL32.DLL C:\WINNT\system32\SHELL32.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007C518 BaseDllName address: 0x0007C4F8 FullDllName physical address: 5322518 BaseDllName physical address: 53224f8 0x77C70000 0x77CBA000 (1) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0007C5D0 BaseDllName address: 0x0007C5B0 FullDllName physical address: 53225d0 BaseDllName physical address: 53225b0 0x77B50000 0x77BD9000 (1) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x0007C690 BaseDllName address: 0x0007C668 FullDllName physical address: 5322690 BaseDllName physical address: 5322668 0x77570000 0x775A0000 (5654000) WINMM.dll C:\WINNT\system32\WINMM.dll Flags: 0xc4004 LoadCount: 0xa TlsIndex: 0 FullDllName virtual address: 0x0007CB20 BaseDllName address: 0x0007DBD0 FullDllName physical address: 5322b20 BaseDllName physical address: 56e2bd0 0x77880000 0x7790D000 (56e6000) setupapi.dll C:\WINNT\system32\setupapi.dll Flags: 0x84004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007CB60 BaseDllName address: 0x0007DD40 FullDllName physical address: 5322b60 BaseDllName physical address: 56e2d40 0x76930000 0x7695B000 (1) wintrust.dll C:\WINNT\system32\wintrust.dll Flags: 0xc4004 LoadCount: 0x38 TlsIndex: 0 FullDllName virtual address: 0x000EB548 BaseDllName address: 0x000EB520 FullDllName physical address: 6e93548 BaseDllName physical address: 6e93520 0x77440000 0x774B8000 (5434000) CRYPT32.dll C:\WINNT\system32\CRYPT32.dll Flags: 0x84006 LoadCount: 0x3b TlsIndex: 0 FullDllName virtual address: 0x000EB6B0 BaseDllName address: 0x000EB690 FullDllName physical address: 6e936b0 BaseDllName physical address: 6e93690 0x77430000 0x77440000 (532c000) MSASN1.DLL C:\WINNT\system32\MSASN1.DLL Flags: 0xc4006 LoadCount: 0x73 TlsIndex: 0 FullDllName virtual address: 0x000EB768 BaseDllName address: 0x000EB748 FullDllName physical address: 6e93768 BaseDllName physical address: 6e93748 0x77920000 0x77942000 (1) IMAGEHLP.dll C:\WINNT\system32\IMAGEHLP.dll Flags: 0xc4006 LoadCount: 0x38 TlsIndex: 0 FullDllName virtual address: 0x000EE640 BaseDllName address: 0x000EB7B0 FullDllName physical address: 6a1c640 BaseDllName physical address: 6e937b0 0x77A50000 0x77B45000 (3269000) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84006 LoadCount: 0x3d TlsIndex: 0 FullDllName virtual address: 0x000EE6F8 BaseDllName address: 0x000EE6D8 FullDllName physical address: 6a1c6f8 BaseDllName physical address: 6a1c6d8 0x76A00000 0x76A05000 (1) mscat32.dll C:\WINNT\system32\mscat32.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000F2950 BaseDllName address: 0x000EE788 FullDllName physical address: 6ed4950 BaseDllName physical address: 6a1c788 0x7CA00000 0x7CA23000 (1) rsaenh.dll C:\WINNT\system32\rsaenh.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000F3908 BaseDllName address: 0x000F2EA8 FullDllName physical address: 6e0d908 BaseDllName physical address: 6ed4ea8 0x77560000 0x77569000 (1) wdmaud.drv C:\WINNT\system32\wdmaud.drv Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0008DAF0 BaseDllName address: 0x0008DBF8 FullDllName physical address: 63bbaf0 BaseDllName physical address: 63bbbf8 0x77820000 0x77827000 (1) C:\WINNT\system32\VERSION.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000F2BE8 BaseDllName address: 0x000F1F28 FullDllName physical address: 6ed4be8 BaseDllName physical address: 347f28 0x759B0000 0x759B6000 (1) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000F28D0 BaseDllName address: 0x00151470 FullDllName physical address: 6ed48d0 BaseDllName physical address: a5b470 0x770C0000 0x770E3000 (1) cscdll.dll C:\WINNT\system32\cscdll.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000F6608 BaseDllName address: 0x001498E0 FullDllName physical address: 7333608 BaseDllName physical address: d138e0 0x76920000 0x7692F000 (1) WlNotify.dll C:\WINNT\system32\WlNotify.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013AA58 BaseDllName address: 0x000F2AF8 FullDllName physical address: aa4a58 BaseDllName physical address: 6ed4af8 0x76960000 0x76977000 (1) WINSCARD.DLL C:\WINNT\system32\WINSCARD.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013A338 BaseDllName address: 0x00131FE0 FullDllName physical address: aa4338 BaseDllName physical address: a3bfe0 0x77800000 0x7781D000 (1) WINSPOOL.DRV C:\WINNT\system32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013AEA0 BaseDllName address: 0x00134840 FullDllName physical address: aa4ea0 BaseDllName physical address: a3e840 0x77840000 0x7787C000 (1) cscui.dll C:\WINNT\system32\cscui.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00141550 BaseDllName address: 0x00151830 FullDllName physical address: 7ccb550 BaseDllName physical address: a5b830 0x779B0000 0x77A45000 (325a000) C:\WINNT\system32\OLEAUT32.DLL Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013EEA0 BaseDllName address: 0x00111FA8 FullDllName physical address: c28ea0 BaseDllName physical address: 1775fa8 0x691D0000 0x69255000 (5bc0000) CLBCATQ.DLL C:\WINNT\system32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013E9D8 BaseDllName address: 0x00151870 FullDllName physical address: c289d8 BaseDllName physical address: a5b870 0x77400000 0x77408000 (91c000) msacm32.drv C:\WINNT\system32\msacm32.drv Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0013D2E8 BaseDllName address: 0x001517F0 FullDllName physical address: be72e8 BaseDllName physical address: a5b7f0 0x77410000 0x77423000 (1) MSACM32.dll C:\WINNT\system32\MSACM32.dll Flags: 0x84006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0013F618 BaseDllName address: 0x001518F0 FullDllName physical address: ba9618 BaseDllName physical address: a5b8f0 0x4D100000 0x4D11A000 (55bc000) msv1_0.dll C:\WINNT\system32\msv1_0.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00140A40 BaseDllName address: 0x00150890 FullDllName physical address: 90aa40 BaseDllName physical address: aba890 Thread List Head: 0xFCA28DB0 THREAD: 0xFCC68020 (0x1285020) Cid: b0.90 CreateTime: 0x1c5696617472ec0 2005-06-05 00:32:44Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(4f58000) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 15 Base Priority: 15 Priority decrement: 0 Win32Thread: 0xE1DBE568 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFCC6807C Contents: FF28BDBC:FF1BE07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCC6808C(128508c) PostBlockList: 0xFCC681E4:FCC681E4 Queue: 0x00000000 Start Address: 0x01001674 \??\C:\WINNT\system32\winlogon.exe Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF05E0000 Stack Limit: 0xF05DD000 Kernel Stack: 0xF05DFCC8(582d000 NA NA 582d000 NA NA ) Resident: 0 User stack base: 0x00070000(4f57000 503e000 Paged< 0:3d1000> Paged< 0:3d3000> Paged< 0:3d5000> ) User stack Limit: 0x0006B000 THREAD: 0xFF29DCA0 (0x520aca0) Cid: b0.d8 CreateTime: 0x1c5696617e49310 2005-06-05 00:32:45Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(52c4000) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Alertable WaitListHead: 0xFF29DCFC Contents: FF1665BC:FF23AA9C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF29DD54(520ad54) PostBlockList: 0xFF29DE64:FF29DE64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77F828B5 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF835B000 Stack Limit: 0xF8358000 Kernel Stack: 0xF835ACC4(3ba0000 NA NA 3ba0000 NA NA ) Resident: 1 User stack base: 0x00740000(5266000 NA ) User stack Limit: 0x0073E000 THREAD: 0xFF29D6C0 (0x520a6c0) Cid: b0.dc CreateTime: 0x1c5696617eaafd0 2005-06-05 00:32:45Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(52c1000) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF29D71C Contents: FF18C9FC:FF29607C Queue List: 0xFF29E7A0:FF29E7A0 WaitBlockList: 0xFF29D72C(520a72c) PostBlockList: 0xFF29D884:FF29D884 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8357000 Stack Limit: 0xF8354000 Kernel Stack: 0xF8356C90(468c000 NA NA 468c000 NA NA ) Resident: 0 User stack base: 0x00790000(52e4000 NA ) User stack Limit: 0x0078E000 THREAD: 0xFF29CA20 (0x5273a20) Cid: b0.e8 CreateTime: 0x1c5696617ef4560 2005-06-05 00:32:45Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(52a9000) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF29CA7C Contents: FF22593C:FCC96B7C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1E1DC8(7e42dc8) PostBlockList: 0xE12B6930:E12EC790 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77F96528 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF834F000 Stack Limit: 0xF834C000 Kernel Stack: 0xF834E930(Paged< 0:92b000> NA NA Paged< 0:92b000> NA NA ) Resident: 0 User stack base: 0x007D0000(Paged< 0:1fd000> 522b000 ) User stack Limit: 0x007CE000 THREAD: 0xFF295780 (0x5556780) Cid: b0.108 CreateTime: 0x1c5696618541fc0 2005-06-05 00:32:46Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(557a000) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 15 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1E2D008 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF2957DC Contents: FF24507C:FF27BA9C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF2957EC(55567ec) PostBlockList: 0xFF295944:FF295944 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x010043B1 \??\C:\WINNT\system32\winlogon.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF0610000 Stack Limit: 0xF060D000 Kernel Stack: 0xF060FC20(Paged< 0:a19000> NA NA Paged< 0:a19000> NA NA ) Resident: 0 User stack base: 0x00810000(54de000 NA ) User stack Limit: 0x0080E000 Impersonating: true ImpersonationInfo: 0xE1305588(1a41588) ImpersonationLevel: SecurityImpersonation EffectiveOnly: false ImpersonationToken: 0xE1ED95D0(a565d0) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,c16f} ParentToken ID: {0,0} Modified ID: {0,bf74} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege THREAD: 0xFF290720 (0x560b720) Cid: b0.118 CreateTime: 0x1c5696618a82b10 2005-06-05 00:32:47Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(57a4000) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 15 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1E3E2C8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF29077C Contents: FCA297FC:FF17495C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF29078C(560b78c) PostBlockList: 0xFF2908E4:FF2908E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77571388 C:\WINNT\system32\WINMM.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF0640000 Stack Limit: 0xF063D000 Kernel Stack: 0xF063FC20(1983000 3a43000 1f84000 1983000 3a43000 1f84000 ) Resident: 0 User stack base: 0x00960000(57a5000 Paged< 0:207000> Paged< 0:221000> ) User stack Limit: 0x0095D000 THREAD: 0xFF2258E0 (0x9be8e0) Cid: b0.298 CreateTime: 0x1c569661d8d30d0 2005-06-05 00:32:55Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD5000(ac0000) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF22593C Contents: FF1C107C:FF29CA7C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF22594C(9be94c) PostBlockList: 0xFF225AA4:FF225AA4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77C16AC5 C:\WINNT\system32\USERENV.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7F7E000 Stack Limit: 0xF7F7B000 Kernel Stack: 0xF7F7D930(Paged< 0:92a000> NA NA Paged< 0:92a000> NA NA ) Resident: 0 User stack base: 0x01450000(ae1000 NA ) User stack Limit: 0x0144E000 THREAD: 0xFF205DA0 (0xc91da0) Cid: b0.2b0 CreateTime: 0x1c569661ed432f0 2005-06-05 00:32:57Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAF000(0) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 14 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF205DFC Contents: FF2475FC:FF18373C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF205E0C(c91e0c) PostBlockList: 0xFF205F64:FF205F64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x769841A8 C:\WINNT\system32\SFC.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7F6A000 Stack Limit: 0xF7F67000 Kernel Stack: 0xF7F69930(Paged< 0:956000> NA NA Paged< 0:956000> NA NA ) Resident: 0 THREAD: 0xFF1FE020 (0x381020) Cid: b0.2b4 CreateTime: 0x1c569661ed432f0 2005-06-05 00:32:57Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAE000(f84000) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 14 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF1FE07C Contents: FCDFF67C:FF0C093C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1D1008(7454008) PostBlockList: 0xFF1FE1E4:FF1FE1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x7698402E C:\WINNT\system32\SFC.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7F66000 Stack Limit: 0xF7F63000 Kernel Stack: 0xF7F65930(Paged< 0:96d000> NA NA Paged< 0:96d000> NA NA ) Resident: 0 User stack base: 0x01610000(e65000 NA ) User stack Limit: 0x0160E000 THREAD: 0xFF1E8860 (0x5bd860) Cid: b0.3b4 CreateTime: 0x1c56966391f5fe0 2005-06-05 00:33:41Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAD000(72fc000) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 1 Base Priority: 1 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1E88BC Contents: FF1B775C:FF1E707C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1E88CC(5bd8cc) PostBlockList: 0xFF1E8A24:FF1E8A24 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77C12395 C:\WINNT\system32\USERENV.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B28000 Stack Limit: 0xF7B25000 Kernel Stack: 0xF7B27930(Paged< 0:927000> NA NA Paged< 0:927000> NA NA ) Resident: 0 User stack base: 0x016D0000(7506000 1cab000 ) User stack Limit: 0x016CE000 THREAD: 0xFF1C38C0 (0x938c0) Cid: b0.2f4 CreateTime: 0x1c5696639226e40 2005-06-05 00:33:41Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD8000(70b6000) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1BF1EA8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1C391C Contents: FF29077C:FF1BA8BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF155F88(dd8f88) PostBlockList: 0xFF1C3A84:FF1C3A84 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x010054D9 \??\C:\WINNT\system32\winlogon.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7A7B000 Stack Limit: 0xF7A78000 Kernel Stack: 0xF7A7A930(39ec000 NA NA 39ec000 NA NA ) Resident: 1 User stack base: 0x01710000(7adf000 NA ) User stack Limit: 0x0170E000 THREAD: 0xFF1C98E0 (0x29658e0) Cid: b0.2e0 CreateTime: 0x1c5696639257ca0 2005-06-05 00:33:41Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD7000(762d000) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 11 Base Priority: 11 Priority decrement: 0 Win32Thread: 0xE1BF5008 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1C993C Contents: FF29F63C:FF0F4DFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1C994C(296594c) PostBlockList: 0xFF1C9AA4:FF1C9AA4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x770C2EF5 C:\WINNT\system32\cscdll.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7877000 Stack Limit: 0xF7874000 Kernel Stack: 0xF7876CA0(5573000 NA NA 5573000 NA NA ) Resident: 0 User stack base: 0x01750000(2b8f000 NA ) User stack Limit: 0x0174E000 THREAD: 0xFF1CF020 (0x682020) Cid: b0.164 CreateTime: 0x1c56966392d2090 2005-06-05 00:33:41Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD6000(7bbf000) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 15 Base Priority: 15 Priority decrement: 0 Win32Thread: 0xE1E97008 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF1CF07C Contents: FF1773BC:FF0E3B9C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1CF08C(68208c) PostBlockList: 0xFF1CF1E4:FF1CF1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77575BB9 C:\WINNT\system32\WINMM.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7A1B000 Stack Limit: 0xF7A18000 Kernel Stack: 0xF7A1AC20(Paged< 0:17ee000> NA NA Paged< 0:17ee000> NA NA ) Resident: 0 User stack base: 0x01790000(5140000 Paged< 0:3cd000> ) User stack Limit: 0x0178E000 THREAD: 0xFF1B7700 (0x6e2700) Cid: b0.150 CreateTime: 0x1c569663fcbc380 2005-06-05 00:33:52Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAA000(4653000) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 1 Base Priority: 1 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1B775C Contents: FF18B07C:FF1E88BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1B776C(6e276c) PostBlockList: 0xFF1B78C4:FF1B78C4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77C12395 C:\WINNT\system32\USERENV.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xFC79F000 Stack Limit: 0xFC79C000 Kernel Stack: 0xFC79E930(Paged< 0:926000> NA NA Paged< 0:926000> NA NA ) Resident: 0 User stack base: 0x018F0000(279000 27ba000 ) User stack Limit: 0x018EE000 THREAD: 0xFF1C1020 (0x7bfc020) Cid: b0.38c CreateTime: 0x1c569663fd7fd00 2005-06-05 00:33:52Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFAC000(0) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 15 Base Priority: 15 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1C107C Contents: FF1E707C:FF22593C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1C108C(7bfc08c) PostBlockList: 0xFF1C11E4:FF1C11E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77562BDF C:\WINNT\system32\wdmaud.drv Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7A03000 Stack Limit: 0xF7A00000 Kernel Stack: 0xF7A02930(Paged< 0:929000> NA NA Paged< 0:929000> NA NA ) Resident: 0 THREAD: 0xFF1E7020 (0x7e4020) Cid: b0.154 CreateTime: 0x1c569663fe12820 2005-06-05 00:33:52Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA9000(718b000) ThreadsProcess: 0xFCA28D60 winlogon.exe Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1E707C Contents: FF1E88BC:FF1C107C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1E708C(7e408c) PostBlockList: 0xFF1E71E4:FF1E71E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF79FB000 Stack Limit: 0xF79F8000 Kernel Stack: 0xF79FAC48(Paged< 0:928000> NA NA Paged< 0:928000> NA NA ) Resident: 0 User stack base: 0x01EE0000(192e000 NA ) User stack Limit: 0x01EDE000 + e4 services.exe Source: from_active_process_list Eprocess Block: 0xFF29D080 (0x520a064) CreateTime: 0x1c5696617edbe30 2005-06-05 00:32:45Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x52e5000 Process Environment Block: 0x7FFDF000 (520b000) Loader module block: 0x00071E90 (520b00c) Command Line: C:\WINNT\system32\services.exe Section: 0xE1330FD0 (0x1ac2fd0) Section Base Address: 0x01000000 (52e3000) SectionBasedAddress: 0x0884C430 ) SizeOfSegment: 0x18000 SectionFileName: \WINNT\system32\services.exe 0xe1e0c708 (0x521f708) Handle Table: 0xFF29E868 (0x5209868) Count: 570 TableCode: 0xE1E12000 Process exiting: 0 VAD Root: 0xFF0E7E68(225de68) Private: 2870 Modified: 299 Locked: 15 AccessToken: 0xE1E0EE10(5283e10) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,4b56} ParentToken ID: {0,0} Modified ID: {0,6319} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled 0x01000000 0x01018000 (52e3000) services.exe C:\WINNT\system32\services.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00071F10 FullDllName physical address: 51ef57c BaseDllName physical address: 5274f10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F88 BaseDllName address: 0x00071FAC FullDllName physical address: 5274f88 BaseDllName physical address: 5274fac 0x77D40000 0x77DB0000 (32dd000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072420 BaseDllName address: 0x00072400 FullDllName physical address: 5215420 BaseDllName physical address: 5215400 0x77E80000 0x77F35000 (3234000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724E0 BaseDllName address: 0x000724B8 FullDllName physical address: 52154e0 BaseDllName physical address: 52154b8 0x77DB0000 0x77E0A000 (3210000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000725A0 BaseDllName address: 0x00072578 FullDllName physical address: 52155a0 BaseDllName physical address: 5215578 0x75170000 0x751BF000 (5046000) NETAPI32.DLL C:\WINNT\system32\NETAPI32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072660 BaseDllName address: 0x00072638 FullDllName physical address: 5215660 BaseDllName physical address: 5215638 0x78000000 0x78046000 (335c000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072A40 BaseDllName address: 0x00072A20 FullDllName physical address: 5215a40 BaseDllName physical address: 5215a20 0x77BE0000 0x77BEF000 (4fda000) SECUR32.DLL C:\WINNT\system32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072B10 BaseDllName address: 0x00072AF0 FullDllName physical address: 5215b10 BaseDllName physical address: 5215af0 0x751C0000 0x751C6000 (5028000) NETRAP.DLL C:\WINNT\system32\NETRAP.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072BC8 BaseDllName address: 0x00072BA8 FullDllName physical address: 5215bc8 BaseDllName physical address: 5215ba8 0x75150000 0x7515F000 (503b000) SAMLIB.DLL C:\WINNT\system32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072C80 BaseDllName address: 0x00072C60 FullDllName physical address: 5215c80 BaseDllName physical address: 5215c60 0x75030000 0x75044000 (5085000) WS2_32.DLL C:\WINNT\system32\WS2_32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072D38 BaseDllName address: 0x00072D18 FullDllName physical address: 5215d38 BaseDllName physical address: 5215d18 0x75020000 0x75028000 (5066000) WS2HELP.DLL C:\WINNT\system32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072DF0 BaseDllName address: 0x00072DD0 FullDllName physical address: 5215df0 BaseDllName physical address: 5215dd0 0x77950000 0x77979000 (3349000) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072EA8 BaseDllName address: 0x00072E88 FullDllName physical address: 5215ea8 BaseDllName physical address: 5215e88 0x77980000 0x779A4000 (505b000) DNSAPI.DLL C:\WINNT\system32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072F60 BaseDllName address: 0x00072F40 FullDllName physical address: 5215f60 BaseDllName physical address: 5215f40 0x75050000 0x75058000 (503c000) WSOCK32.DLL C:\WINNT\system32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073018 BaseDllName address: 0x00072FF8 FullDllName physical address: 52e9018 BaseDllName physical address: 52e9000 0x77E10000 0x77E74000 (3382000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000730D0 BaseDllName address: 0x000730B0 FullDllName physical address: 52e90d0 BaseDllName physical address: 52e90b0 0x77F40000 0x77F7C000 (31f2000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073188 BaseDllName address: 0x00073168 FullDllName physical address: 52e9188 BaseDllName physical address: 52e9168 0x767A0000 0x767B8000 (1) UMPNPMGR.DLL C:\WINNT\system32\UMPNPMGR.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073240 BaseDllName address: 0x00073218 FullDllName physical address: 52e9240 BaseDllName physical address: 52e9218 0x77C10000 0x77C6D000 (5006000) USERENV.DLL C:\WINNT\system32\USERENV.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000732F8 BaseDllName address: 0x000732D8 FullDllName physical address: 52e92f8 BaseDllName physical address: 52e92d8 0x76810000 0x7684B000 (5384000) SCESRV.DLL C:\WINNT\system32\SCESRV.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: -1 FullDllName virtual address: 0x000733B0 BaseDllName address: 0x00073390 FullDllName physical address: 52e93b0 BaseDllName physical address: 52e9390 0x77BF0000 0x77C01000 (1) NTDSAPI.DLL C:\WINNT\system32\NTDSAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073468 BaseDllName address: 0x00073448 FullDllName physical address: 52e9468 BaseDllName physical address: 52e9448 0x76890000 0x7689E000 (1) eventlog.dll C:\WINNT\system32\eventlog.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000919C8 BaseDllName address: 0x00093A30 FullDllName physical address: 586e9c8 BaseDllName physical address: 5852a30 0x77360000 0x77379000 (1) dhcpcsvc.dll C:\WINNT\system32\dhcpcsvc.dll Flags: 0xc4004 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x0009EEE8 BaseDllName address: 0x0009EF80 FullDllName physical address: 5991ee8 BaseDllName physical address: 5991f80 0x77520000 0x77525000 (1) ICMP.DLL C:\WINNT\system32\ICMP.DLL Flags: 0x84006 LoadCount: 0xd TlsIndex: 0 FullDllName virtual address: 0x0009FC98 BaseDllName address: 0x00094460 FullDllName physical address: 5af7c98 BaseDllName physical address: 5a33460 0x77340000 0x77353000 (1) IPHLPAPI.DLL C:\WINNT\system32\IPHLPAPI.DLL Flags: 0xc4006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x000A02C0 BaseDllName address: 0x0009FFB0 FullDllName physical address: 5a2d2c0 BaseDllName physical address: 5af7fb0 0x77320000 0x77337000 (1) MPRAPI.DLL C:\WINNT\system32\MPRAPI.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x000A0378 BaseDllName address: 0x000A0358 FullDllName physical address: 5a2d378 BaseDllName physical address: 5a2d358 0x77A50000 0x77B45000 (3269000) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84006 LoadCount: 0x53 TlsIndex: 0 FullDllName virtual address: 0x000A03E0 BaseDllName address: 0x000A03C0 FullDllName physical address: 5a2d3e0 BaseDllName physical address: 5a2d3c0 0x779B0000 0x77A45000 (1) OLEAUT32.DLL C:\WINNT\system32\OLEAUT32.DLL Flags: 0x84006 LoadCount: 0xd TlsIndex: 0 FullDllName virtual address: 0x000A0420 BaseDllName address: 0x000A0078 FullDllName physical address: 5a2d420 BaseDllName physical address: 5a2d078 0x773B0000 0x773DE000 (1) ACTIVEDS.DLL C:\WINNT\system32\ACTIVEDS.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x000A04B8 BaseDllName address: 0x000947C8 FullDllName physical address: 5a2d4b8 BaseDllName physical address: 5a337c8 0x77380000 0x773A2000 (1) ADSLDPC.DLL C:\WINNT\system32\ADSLDPC.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x000A0570 BaseDllName address: 0x000A0550 FullDllName physical address: 5a2d570 BaseDllName physical address: 5a2d550 0x77830000 0x7783E000 (1) RTUTILS.DLL C:\WINNT\system32\RTUTILS.DLL Flags: 0xc4006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x000A0608 BaseDllName address: 0x000A0650 FullDllName physical address: 5a2d608 BaseDllName physical address: 5a2d650 0x77880000 0x7790D000 (56e6000) SETUPAPI.DLL C:\WINNT\system32\SETUPAPI.DLL Flags: 0x84006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x000A06E8 BaseDllName address: 0x000A06C0 FullDllName physical address: 5a2d6e8 BaseDllName physical address: 5a2d6c0 0x774E0000 0x77512000 (1) RASAPI32.DLL C:\WINNT\system32\RASAPI32.DLL Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x000A07A8 BaseDllName address: 0x000A0780 FullDllName physical address: 5a2d7a8 BaseDllName physical address: 5a2d780 0x774C0000 0x774D1000 (1) RASMAN.DLL C:\WINNT\system32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x000A0860 BaseDllName address: 0x000A0840 FullDllName physical address: 5a2d860 BaseDllName physical address: 5a2d840 0x77530000 0x77552000 (1) TAPI32.DLL C:\WINNT\system32\TAPI32.DLL Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x000A0918 BaseDllName address: 0x000A08F8 FullDllName physical address: 5a2d918 BaseDllName physical address: 5a2d8f8 0x77B50000 0x77BD9000 (336b000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xb TlsIndex: 0 FullDllName virtual address: 0x000A09D8 BaseDllName address: 0x000A09B0 FullDllName physical address: 5a2d9d8 BaseDllName physical address: 5a2d9b0 0x77C70000 0x77CBA000 (331a000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x000A0A90 BaseDllName address: 0x000A0A70 FullDllName physical address: 5a2da90 BaseDllName physical address: 5a2da70 0x691D0000 0x69255000 (1) CLBCATQ.DLL C:\WINNT\system32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A1C88 BaseDllName address: 0x000A1CD0 FullDllName physical address: 5adcc88 BaseDllName physical address: 5adccd0 0x768A0000 0x768B9000 (1) dnsrslvr.dll C:\WINNT\system32\dnsrslvr.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A0B28 BaseDllName address: 0x000A7758 FullDllName physical address: 5a2db28 BaseDllName physical address: 5b6b758 0x76880000 0x76886000 (1) lmhsvc.dll C:\WINNT\system32\lmhsvc.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A2A08 BaseDllName address: 0x000A77D0 FullDllName physical address: 5b72a08 BaseDllName physical address: 5b6b7d0 0x74FD0000 0x74FED000 (1) msafd.dll C:\WINNT\system32\msafd.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000B1B38 BaseDllName address: 0x000B1BC0 FullDllName physical address: 5ce5b38 BaseDllName physical address: 5ce5bc0 0x75010000 0x75017000 (1) wshtcpip.dll C:\WINNT\System32\wshtcpip.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B06F0 BaseDllName address: 0x000B0A08 FullDllName physical address: 5bb96f0 BaseDllName physical address: 5bb9a08 0x65780000 0x6578C000 (1) WINSTA.DLL C:\WINNT\system32\WINSTA.DLL Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B6960 BaseDllName address: 0x000AFDE8 FullDllName physical address: 5d3b960 BaseDllName physical address: 5c35de8 0x768C0000 0x768C6000 (1) dmserver.dll C:\WINNT\system32\dmserver.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B68E0 BaseDllName address: 0x000B8F98 FullDllName physical address: 5d3b8e0 BaseDllName physical address: 5ef3f98 0x770B0000 0x770B7000 (1) CFGMGR32.DLL C:\WINNT\system32\CFGMGR32.DLL Flags: 0x4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BA718 BaseDllName address: 0x000BA680 FullDllName physical address: 5edc718 BaseDllName physical address: 5edc680 0x767E0000 0x767F6000 (1) Srvsvc.dll C:\WINNT\system32\Srvsvc.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C1AD8 BaseDllName address: 0x000C10F8 FullDllName physical address: 63daad8 BaseDllName physical address: 63da0f8 0x77800000 0x7781D000 (1) WINSPOOL.DRV C:\WINNT\system32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C1048 BaseDllName address: 0x000C2F00 FullDllName physical address: 63da048 BaseDllName physical address: 665ef00 0x76770000 0x7678A000 (1) wkssvc.dll C:\WINNT\system32\wkssvc.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C3B80 BaseDllName address: 0x000C2F28 FullDllName physical address: 6802b80 BaseDllName physical address: 665ef28 0x76670000 0x7667E000 (1) CRYPTDLL.DLL C:\WINNT\system32\CRYPTDLL.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000D0990 BaseDllName address: 0x000B0218 FullDllName physical address: 6738990 BaseDllName physical address: 5bb9218 0x768D0000 0x768E2000 (1) cryptsvc.dll C:\WINNT\system32\cryptsvc.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C19C8 BaseDllName address: 0x000AFD40 FullDllName physical address: 63da9c8 BaseDllName physical address: 5c35d40 0x76850000 0x7686F000 (1) psbase.dll C:\WINNT\system32\psbase.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C7458 BaseDllName address: 0x000C74A0 FullDllName physical address: 6775458 BaseDllName physical address: 67754a0 0x7CA00000 0x7CA23000 (5670000) rsaenh.dll C:\WINNT\system32\rsaenh.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C7530 BaseDllName address: 0x000B17B0 FullDllName physical address: 6775530 BaseDllName physical address: 5ce57b0 0x77440000 0x774B8000 (5434000) CRYPT32.dll C:\WINNT\system32\CRYPT32.dll Flags: 0x84006 LoadCount: 0x38 TlsIndex: 0 FullDllName virtual address: 0x000C85B0 BaseDllName address: 0x000B17E8 FullDllName physical address: 69d65b0 BaseDllName physical address: 5ce57e8 0x77430000 0x77440000 (532c000) MSASN1.DLL C:\WINNT\system32\MSASN1.DLL Flags: 0xc4006 LoadCount: 0x6f TlsIndex: 0 FullDllName virtual address: 0x000C8668 BaseDllName address: 0x000C8648 FullDllName physical address: 69d6668 BaseDllName physical address: 69d6648 0x76800000 0x76807000 (6d63000) seclogon.dll C:\WINNT\system32\seclogon.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000CEC40 BaseDllName address: 0x000CDD70 FullDllName physical address: 66fdc40 BaseDllName physical address: 669cd70 0x767C0000 0x767D9000 (d31000) trkwks.dll C:\WINNT\system32\trkwks.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000922F8 BaseDllName address: 0x000CFF30 FullDllName physical address: 58902f8 BaseDllName physical address: 67bef30 0x768F0000 0x768FF000 (2afd000) browser.dll C:\WINNT\system32\browser.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000DA420 BaseDllName address: 0x00089608 FullDllName physical address: 5c8420 BaseDllName physical address: 58f6608 0x76870000 0x7687B000 (72a000) msgsvc.dll C:\WINNT\system32\msgsvc.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000DB830 BaseDllName address: 0x000D7008 FullDllName physical address: 6f0830 BaseDllName physical address: d48008 0x70170000 0x7028A000 (3d17000) ESENT.dll C:\WINNT\system32\ESENT.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000DC4C8 BaseDllName address: 0x000DC508 FullDllName physical address: 3f364c8 BaseDllName physical address: 3f36508 0x74FF0000 0x75002000 (5ceb000) mswsock.dll C:\WINNT\system32\mswsock.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000F3EF0 BaseDllName address: 0x000E70A0 FullDllName physical address: 80bef0 BaseDllName physical address: 7f00a0 0x78280000 0x7828C000 (5e1f000) rnr20.dll C:\WINNT\System32\rnr20.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000DC980 BaseDllName address: 0x000DC9C0 FullDllName physical address: 3f36980 BaseDllName physical address: 3f369c0 0x777E0000 0x777E8000 (5eaf000) winrnr.dll C:\WINNT\System32\winrnr.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000DCB90 BaseDllName address: 0x000F8E28 FullDllName physical address: 3f36b90 BaseDllName physical address: 3fa0e28 0x777F0000 0x777F5000 (1) rasadhlp.dll C:\WINNT\system32\rasadhlp.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000DC8A0 BaseDllName address: 0x000DCA30 FullDllName physical address: 3f368a0 BaseDllName physical address: 3f36a30 0x76750000 0x76765000 (3d4c000) wmicore.dll C:\WINNT\system32\wmicore.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000F4AF0 BaseDllName address: 0x000DCD98 FullDllName physical address: 57b6af0 BaseDllName physical address: 3f36d98 0x76930000 0x7695B000 (6713000) WINTRUST.dll C:\WINNT\system32\WINTRUST.dll Flags: 0xc4004 LoadCount: 0x37 TlsIndex: 0 FullDllName virtual address: 0x000F9788 BaseDllName address: 0x000E93A8 FullDllName physical address: 45c1788 BaseDllName physical address: 3dc03a8 0x77920000 0x77942000 (65b6000) IMAGEHLP.dll C:\WINNT\system32\IMAGEHLP.dll Flags: 0xc4006 LoadCount: 0x37 TlsIndex: 0 FullDllName virtual address: 0x00095830 BaseDllName address: 0x000C2EA8 FullDllName physical address: 59f7830 BaseDllName physical address: 665eea8 0x69800000 0x69A42000 (328f000) shell32.dll C:\WINNT\system32\shell32.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00165038 BaseDllName address: 0x00165018 FullDllName physical address: 775038 BaseDllName physical address: 775018 Thread List Head: 0xFF29D0D0 THREAD: 0xFF296020 (0x53bd020) Cid: e4.fc CreateTime: 0x1c56966183281a0 2005-06-05 00:32:46Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(53d4000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF29607C Contents: FF29D71C:FCC9607C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF117588(221588) PostBlockList: 0xFF2961E4:FF2961E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F96528 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8347000 Stack Limit: 0xF8344000 Kernel Stack: 0xF8346930(4540000 NA NA 4540000 NA NA ) Resident: 0 User stack base: 0x00480000(Paged< 0:dda000> 5497000 ) User stack Limit: 0x0047E000 THREAD: 0xFF28BD60 (0x579dd60) Cid: e4.13c CreateTime: 0x1c5696618e23c30 2005-06-05 00:32:47Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(58d7000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF28BDBC Contents: FF2759BC:FCC6807C Queue List: 0xFF25BEB0:FF28D7D0 WaitBlockList: 0xFF28BDCC(579ddcc) PostBlockList: 0xFF28BF24:FF28BF24 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL LPC Server thread working on message Id 0x49 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8216000 Stack Limit: 0xF8213000 Kernel Stack: 0xF8215C90(3a26000 NA NA 3a26000 NA NA ) Resident: 0 User stack base: 0x004E0000(585b000 2e3b000 ) User stack Limit: 0x004DE000 THREAD: 0xFF28D6C0 (0x58b36c0) Cid: e4.140 CreateTime: 0x1c5696618e23c30 2005-06-05 00:32:47Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(5799000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF28D71C Contents: FF23AA9C:FF1C75BC Queue List: 0xFF28BE70:FF28EA80 WaitBlockList: 0xFF28D72C(58b372c) PostBlockList: 0xFF28D884:FF28D884 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8212000 Stack Limit: 0xF820F000 Kernel Stack: 0xF8211C90(3496000 NA NA 3496000 NA NA ) Resident: 0 User stack base: 0x00520000(57be000 6fe8000 ) User stack Limit: 0x0051E000 THREAD: 0xFF28B6E0 (0x579d6e0) Cid: e4.14c CreateTime: 0x1c5696618eb6750 2005-06-05 00:32:47Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD8000(5909000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Alertable WaitListHead: 0xFF28B73C Contents: FF25BDFC:FF1C993C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28B794(579d794) PostBlockList: 0xFF28B8A4:FF28B8A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F828B5 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF089C000 Stack Limit: 0xF0899000 Kernel Stack: 0xF089BCC4(3a83000 3a35000 3a4f000 3a83000 3a35000 3a4f000 ) Resident: 0 User stack base: 0x005F0000(580a000 NA ) User stack Limit: 0x005EE000 THREAD: 0xFF289020 (0x58c3020) Cid: e4.158 CreateTime: 0x1c5696618f30b40 2005-06-05 00:32:47Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD6000(58cf000) ThreadsProcess: 0xFF29D080 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF28907C Contents: FCC60B1C:FF0F8D3C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28908C(58c308c) PostBlockList: 0xFF2891E4:FF2891E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x01003C24 C:\WINNT\system32\services.exe Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xFC79B000 Stack Limit: 0xFC798000 Kernel Stack: 0xFC79ABFC(Paged< 0:a20000> NA NA Paged< 0:a20000> NA NA ) Resident: 0 User stack base: 0x00670000(5851000 6091000 6132000 ) User stack Limit: 0x0066D000 THREAD: 0xFF2875A0 (0x590d5a0) Cid: e4.168 CreateTime: 0x1c569661914a960 2005-06-05 00:32:47Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD4000(598d000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF2875FC Contents: FF286DFC:FF1DF0DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28760C(590d60c) PostBlockList: 0xFF287764:FF287764 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL LPC Server thread working on message Id 0xa5c Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xFC78B000 Stack Limit: 0xFC788000 Kernel Stack: 0xFC78AC5C(Paged< 0:96c000> NA NA Paged< 0:96c000> NA NA ) Resident: 0 User stack base: 0x00760000(Paged< 0:dae000> ) User stack Limit: 0x0075F000 THREAD: 0xFF287240 (0x590d240) Cid: e4.16c CreateTime: 0x1c569661914a960 2005-06-05 00:32:47Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAF000(59ae000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Alertable WaitListHead: 0xFF28729C Contents: FF1EDCBC:FCDFEDFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF2872F4(590d2f4) PostBlockList: 0xE21BDF90:E1E90D10 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F81459 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08B4000 Stack Limit: 0xF08B1000 Kernel Stack: 0xF08B3CC4(2cf0000 NA NA 2cf0000 NA NA ) Resident: 0 User stack base: 0x007A0000(59b0000 51c7000 ) User stack Limit: 0x0079E000 THREAD: 0xFF286DA0 (0x5952da0) Cid: e4.15c CreateTime: 0x1c5696619226a10 2005-06-05 00:32:47Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD5000(59d2000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0xE1E5C688 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF286DFC Contents: FF2864BC:FF2875FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF288588(5891588) PostBlockList: 0xE12E4F90:E12F6890 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF0670000 Stack Limit: 0xF066D000 Kernel Stack: 0xF066F930(Paged< 0:96b000> NA NA Paged< 0:96b000> NA NA ) Resident: 0 User stack base: 0x007E0000(Paged< 0:daf000> Paged< 0:dd2000> Paged< 0:ddb000> Paged< 0:def000> Paged< 0:df0000> Paged< 0:df1000> Paged< 0:df2000> Paged< 0:df3000> Paged< 0:df4000> ) User stack Limit: 0x007D7000 THREAD: 0xFF286460 (0x5952460) Cid: e4.170 CreateTime: 0x1c5696619226a10 2005-06-05 00:32:47Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAE000(59f4000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF2864BC Contents: FF28623C:FF286DFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF2864CC(59524cc) PostBlockList: 0xFF286624:FF286624 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8133000 Stack Limit: 0xF8130000 Kernel Stack: 0xF8132CA0(Paged< 0:96a000> NA NA Paged< 0:96a000> NA NA ) Resident: 0 User stack base: 0x00820000(Paged< 0:da9000> NA ) User stack Limit: 0x0081E000 THREAD: 0xFF2861E0 (0x59521e0) Cid: e4.174 CreateTime: 0x1c569661923f140 2005-06-05 00:32:47Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAD000(59f5000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF28623C Contents: FF282ABC:FF2864BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28624C(595224c) PostBlockList: 0xFF2863A4:FF2863A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF812F000 Stack Limit: 0xF812C000 Kernel Stack: 0xF812E930(Paged< 0:969000> NA NA Paged< 0:969000> NA NA ) Resident: 0 User stack base: 0x00860000(Paged< 0:db0000> 3f12000 ) User stack Limit: 0x0085E000 THREAD: 0xFF282A60 (0x5b8da60) Cid: e4.178 CreateTime: 0x1c5696619906f90 2005-06-05 00:32:48Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAC000(5d53000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF282ABC Contents: FF2815DC:FF28623C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1EC208(817208) PostBlockList: 0xE1E1AAB0:E1E1AAB0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x778321FE C:\WINNT\system32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xFC793000 Stack Limit: 0xFC790000 Kernel Stack: 0xFC792930(Paged< 0:968000> NA NA Paged< 0:968000> NA NA ) Resident: 0 User stack base: 0x00CC0000(Paged< 0:de3000> NA ) User stack Limit: 0x00CBE000 THREAD: 0xFF281580 (0x5bdd580) Cid: e4.17c CreateTime: 0x1c56966199ca910 2005-06-05 00:32:48Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAB000(5d49000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF2815DC Contents: FF2805BC:FF282ABC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF2815EC(5bdd5ec) PostBlockList: 0xFF281744:FF281744 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x768813C3 C:\WINNT\system32\lmhsvc.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF812B000 Stack Limit: 0xF8128000 Kernel Stack: 0xF812A930(Paged< 0:967000> NA NA Paged< 0:967000> NA NA ) Resident: 0 User stack base: 0x00D10000(Paged< 0:df9000> NA ) User stack Limit: 0x00D0E000 THREAD: 0xFF280560 (0x5bfe560) Cid: e4.180 CreateTime: 0x1c5696619a2c5d0 2005-06-05 00:32:48Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAA000(5c54000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF2805BC Contents: FF280D9C:FF2815DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF2805CC(5bfe5cc) PostBlockList: 0xFF280724:FF280724 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77362272 C:\WINNT\system32\dhcpcsvc.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8123000 Stack Limit: 0xF8120000 Kernel Stack: 0xF8122930(Paged< 0:966000> NA NA Paged< 0:966000> NA NA ) Resident: 0 User stack base: 0x00D60000(Paged< 0:e00000> Paged< 0:e01000> Paged< 0:e02000> Paged< 0:e03000> Paged< 0:e04000> Paged< 0:e05000> Paged< 0:e06000> Paged< 0:e07000> Paged< 0:e08000> ) User stack Limit: 0x00D57000 THREAD: 0xFF280D40 (0x5bfed40) Cid: e4.184 CreateTime: 0x1c5696619a44d00 2005-06-05 00:32:48Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA9000(5cc4000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF280D9C Contents: FF27F2BC:FF2805BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF280DAC(5bfedac) PostBlockList: 0xFF280F04:FF280F04 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x768A2AB8 C:\WINNT\system32\dnsrslvr.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF811F000 Stack Limit: 0xF811C000 Kernel Stack: 0xF811E930(Paged< 0:965000> NA NA Paged< 0:965000> NA NA ) Resident: 0 User stack base: 0x00DB0000(Paged< 0:e09000> NA ) User stack Limit: 0x00DAE000 THREAD: 0xFF27F260 (0x5ca7260) Cid: e4.18c CreateTime: 0x1c5696619a5d430 2005-06-05 00:32:48Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA7000(5e16000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF27F2BC Contents: FF26DD9C:FF280D9C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27F2CC(5ca72cc) PostBlockList: 0xFF27F424:FF27F424 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8117000 Stack Limit: 0xF8114000 Kernel Stack: 0xF8116CA0(Paged< 0:964000> NA NA Paged< 0:964000> NA NA ) Resident: 0 User stack base: 0x00E50000(Paged< 0:e0f000> NA ) User stack Limit: 0x00E4E000 THREAD: 0xFF27BCE0 (0x5cf0ce0) Cid: e4.1a0 CreateTime: 0x1c5696619b08680 2005-06-05 00:32:48Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA5000(5e69000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0xE1E796A8 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF27BD3C Contents: FF22507C:FF231B1C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27BD4C(5cf0d4c) PostBlockList: 0xFF27BEA4:FF27BEA4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x767A15D3 C:\WINNT\system32\UMPNPMGR.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF80E3000 Stack Limit: 0xF80E0000 Kernel Stack: 0xF80E2CC0(Paged< 0:a31000> NA NA Paged< 0:a31000> NA NA ) Resident: 0 User stack base: 0x00EE0000(5d32000 3df9000 ) User stack Limit: 0x00EDE000 THREAD: 0xFF27BA40 (0x5cf0a40) Cid: e4.1a4 CreateTime: 0x1c5696619b08680 2005-06-05 00:32:48Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA4000(5d2a000) ThreadsProcess: 0xFF29D080 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0xE2012348 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF27BA9C Contents: FF2957DC:FCC60B1C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27BAAC(5cf0aac) PostBlockList: 0xE21E4370:E138A370 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x767A1799 C:\WINNT\system32\UMPNPMGR.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7B78000 Stack Limit: 0xF7B75000 Kernel Stack: 0xF7B77930(Paged< 0:a1a000> NA NA Paged< 0:a1a000> NA NA ) Resident: 0 User stack base: 0x00F20000(5d15000 5e37000 45f3000 694e000 506b000 52ce000 ) User stack Limit: 0x00F1A000 THREAD: 0xFF26DD40 (0x5f3ad40) Cid: e4.1d8 CreateTime: 0x1c5696619eda600 2005-06-05 00:32:49Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA6000(60b7000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF26DD9C Contents: FF24B07C:FF27F2BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF26DDAC(5f3adac) PostBlockList: 0xFF26DF04:FF26DF04 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8043000 Stack Limit: 0xF8040000 Kernel Stack: 0xF8042930(Paged< 0:963000> NA NA Paged< 0:963000> NA NA ) Resident: 0 User stack base: 0x00F60000(Paged< 0:e11000> Paged< 0:e12000> Paged< 0:e13000> Paged< 0:e14000> Paged< 0:e15000> Paged< 0:e16000> Paged< 0:e17000> ) User stack Limit: 0x00F59000 THREAD: 0xFF25C200 (0x64a7200) Cid: e4.1f0 CreateTime: 0x1c569661b1dbc50 2005-06-05 00:32:51Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA3000(66fb000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF25C25C Contents: FCC9607C:FF15E33C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1DA668(6e63668) PostBlockList: 0xE1328DF0:E1328DF0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL LPC Server thread working on message Id 0x14a Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF810B000 Stack Limit: 0xF8108000 Kernel Stack: 0xF810A930(6ac3000 NA NA 6ac3000 NA NA ) Resident: 0 User stack base: 0x00FA0000(65bd000 NA ) User stack Limit: 0x00F9E000 THREAD: 0xFF25BDA0 (0x65b9da0) Cid: e4.1f8 CreateTime: 0x1c569661b20cab0 2005-06-05 00:32:51Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA1000(6721000) ThreadsProcess: 0xFF29D080 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF25BDFC Contents: FF16699C:FF28B73C Queue List: 0xFF235EB0:FF28BE70 WaitBlockList: 0xFF25BE0C(65b9e0c) PostBlockList: 0xFF25BF64:FF25BF64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8037000 Stack Limit: 0xF8034000 Kernel Stack: 0xF8036C90(a5f000 7520000 2cfd000 a5f000 7520000 2cfd000 ) Resident: 1 User stack base: 0x006B0000(6724000 3eff000 ) User stack Limit: 0x006AE000 THREAD: 0xFF24B020 (0x66ea020) Cid: e4.214 CreateTime: 0x1c569661b5337e0 2005-06-05 00:32:51Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF9E000(6874000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF24B07C Contents: FF23F07C:FF26DD9C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF24B08C(66ea08c) PostBlockList: 0xFF24B1E4:FF24B1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77988D3F C:\WINNT\system32\DNSAPI.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FF5000 Stack Limit: 0xF7FF2000 Kernel Stack: 0xF7FF4930(Paged< 0:961000> NA NA Paged< 0:961000> NA NA ) Resident: 0 User stack base: 0x010A0000(Paged< 0:e22000> NA ) User stack Limit: 0x0109E000 THREAD: 0xFF23F020 (0x6d42020) Cid: e4.230 CreateTime: 0x1c569661bfcd5b0 2005-06-05 00:32:52Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA8000(6c81000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF23F07C Contents: FF1EC9DC:FF24B07C Queue List: 0xFF2365E0:FF2365E0 WaitBlockList: 0xFF23F08C(6d4208c) PostBlockList: 0xFF23F1E4:FF23F1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF801F000 Stack Limit: 0xF801C000 Kernel Stack: 0xF801EC90(Paged< 0:960000> NA NA Paged< 0:960000> NA NA ) Resident: 0 User stack base: 0x010F0000(Paged< 0:e1b000> NA ) User stack Limit: 0x010EE000 THREAD: 0xFF2475A0 (0x679a5a0) Cid: e4.28c CreateTime: 0x1c569661d7f7020 2005-06-05 00:32:55Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF9D000(7c1c000) ThreadsProcess: 0xFF29D080 services.exe Priority: 10 Base Priority: 10 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF2475FC Contents: FF1F95FC:FF205DFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF24760C(679a60c) PostBlockList: 0xFF247764:FF247764 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7F8A000 Stack Limit: 0xF7F87000 Kernel Stack: 0xF7F89C48(Paged< 0:95d000> NA NA Paged< 0:95d000> NA NA ) Resident: 0 User stack base: 0x01270000(9de000 NA ) User stack Limit: 0x0126E000 THREAD: 0xFF235DA0 (0x6e37da0) Cid: e4.294 CreateTime: 0x1c569661d7f7020 2005-06-05 00:32:55Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF9B000(b82000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF235DFC Contents: FF0EEC5C:FF18CDFC Queue List: 0xFF28EA80:FF25BEB0 WaitBlockList: 0xFF235E0C(6e37e0c) PostBlockList: 0xFF235F64:FF235F64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7F82000 Stack Limit: 0xF7F7F000 Kernel Stack: 0xF7F81C90(3cda000 NA NA 3cda000 NA NA ) Resident: 1 User stack base: 0x012F0000(a04000 5ed000 45c7000 6088000 7e09000 3e6a000 ) User stack Limit: 0x012EA000 THREAD: 0xFF1EDC60 (0x81c60) Cid: e4.2d4 CreateTime: 0x1c56966210500c0 2005-06-05 00:33:01Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF97000(290e000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Alertable WaitListHead: 0xFF1EDCBC Contents: FCDFF8FC:FF28729C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1EDD14(81d14) PostBlockList: 0xFF1EDE24:FF1EDE24 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F81459 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7DE7000 Stack Limit: 0xF7DE4000 Kernel Stack: 0xF7DE6CC4(6e3a000 NA NA 6e3a000 NA NA ) Resident: 0 User stack base: 0x013F0000(7af000 NA ) User stack Limit: 0x013EE000 THREAD: 0xFF1F95A0 (0xe905a0) Cid: e4.1f4 CreateTime: 0x1c5696621547680 2005-06-05 00:33:01Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA2000(3cfa000) ThreadsProcess: 0xFF29D080 services.exe Priority: 10 Base Priority: 10 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF1F95FC Contents: FF24A5DC:FF2475FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1F960C(e9060c) PostBlockList: 0xE1BE7250:E1BE7250 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF80FB000 Stack Limit: 0xF80F8000 Kernel Stack: 0xF80FA930(Paged< 0:95c000> NA NA Paged< 0:95c000> NA NA ) Resident: 0 User stack base: 0x014B0000(225c000 NA ) User stack Limit: 0x014AE000 THREAD: 0xFF1EC980 (0x817980) Cid: e4.2b8 CreateTime: 0x1c5696621590c10 2005-06-05 00:33:01Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF96000(7d5000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF1EC9DC Contents: FF0C093C:FF23F07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1EC9EC(8179ec) PostBlockList: 0xFF1ECB44:FF1ECB44 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x7517B646 C:\WINNT\system32\NETAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8027000 Stack Limit: 0xF8024000 Kernel Stack: 0xF8026930(Paged< 0:95f000> NA NA Paged< 0:95f000> NA NA ) Resident: 0 User stack base: 0x01530000(75b000 NA ) User stack Limit: 0x0152E000 THREAD: 0xFF24A580 (0x6869580) Cid: e4.2d8 CreateTime: 0x1c56966215a9340 2005-06-05 00:33:01Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF95000(698000) ThreadsProcess: 0xFF29D080 services.exe Priority: 10 Base Priority: 10 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF24A5DC Contents: FF1DF0DC:FF1F95FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF24A5EC(68695ec) PostBlockList: 0xFF24A744:FF24A744 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x768F2CA5 C:\WINNT\system32\browser.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7DE3000 Stack Limit: 0xF7DE0000 Kernel Stack: 0xF7DE2930(Paged< 0:95b000> NA NA Paged< 0:95b000> NA NA ) Resident: 0 User stack base: 0x01570000(6d9000 6248000 ) User stack Limit: 0x0156E000 THREAD: 0xFF1DF080 (0x5449080) Cid: e4.2c0 CreateTime: 0x1c56966232b1c40 2005-06-05 00:33:04Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(3f44000) ThreadsProcess: 0xFF29D080 services.exe Priority: 10 Base Priority: 10 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF1DF0DC Contents: FF2875FC:FF24A5DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1DF0EC(54490ec) PostBlockList: 0xFF1DF244:FF1DF244 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x75171D38 C:\WINNT\system32\NETAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7DEF000 Stack Limit: 0xF7DEC000 Kernel Stack: 0xF7DEECA0(Paged< 0:95a000> NA NA Paged< 0:95a000> NA NA ) Resident: 0 User stack base: 0x01B30000(3e25000 NA ) User stack Limit: 0x01B2E000 THREAD: 0xFF1FBDA0 (0xd8dda0) Cid: e4.148 CreateTime: 0x1c569d128fbb4b0 2005-06-05 13:19:10Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF99000(2e64000) ThreadsProcess: 0xFF29D080 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1FBDFC Contents: FF295C3C:FF1C391C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1FBE0C(d8de0c) PostBlockList: 0xFF1FBF64:FF1FBF64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7AF3000 Stack Limit: 0xF7AF0000 Kernel Stack: 0xF7AF2C48(3780000 NA NA 3780000 NA NA ) Resident: 0 User stack base: 0x012B0000(46a5000 NA ) User stack Limit: 0x012AE000 THREAD: 0xFF0C08E0 (0x50d38e0) Cid: e4.40c CreateTime: 0x1c569d7eaa6ec20 2005-06-05 14:07:32Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA0000(2370000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF0C093C Contents: FF1FE07C:FF1EC9DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF0C094C(50d394c) PostBlockList: 0xFF0C0AA4:FF0C0AA4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77C16AC5 C:\WINNT\system32\USERENV.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF79F3000 Stack Limit: 0xF79F0000 Kernel Stack: 0xF79F2930(Paged< 0:96e000> NA NA Paged< 0:96e000> NA NA ) Resident: 0 User stack base: 0x01970000(1ff1000 NA ) User stack Limit: 0x0196E000 THREAD: 0xFF13F8A0 (0x6ffc8a0) Cid: e4.200 CreateTime: 0x1c569ddc38d47d0 2005-06-05 14:49:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(7531000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF13F8FC Contents: FCC968FC:FF16D07C Queue List: 0xFF28C420:FF28C420 WaitBlockList: 0xFF13F90C(6ffc90c) PostBlockList: 0xE1BE87F0:E1BE87F0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F961B4 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7ABB000 Stack Limit: 0xF7AB8000 Kernel Stack: 0xF7ABAC90(30d4000 NA NA 30d4000 NA NA ) Resident: 0 User stack base: 0x04070000(3f56000 NA ) User stack Limit: 0x0406E000 THREAD: 0xFF0F23A0 (0x71393a0) Cid: e4.43c CreateTime: 0x1c569de5de1b0a0 2005-06-05 14:53:42Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(39d7000) ThreadsProcess: 0xFF29D080 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF0F23FC Contents: FF1141DC:FF295C3C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF0F240C(713940c) PostBlockList: 0xFF0F2564:FF0F2564 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7AB3000 Stack Limit: 0xF7AB0000 Kernel Stack: 0xF7AB2C48(624b000 NA NA 624b000 NA NA ) Resident: 0 User stack base: 0x040B0000(3278000 NA ) User stack Limit: 0x040AE000 + f0 lsass.exe Source: from_active_process_list Eprocess Block: 0xFF29BA80 (0x529ea64) CreateTime: 0x1c5696617f3daf0 2005-06-05 00:32:45Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x52ad000 Process Environment Block: 0x7FFDF000 (52ac000) Loader module block: 0x00071E90 (52ac00c) Command Line: Section: 0xE12A5110 (0x18b0110) Section Base Address: 0x01000000 () SectionBasedAddress: 0x08862430 ) SizeOfSegment: 0xa000 SectionFileName: \WINNT\system32\lsass.exe 0xe12cc308 (0x1930308) Handle Table: 0xFF29B9E8 (0x529e9e8) Count: 280 TableCode: 0xE1E14000 Process exiting: 0 VAD Root: 0xFF289768(58c3768) Private: 367 Modified: 860 Locked: 0 AccessToken: 0xE1E13E10(529de10) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,4b87} ParentToken ID: {0,0} Modified ID: {0,8e53} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege Enabled 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled 0x01000000 0x0100A000 (1) lsass.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00071F10 FullDllName physical address: 64457c BaseDllName physical address: 5255f10 0x77F80000 0x77FFA000 (1) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F80 BaseDllName address: 0x00071FA4 FullDllName physical address: 5255f80 BaseDllName physical address: 5255fa4 0x77E80000 0x77F35000 (1) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072420 BaseDllName address: 0x000723F8 FullDllName physical address: 52b6420 BaseDllName physical address: 52b63f8 0x50900000 0x5097E000 (1) LSASRV.dll C:\WINNT\system32\LSASRV.dll Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724D8 BaseDllName address: 0x000724B8 FullDllName physical address: 52b64d8 BaseDllName physical address: 52b64b8 0x78000000 0x78046000 (1) MSVCRT.dll C:\WINNT\system32\MSVCRT.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000728B8 BaseDllName address: 0x00072898 FullDllName physical address: 52b68b8 BaseDllName physical address: 52b6898 0x76670000 0x7667E000 (1) cryptdll.dll C:\WINNT\system32\cryptdll.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072990 BaseDllName address: 0x00072968 FullDllName physical address: 52b6990 BaseDllName physical address: 52b6968 0x77DB0000 0x77E0A000 (1) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072A50 BaseDllName address: 0x00072A28 FullDllName physical address: 52b6a50 BaseDllName physical address: 52b6a28 0x77D40000 0x77DB0000 (1) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072B08 BaseDllName address: 0x00072AE8 FullDllName physical address: 52b6b08 BaseDllName physical address: 52b6ae8 0x77BE0000 0x77BEF000 (1) Secur32.dll C:\WINNT\system32\Secur32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072BC0 BaseDllName address: 0x00072BA0 FullDllName physical address: 52b6bc0 BaseDllName physical address: 52b6ba0 0x77E10000 0x77E74000 (1) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072C78 BaseDllName address: 0x00072C58 FullDllName physical address: 52b6c78 BaseDllName physical address: 52b6c58 0x77F40000 0x77F7C000 (1) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072D30 BaseDllName address: 0x00072D10 FullDllName physical address: 52b6d30 BaseDllName physical address: 52b6d10 0x76450000 0x764AB000 (1) SAMSRV.dll C:\WINNT\system32\SAMSRV.dll Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072DE0 BaseDllName address: 0x00072DC0 FullDllName physical address: 52b6de0 BaseDllName physical address: 52b6dc0 0x77980000 0x779A4000 (1) DNSAPI.DLL C:\WINNT\system32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072E98 BaseDllName address: 0x00072E78 FullDllName physical address: 52b6e98 BaseDllName physical address: 52b6e78 0x75050000 0x75058000 (1) WSOCK32.DLL C:\WINNT\system32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072F50 BaseDllName address: 0x00072F30 FullDllName physical address: 52b6f50 BaseDllName physical address: 52b6f30 0x75030000 0x75044000 (1) WS2_32.DLL C:\WINNT\system32\WS2_32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073008 BaseDllName address: 0x00072FE8 FullDllName physical address: 530a008 BaseDllName physical address: 52b6fe8 0x75020000 0x75028000 (1) WS2HELP.DLL C:\WINNT\system32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000730C0 BaseDllName address: 0x000730A0 FullDllName physical address: 530a0c0 BaseDllName physical address: 530a0a0 0x77430000 0x77440000 (1) MSASN1.dll C:\WINNT\system32\MSASN1.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073178 BaseDllName address: 0x00073158 FullDllName physical address: 530a178 BaseDllName physical address: 530a158 0x75170000 0x751BF000 (1) NETAPI32.dll C:\WINNT\system32\NETAPI32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073238 BaseDllName address: 0x00073210 FullDllName physical address: 530a238 BaseDllName physical address: 530a210 0x751C0000 0x751C6000 (1) NETRAP.DLL C:\WINNT\system32\NETRAP.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000732F0 BaseDllName address: 0x000732D0 FullDllName physical address: 530a2f0 BaseDllName physical address: 530a2d0 0x75150000 0x7515F000 (1) SAMLIB.DLL C:\WINNT\system32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000733A8 BaseDllName address: 0x00073388 FullDllName physical address: 530a3a8 BaseDllName physical address: 530a388 0x77950000 0x77979000 (1) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073460 BaseDllName address: 0x00073440 FullDllName physical address: 530a460 BaseDllName physical address: 530a440 0x765E0000 0x765ED000 (1) msprivs.dll C:\WINNT\system32\msprivs.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00078EE8 BaseDllName address: 0x00078EC8 FullDllName physical address: 54acee8 BaseDllName physical address: 54acec8 0x45A00000 0x45A33000 (1) kerberos.dll C:\WINNT\system32\kerberos.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00078208 BaseDllName address: 0x0007CF20 FullDllName physical address: 54ac208 BaseDllName physical address: 559af20 0x4D100000 0x4D11A000 (1) msv1_0.dll C:\WINNT\system32\msv1_0.dll Flags: 0x4004 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x00080C50 BaseDllName address: 0x00080BC0 FullDllName physical address: 567bc50 BaseDllName physical address: 567bbc0 0x7CA00000 0x7CA23000 (1) rsaenh.dll C:\WINNT\system32\rsaenh.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00080F78 BaseDllName address: 0x00080F38 FullDllName physical address: 567bf78 BaseDllName physical address: 567bf38 0x77A50000 0x77B45000 (1) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84006 LoadCount: 0x19 TlsIndex: 0 FullDllName virtual address: 0x00080B70 BaseDllName address: 0x00080F58 FullDllName physical address: 567bb70 BaseDllName physical address: 567bf58 0x77C10000 0x77C6D000 (1) USERENV.dll C:\WINNT\system32\USERENV.dll Flags: 0xc4006 LoadCount: 0xb TlsIndex: 0 FullDllName virtual address: 0x00081030 BaseDllName address: 0x00081010 FullDllName physical address: 560f030 BaseDllName physical address: 560f010 0x77440000 0x774B8000 (1) CRYPT32.dll C:\WINNT\system32\CRYPT32.dll Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x000810E8 BaseDllName address: 0x000810C8 FullDllName physical address: 560f0e8 BaseDllName physical address: 560f0c8 0x76580000 0x765DA000 (1) netlogon.dll C:\WINNT\system32\netlogon.dll Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00087030 BaseDllName address: 0x00087008 FullDllName physical address: 5809030 BaseDllName physical address: 5809008 0x77BF0000 0x77C01000 (1) NTDSAPI.DLL C:\WINNT\system32\NTDSAPI.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00087098 BaseDllName address: 0x00087078 FullDllName physical address: 5809098 BaseDllName physical address: 5809078 0x58800000 0x58825000 (1) schannel.dll C:\WINNT\system32\schannel.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000879F0 BaseDllName address: 0x000876C8 FullDllName physical address: 58099f0 BaseDllName physical address: 58096c8 0x00790000 0x007B3000 (1) rsabase.dll C:\WINNT\system32\rsabase.dll Flags: 0x2c4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00091090 BaseDllName address: 0x0008BA18 FullDllName physical address: 57aa090 BaseDllName physical address: 57e1a18 0x75090000 0x750A0000 (1) mpr.dll C:\WINNT\system32\mpr.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000919A8 BaseDllName address: 0x0008C270 FullDllName physical address: 57aa9a8 BaseDllName physical address: 5825270 0x77880000 0x7790D000 (1) setupapi.dll C:\WINNT\system32\setupapi.dll Flags: 0x84004 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x00093998 BaseDllName address: 0x00093970 FullDllName physical address: 5920998 BaseDllName physical address: 5920970 0x77B50000 0x77BD9000 (1) COMCTL32.dll C:\WINNT\system32\COMCTL32.dll Flags: 0xc4004 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00093A58 BaseDllName address: 0x00093A30 FullDllName physical address: 5920a58 BaseDllName physical address: 5920a30 0x76430000 0x7644C000 (1) scecli.dll C:\WINNT\system32\scecli.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000941A8 BaseDllName address: 0x00096908 FullDllName physical address: 59c71a8 BaseDllName physical address: 5a24908 0x764E0000 0x764FE000 (1) polagent.dll C:\WINNT\system32\polagent.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00099038 BaseDllName address: 0x0009BF70 FullDllName physical address: 5b53038 BaseDllName physical address: 5bd6f70 0x76FB0000 0x770A2000 (1) MFC42U.DLL C:\WINNT\system32\MFC42U.DLL Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00099320 BaseDllName address: 0x000993F8 FullDllName physical address: 5b53320 BaseDllName physical address: 5b533f8 0x76500000 0x76577000 (1) OAKLEY.DLL C:\WINNT\system32\OAKLEY.DLL Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000993B0 BaseDllName address: 0x00097858 FullDllName physical address: 5b533b0 BaseDllName physical address: 5aa3858 0x77340000 0x77353000 (1) IPHLPAPI.DLL C:\WINNT\system32\IPHLPAPI.DLL Flags: 0xc4006 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x0009C588 BaseDllName address: 0x0009C688 FullDllName physical address: 68a0588 BaseDllName physical address: 68a0688 0x77520000 0x77525000 (1) ICMP.DLL C:\WINNT\system32\ICMP.DLL Flags: 0x84006 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x0009BB98 BaseDllName address: 0x0009C700 FullDllName physical address: 5bd6b98 BaseDllName physical address: 68a0700 0x77320000 0x77337000 (1) MPRAPI.DLL C:\WINNT\system32\MPRAPI.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0009CDC8 BaseDllName address: 0x0009CDA8 FullDllName physical address: 68a0dc8 BaseDllName physical address: 68a0da8 0x779B0000 0x77A45000 (1) OLEAUT32.DLL C:\WINNT\system32\OLEAUT32.DLL Flags: 0x84006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x0009CE60 BaseDllName address: 0x0009C6D8 FullDllName physical address: 68a0e60 BaseDllName physical address: 68a06d8 0x773B0000 0x773DE000 (1) ACTIVEDS.DLL C:\WINNT\system32\ACTIVEDS.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0009CF20 BaseDllName address: 0x0009CEF8 FullDllName physical address: 68a0f20 BaseDllName physical address: 68a0ef8 0x77380000 0x773A2000 (1) ADSLDPC.DLL C:\WINNT\system32\ADSLDPC.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0009CFD8 BaseDllName address: 0x0009CFB8 FullDllName physical address: 6b42000 BaseDllName physical address: 68a0fb8 0x77830000 0x7783E000 (1) RTUTILS.DLL C:\WINNT\system32\RTUTILS.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0009D090 BaseDllName address: 0x0009D070 FullDllName physical address: 6b42090 BaseDllName physical address: 6b42070 0x774E0000 0x77512000 (1) RASAPI32.DLL C:\WINNT\system32\RASAPI32.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0009D150 BaseDllName address: 0x0009D128 FullDllName physical address: 6b42150 BaseDllName physical address: 6b42128 0x774C0000 0x774D1000 (1) RASMAN.DLL C:\WINNT\system32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0009D208 BaseDllName address: 0x0009D1E8 FullDllName physical address: 6b42208 BaseDllName physical address: 6b421e8 0x77530000 0x77552000 (1) TAPI32.DLL C:\WINNT\system32\TAPI32.DLL Flags: 0x84006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0009D2C0 BaseDllName address: 0x0009D2A0 FullDllName physical address: 6b422c0 BaseDllName physical address: 6b422a0 0x77C70000 0x77CBA000 (1) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0009D378 BaseDllName address: 0x0009D358 FullDllName physical address: 6b42378 BaseDllName physical address: 6b42358 0x77360000 0x77379000 (1) DHCPCSVC.DLL C:\WINNT\system32\DHCPCSVC.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0009D438 BaseDllName address: 0x0009D410 FullDllName physical address: 6b42438 BaseDllName physical address: 6b42410 0x5FD00000 0x5FD0D000 (1) MFC42LOC.DLL C:\WINNT\System32\MFC42LOC.DLL Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0009DCE0 BaseDllName address: 0x0009D4F0 FullDllName physical address: 6b42ce0 BaseDllName physical address: 6b424f0 0x691D0000 0x69255000 (1) CLBCATQ.DLL C:\WINNT\system32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0009DD28 BaseDllName address: 0x0009D4D0 FullDllName physical address: 6b42d28 BaseDllName physical address: 6b424d0 0x74FD0000 0x74FED000 (1) msafd.dll C:\WINNT\system32\msafd.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000A62A8 BaseDllName address: 0x0009DE28 FullDllName physical address: 6ec22a8 BaseDllName physical address: 6b42e28 0x75010000 0x75017000 (1) wshtcpip.dll C:\WINNT\System32\wshtcpip.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0009D920 BaseDllName address: 0x000A7130 FullDllName physical address: 6b42920 BaseDllName physical address: 6c4e130 0x67400000 0x67427000 (1) dssenh.dll C:\WINNT\system32\dssenh.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A6318 BaseDllName address: 0x000A92A0 FullDllName physical address: 6ec2318 BaseDllName physical address: 46002a0 Thread List Head: 0xFF29BAD0 THREAD: 0xFF297220 (0x5379220) Cid: f0.f8 CreateTime: 0x1c569661830fa70 2005-06-05 00:32:46Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(0) ThreadsProcess: 0xFF29BA80 lsass.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF29727C Contents: FF28EDFC:FF2785DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF29728C(537928c) PostBlockList: 0xFF2973E4:FF2973E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x509122D7 C:\WINNT\system32\LSASRV.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF834B000 Stack Limit: 0xF8348000 Kernel Stack: 0xF834ABFC(Paged< 0:879000> NA NA Paged< 0:879000> NA NA ) Resident: 0 THREAD: 0xFF295020 (0x5556020) Cid: f0.100 CreateTime: 0x1c56966184f8a30 2005-06-05 00:32:46Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(0) ThreadsProcess: 0xFF29BA80 lsass.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF29507C Contents: FF1F5B3C:FF1B81FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF15E008(7c1b008) PostBlockList: 0xFF2951E4:FF2951E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77F96528 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8343000 Stack Limit: 0xF8340000 Kernel Stack: 0xF8342930(Paged< 0:88c000> NA NA Paged< 0:88c000> NA NA ) Resident: 0 THREAD: 0xFF295BE0 (0x5556be0) Cid: f0.104 CreateTime: 0x1c5696618511160 2005-06-05 00:32:46Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(553b000) ThreadsProcess: 0xFF29BA80 lsass.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF295C3C Contents: FF0F23FC:FF1FBDFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF295C4C(5556c4c) PostBlockList: 0xFF295DA4:FF295DA4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF833F000 Stack Limit: 0xF833C000 Kernel Stack: 0xF833EC5C(1806000 NA NA 1806000 NA NA ) Resident: 0 User stack base: 0x00500000(5544000 Paged< 0:681000> NA NA NA NA ) User stack Limit: 0x004FA000 THREAD: 0xFF2949E0 (0x55679e0) Cid: f0.110 CreateTime: 0x1c56966185d4ae0 2005-06-05 00:32:46Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(5597000) ThreadsProcess: 0xFF29BA80 lsass.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Alertable WaitListHead: 0xFF294A3C Contents: FF29455C:FF14507C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF294A94(5567a94) PostBlockList: 0xFF294BA4:FF294BA4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77F828B5 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8232000 Stack Limit: 0xF822F000 Kernel Stack: 0xF8231CC4(54f1000 NA NA 54f1000 NA NA ) Resident: 1 User stack base: 0x00540000(5498000 NA NA NA NA NA ) User stack Limit: 0x0053A000 THREAD: 0xFF294500 (0x5567500) Cid: f0.114 CreateTime: 0x1c56966185ed210 2005-06-05 00:32:46Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(54dc000) ThreadsProcess: 0xFF29BA80 lsass.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF29455C Contents: FF18861C:FF294A3C Queue List: 0xFF296C20:FF296C20 WaitBlockList: 0xFF29456C(556756c) PostBlockList: 0xE12B6110:E12B63F0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77F961B4 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF822E000 Stack Limit: 0xF822B000 Kernel Stack: 0xF822DC90(54b8000 NA NA 54b8000 NA NA ) Resident: 1 User stack base: 0x00580000(551d000 NA NA NA NA NA ) User stack Limit: 0x0057A000 THREAD: 0xFF28F720 (0x575b720) Cid: f0.120 CreateTime: 0x1c5696618c09e10 2005-06-05 00:32:47Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD7000(61ef000) ThreadsProcess: 0xFF29BA80 lsass.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF28F77C Contents: FF29F63C:FF1141DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28F78C(575b78c) PostBlockList: 0xFF28F8E4:FF28F8E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll LPC Server thread working on message Id 0x1157 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF835F000 Stack Limit: 0xF835C000 Kernel Stack: 0xF835EC5C(34fd000 NA NA 34fd000 NA NA ) Resident: 0 User stack base: 0x00610000(37c2000 NA NA NA NA NA ) User stack Limit: 0x0060A000 THREAD: 0xFF28EDA0 (0x57a0da0) Cid: f0.12c CreateTime: 0x1c5696618c09e10 2005-06-05 00:32:47Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD4000(0) ThreadsProcess: 0xFF29BA80 lsass.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF28EDFC Contents: FF23B59C:FF29727C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28EE0C(57a0e0c) PostBlockList: 0xFF28EF64:FF28EF64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x5092B452 C:\WINNT\system32\LSASRV.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8222000 Stack Limit: 0xF821F000 Kernel Stack: 0xF8221CA0(Paged< 0:878000> NA NA Paged< 0:878000> NA NA ) Resident: 0 THREAD: 0xFF2513E0 (0x65f23e0) Cid: f0.208 CreateTime: 0x1c569661b4b93f0 2005-06-05 00:32:51Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(5989000) ThreadsProcess: 0xFF29BA80 lsass.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0xE1E9F0C8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF25143C Contents: FCDFE07C:FF1BBA1C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1CA488(6aab488) PostBlockList: 0xE1335DB0:E1EA49D0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8083000 Stack Limit: 0xF8080000 Kernel Stack: 0xF8082930(1e1a000 NA NA 1e1a000 NA NA ) Resident: 0 User stack base: 0x00980000(6902000 Paged< 0:6bd000> Paged< 0:6f5000> Paged< 0:6f6000> Paged< 0:6f7000> Paged< 0:6f8000> Paged< 0:6f9000> Paged< 0:6fa000> Paged< 0:6fb000> ) User stack Limit: 0x00977000 THREAD: 0xFF23B540 (0x6c75540) Cid: f0.238 CreateTime: 0x1c569661c123a50 2005-06-05 00:32:52Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA9000(0) ThreadsProcess: 0xFF29BA80 lsass.exe Priority: 11 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF23B59C Contents: FF2488FC:FF28EDFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF23B5AC(6c755ac) PostBlockList: 0xFF23B704:FF23B704 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x778321FE C:\WINNT\system32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FFD000 Stack Limit: 0xF7FFA000 Kernel Stack: 0xF7FFC930(Paged< 0:877000> NA NA Paged< 0:877000> NA NA ) Resident: 0 THREAD: 0xFF2488A0 (0x681b8a0) Cid: f0.284 CreateTime: 0x1c569661d795360 2005-06-05 00:32:55Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAC000(0) ThreadsProcess: 0xFF29BA80 lsass.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF2488FC Contents: FF1E3C5C:FF23B59C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF24890C(681b90c) PostBlockList: 0xFF248A64:FF248A64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x5092B452 C:\WINNT\system32\LSASRV.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FB1000 Stack Limit: 0xF7FAE000 Kernel Stack: 0xF7FB0CA0(Paged< 0:876000> NA NA Paged< 0:876000> NA NA ) Resident: 0 THREAD: 0xFF1E3C00 (0x61cc00) Cid: f0.e0 CreateTime: 0x1c56966232e2aa0 2005-06-05 00:33:04Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAA000(0) ThreadsProcess: 0xFF29BA80 lsass.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1E3C5C Contents: FF1DDBBC:FF2488FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1E3C6C(61cc6c) PostBlockList: 0xFF1E3DC4:FF1E3DC4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7DF3000 Stack Limit: 0xF7DF0000 Kernel Stack: 0xF7DF2C48(Paged< 0:875000> NA NA Paged< 0:875000> NA NA ) Resident: 0 THREAD: 0xFF1DDB60 (0x3d92b60) Cid: f0.2c4 CreateTime: 0x1c5696623514ff0 2005-06-05 00:33:05Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA8000(0) ThreadsProcess: 0xFF29BA80 lsass.exe Priority: 12 Base Priority: 11 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF1DDBBC Contents: FF264DBC:FF1E3C5C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1DDBCC(3d92bcc) PostBlockList: 0xFF1DDD24:FF1DDD24 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x78002432 C:\WINNT\system32\MSVCRT.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FE5000 Stack Limit: 0xF7FE2000 Kernel Stack: 0xF7FE4930(Paged< 0:874000> NA NA Paged< 0:874000> NA NA ) Resident: 0 THREAD: 0xFF1BE020 (0x5dc2020) Cid: f0.138 CreateTime: 0x1c5696934810940 2005-06-05 00:55:02Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD6000(3266000) ThreadsProcess: 0xFF29BA80 lsass.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF1BE07C Contents: FCC6807C:FF25B7BC Queue List: 0xFF291540:FF291540 WaitBlockList: 0xFF1BE08C(5dc208c) PostBlockList: 0xFF1BE1E4:FF1BE1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7C57000 Stack Limit: 0xF7C54000 Kernel Stack: 0xF7C56C90(71f0000 NA NA 71f0000 NA NA ) Resident: 0 User stack base: 0x005D0000(2507000 4009000 NA NA NA NA ) User stack Limit: 0x005CA000 + 198 svchost.exe Source: from_active_process_list Eprocess Block: 0xFF27E840 (0x5bec824) CreateTime: 0x1c5696619aa69c0 2005-06-05 00:32:48Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x5cb4000 Process Environment Block: 0x7FFDF000 (5da8000) Loader module block: 0x00071E90 (5da800c) Command Line: C:\WINNT\system32\svchost -k rpcss Section: 0xE12EFF50 (0x19b0f50) Section Base Address: 0x01000000 (5c91000) SectionBasedAddress: 0x089C0C38 ) SizeOfSegment: 0x5000 SectionFileName: \WINNT\system32\svchost.exe 0xe12e0d68 (0x1970d68) Handle Table: 0xFF27EBC8 (0x5becbc8) Count: 234 TableCode: 0xE1E64000 Process exiting: 0 VAD Root: 0xFF27D5C8(5c705c8) Private: 255 Modified: 0 Locked: 13 AccessToken: 0xE1E63030(5d24030) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,57fb} ParentToken ID: {0,0} Modified ID: {0,1752d} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege 0x01000000 0x01005000 (5c91000) svchost.exe C:\WINNT\system32\svchost.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00071F10 FullDllName physical address: 5c6c57c BaseDllName physical address: 5cb1f10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F80 BaseDllName address: 0x00071FA4 FullDllName physical address: 5cb1f80 BaseDllName physical address: 5cb1fa4 0x77DB0000 0x77E0A000 (3210000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072420 BaseDllName address: 0x000723F8 FullDllName physical address: 5cb2420 BaseDllName physical address: 5cb23f8 0x77E80000 0x77F35000 (3234000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724E0 BaseDllName address: 0x000724B8 FullDllName physical address: 5cb24e0 BaseDllName physical address: 5cb24b8 0x77D40000 0x77DB0000 (32dd000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072598 BaseDllName address: 0x00072578 FullDllName physical address: 5cb2598 BaseDllName physical address: 5cb2578 0x77A50000 0x77B45000 (3269000) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072668 BaseDllName address: 0x00072648 FullDllName physical address: 5cb2668 BaseDllName physical address: 5cb2648 0x77F40000 0x77F7C000 (31f2000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072718 BaseDllName address: 0x000726F8 FullDllName physical address: 5cb2718 BaseDllName physical address: 5cb26f8 0x77E10000 0x77E74000 (3382000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000727C8 BaseDllName address: 0x000727A8 FullDllName physical address: 5cb27c8 BaseDllName physical address: 5cb27a8 0x76190000 0x761CC000 (5ced000) rpcss.dll c:\winnt\system32\rpcss.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00074700 BaseDllName address: 0x00076710 FullDllName physical address: 5c59700 BaseDllName physical address: 5cdf710 0x78000000 0x78046000 (335c000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0x4d TlsIndex: 0 FullDllName virtual address: 0x00077470 BaseDllName address: 0x00077450 FullDllName physical address: 5d60470 BaseDllName physical address: 5d60450 0x77C10000 0x77C6D000 (5006000) USERENV.DLL c:\winnt\system32\USERENV.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00077540 BaseDllName address: 0x00077520 FullDllName physical address: 5d60540 BaseDllName physical address: 5d60520 0x75030000 0x75044000 (5085000) WS2_32.DLL c:\winnt\system32\WS2_32.DLL Flags: 0x84006 LoadCount: 0x23 TlsIndex: 0 FullDllName virtual address: 0x00077700 BaseDllName address: 0x000776E0 FullDllName physical address: 5d60700 BaseDllName physical address: 5d606e0 0x75020000 0x75028000 (5066000) WS2HELP.DLL c:\winnt\system32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0xe TlsIndex: 0 FullDllName virtual address: 0x000777B8 BaseDllName address: 0x00077798 FullDllName physical address: 5d607b8 BaseDllName physical address: 5d60798 0x77BE0000 0x77BEF000 (4fda000) SECUR32.DLL c:\winnt\system32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0xe TlsIndex: 0 FullDllName virtual address: 0x00077870 BaseDllName address: 0x00077850 FullDllName physical address: 5d60870 BaseDllName physical address: 5d60850 0x74FF0000 0x75002000 (5ceb000) mswsock.dll C:\WINNT\system32\mswsock.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00079BF0 BaseDllName address: 0x00079BD0 FullDllName physical address: 5de4bf0 BaseDllName physical address: 5de4bd0 0x77980000 0x779A4000 (505b000) DNSAPI.DLL C:\WINNT\system32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x00079CA8 BaseDllName address: 0x00079C88 FullDllName physical address: 5de4ca8 BaseDllName physical address: 5de4c88 0x75050000 0x75058000 (503c000) WSOCK32.DLL C:\WINNT\system32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00079D60 BaseDllName address: 0x00079D40 FullDllName physical address: 5de4d60 BaseDllName physical address: 5de4d40 0x74FD0000 0x74FED000 (5bd8000) msafd.dll C:\WINNT\system32\msafd.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0007DFE8 BaseDllName address: 0x00079BB0 FullDllName physical address: 5d9e000 BaseDllName physical address: 5de4bb0 0x77340000 0x77353000 (5a70000) IPHLPAPI.DLL C:\WINNT\system32\IPHLPAPI.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0007D678 BaseDllName address: 0x0007E028 FullDllName physical address: 5cf9678 BaseDllName physical address: 5d9e028 0x77520000 0x77525000 (5a0c000) ICMP.DLL C:\WINNT\system32\ICMP.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0007E0C0 BaseDllName address: 0x0007E0A0 FullDllName physical address: 5d9e0c0 BaseDllName physical address: 5d9e0a0 0x77320000 0x77337000 (5a5f000) MPRAPI.DLL C:\WINNT\system32\MPRAPI.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007E270 BaseDllName address: 0x0007E250 FullDllName physical address: 5d9e270 BaseDllName physical address: 5d9e250 0x75150000 0x7515F000 (503b000) SAMLIB.DLL C:\WINNT\system32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x0007E328 BaseDllName address: 0x0007E308 FullDllName physical address: 5d9e328 BaseDllName physical address: 5d9e308 0x75170000 0x751BF000 (5046000) NETAPI32.DLL C:\WINNT\system32\NETAPI32.DLL Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x0007E3E8 BaseDllName address: 0x0007E3C0 FullDllName physical address: 5d9e3e8 BaseDllName physical address: 5d9e3c0 0x751C0000 0x751C6000 (5028000) NETRAP.DLL C:\WINNT\system32\NETRAP.DLL Flags: 0x4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007E4A0 BaseDllName address: 0x0007E480 FullDllName physical address: 5d9e4a0 BaseDllName physical address: 5d9e480 0x77950000 0x77979000 (3349000) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x0007E558 BaseDllName address: 0x0007E538 FullDllName physical address: 5d9e558 BaseDllName physical address: 5d9e538 0x779B0000 0x77A45000 (325a000) OLEAUT32.DLL C:\WINNT\system32\OLEAUT32.DLL Flags: 0x84006 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x0007E618 BaseDllName address: 0x0007E5F0 FullDllName physical address: 5d9e618 BaseDllName physical address: 5d9e5f0 0x773B0000 0x773DE000 (59f8000) ACTIVEDS.DLL C:\WINNT\system32\ACTIVEDS.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007E6D8 BaseDllName address: 0x0007E6B0 FullDllName physical address: 5d9e6d8 BaseDllName physical address: 5d9e6b0 0x77380000 0x773A2000 (5a19000) ADSLDPC.DLL C:\WINNT\system32\ADSLDPC.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007E790 BaseDllName address: 0x0007E770 FullDllName physical address: 5d9e790 BaseDllName physical address: 5d9e770 0x77830000 0x7783E000 (5a72000) RTUTILS.DLL C:\WINNT\system32\RTUTILS.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0007E848 BaseDllName address: 0x0007E828 FullDllName physical address: 5d9e848 BaseDllName physical address: 5d9e828 0x77880000 0x7790D000 (56e6000) SETUPAPI.DLL C:\WINNT\system32\SETUPAPI.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007E908 BaseDllName address: 0x0007E8E0 FullDllName physical address: 5d9e908 BaseDllName physical address: 5d9e8e0 0x774E0000 0x77512000 (5a7d000) RASAPI32.DLL C:\WINNT\system32\RASAPI32.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007E9C8 BaseDllName address: 0x0007E9A0 FullDllName physical address: 5d9e9c8 BaseDllName physical address: 5d9e9a0 0x774C0000 0x774D1000 (5aae000) RASMAN.DLL C:\WINNT\system32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007EA80 BaseDllName address: 0x0007EA60 FullDllName physical address: 5d9ea80 BaseDllName physical address: 5d9ea60 0x77530000 0x77552000 (5a9c000) TAPI32.DLL C:\WINNT\system32\TAPI32.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007EB38 BaseDllName address: 0x0007EB18 FullDllName physical address: 5d9eb38 BaseDllName physical address: 5d9eb18 0x77B50000 0x77BD9000 (336b000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0007EBF8 BaseDllName address: 0x0007EBD0 FullDllName physical address: 5d9ebf8 BaseDllName physical address: 5d9ebd0 0x77C70000 0x77CBA000 (331a000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007ECB0 BaseDllName address: 0x0007EC90 FullDllName physical address: 5d9ecb0 BaseDllName physical address: 5d9ec90 0x77360000 0x77379000 (5978000) DHCPCSVC.DLL C:\WINNT\system32\DHCPCSVC.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007ED70 BaseDllName address: 0x0007ED48 FullDllName physical address: 5d9ed70 BaseDllName physical address: 5d9ed48 0x691D0000 0x69255000 (5bc0000) CLBCATQ.DLL C:\WINNT\system32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0007F008 BaseDllName address: 0x0007F050 FullDllName physical address: 5f96008 BaseDllName physical address: 5f96050 0x75010000 0x75017000 (5df3000) wshtcpip.dll C:\WINNT\System32\wshtcpip.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00081A00 BaseDllName address: 0x00084230 FullDllName physical address: 5e40a00 BaseDllName physical address: 5fd6230 0x78280000 0x7828C000 (5e1f000) rnr20.dll C:\WINNT\System32\rnr20.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00084AA0 BaseDllName address: 0x00084AE0 FullDllName physical address: 5fd6aa0 BaseDllName physical address: 5fd6ae0 0x777E0000 0x777E8000 (5eaf000) winrnr.dll C:\WINNT\System32\winrnr.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00084A58 BaseDllName address: 0x000859B0 FullDllName physical address: 5fd6a58 BaseDllName physical address: 5fa99b0 0x777F0000 0x777F5000 (5e3f000) rasadhlp.dll C:\WINNT\system32\rasadhlp.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000849C0 BaseDllName address: 0x00085988 FullDllName physical address: 5fd69c0 BaseDllName physical address: 5fa9988 0x4D100000 0x4D11A000 (55bc000) msv1_0.dll C:\WINNT\system32\msv1_0.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0009BE98 BaseDllName address: 0x00099E90 FullDllName physical address: f6ae98 BaseDllName physical address: 5407e90 Thread List Head: 0xFF27E890 THREAD: 0xFF27E540 (0x5bec540) Cid: 198.194 CreateTime: 0x1c5696619aa69c0 2005-06-05 00:32:48Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(5cad000) ThreadsProcess: 0xFF27E840 svchost.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E62B08 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF27E59C Contents: FF2785DC:FF1760DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27E5AC(5bec5ac) PostBlockList: 0xFF27E704:FF27E704 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x010010B8 C:\WINNT\system32\svchost.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8654000 Stack Limit: 0xF8651000 Kernel Stack: 0xF8653BFC(Paged< 0:87b000> NA NA Paged< 0:87b000> NA NA ) Resident: 0 User stack base: 0x00070000(5cce000 5db7000 ) User stack Limit: 0x0006E000 THREAD: 0xFF27C9E0 (0x5d6f9e0) Cid: 198.19c CreateTime: 0x1c5696619abf0f0 2005-06-05 00:32:48Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(5e02000) ThreadsProcess: 0xFF27E840 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE13C2828 Wait:(DelayExecution) UserMode Non-Alertable WaitListHead: 0xFF27CA3C Contents: FF1C7DFC:FCC968FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27CA94(5d6fa94) PostBlockList: 0xE1E65690:E1D42C50 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8644000 Stack Limit: 0xF8641000 Kernel Stack: 0xF8643CC4(2050000 NA NA 2050000 NA NA ) Resident: 0 User stack base: 0x00440000(5d63000 5d44000 5d8a000 5e8f000 5dd0000 5db1000 5db2000 5fd3000 5df4000 ) User stack Limit: 0x00437000 THREAD: 0xFF278580 (0x5d81580) Cid: 198.190 CreateTime: 0x1c5696619c2dcc0 2005-06-05 00:32:48Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(5e63000) ThreadsProcess: 0xFF27E840 svchost.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF2785DC Contents: FF29727C:FF27E59C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28E8A8(57a08a8) PostBlockList: 0xFF278744:FF278744 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x778321FE C:\WINNT\system32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF810F000 Stack Limit: 0xF810C000 Kernel Stack: 0xF810E930(Paged< 0:87a000> NA NA Paged< 0:87a000> NA NA ) Resident: 0 User stack base: 0x00920000(5dae000 ) User stack Limit: 0x0091F000 THREAD: 0xFF275960 (0x5dcd960) Cid: 198.1ac CreateTime: 0x1c5696619cf1640 2005-06-05 00:32:49Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(5f42000) ThreadsProcess: 0xFF27E840 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF2759BC Contents: FF27227C:FF28BDBC Queue List: 0xFF27CF20:FF27CF20 WaitBlockList: 0xFF2759CC(5dcd9cc) PostBlockList: 0xFF275B24:FF275B24 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8113000 Stack Limit: 0xF8110000 Kernel Stack: 0xF8112C90(3a62000 NA NA 3a62000 NA NA ) Resident: 0 User stack base: 0x00970000(5dcc000 ) User stack Limit: 0x0096F000 THREAD: 0xFF1D4020 (0x45aa020) Cid: 198.124 CreateTime: 0x1c569666fa4d280 2005-06-05 00:35:13Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD7000(7cc1000) ThreadsProcess: 0xFF27E840 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Non-Alertable WaitListHead: 0xFF1D407C Contents: FF16D07C:FF1665BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1D40D4(45aa0d4) PostBlockList: 0xFF1D41E4:FF1D41E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x76194A9A c:\winnt\system32\rpcss.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF820E000 Stack Limit: 0xF820B000 Kernel Stack: 0xF820DCC4(3c0e000 NA NA 3c0e000 NA NA ) Resident: 0 User stack base: 0x00AC0000(1d82000 ) User stack Limit: 0x00ABF000 THREAD: 0xFF16D020 (0x63f5020) Cid: 198.2e4 CreateTime: 0x1c5696724c1b5a0 2005-06-05 00:40:16Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD5000(7266000) ThreadsProcess: 0xFF27E840 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Non-Alertable WaitListHead: 0xFF16D07C Contents: FF13F8FC:FF1D407C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF16D0D4(63f50d4) PostBlockList: 0xFF16D1E4:FF16D1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x76194A9A c:\winnt\system32\rpcss.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF802B000 Stack Limit: 0xF8028000 Kernel Stack: 0xF802ACC4(3c2b000 NA NA 3c2b000 NA NA ) Resident: 0 User stack base: 0x00B00000(74c7000 ) User stack Limit: 0x00AFF000 THREAD: 0xFF177360 (0x40b4360) Cid: 198.10c CreateTime: 0x1c5699d2bf70d30 2005-06-05 07:07:01Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(691b000) ThreadsProcess: 0xFF27E840 svchost.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1773BC Contents: FF0F791C:FF1CF07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1773CC(40b43cc) PostBlockList: 0xFF177524:FF177524 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF78AF000 Stack Limit: 0xF78AC000 Kernel Stack: 0xF78AEC48(Paged< 0:17fa000> NA NA Paged< 0:17fa000> NA NA ) Resident: 0 User stack base: 0x00C40000(6a17000 ) User stack Limit: 0x00C3F000 + 1b4 spoolsv.exe Source: from_active_process_list Eprocess Block: 0xFF2744C0 (0x5dce4a4) CreateTime: 0x1c5696619d53300 2005-06-05 00:32:49Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x5e2e000 Process Environment Block: 0x7FFDF000 (5f07000) Loader module block: 0x00071E90 (5f0700c) Command Line: C:\WINNT\system32\spoolsv.exe Section: 0xE1E66BD0 (0x5e30bd0) Section Base Address: 0x01000000 () SectionBasedAddress: 0x08AD2428 ) SizeOfSegment: 0xd000 SectionFileName: \WINNT\system32\spoolsv.exe 0xe1e66de8 (0x5e30de8) Handle Table: 0xFF274CC8 (0x5dcecc8) Count: 97 TableCode: 0xE1E67000 Process exiting: 0 VAD Root: 0xFF273448(5df1448) Private: 219 Modified: 117 Locked: 0 AccessToken: 0xE1E66970(5e30970) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,6177} ParentToken ID: {0,0} Modified ID: {0,af45} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled Thread List Head: 0xFF274510 THREAD: 0xFF278020 (0x5d81020) Cid: 1b4.1b0 CreateTime: 0x1c5696619d53300 2005-06-05 00:32:49Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(0) ThreadsProcess: 0xFF2744C0 spoolsv.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF27807C Contents: FF27317C:FF264DBC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27808C(5d8108c) PostBlockList: 0xFF2781E4:FF2781E4 Queue: 0x00000000 Start Address: 0x77E99264 Win32 Start Address: 0x01001124 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF80FF000 Stack Limit: 0xF80FC000 Kernel Stack: 0xF80FEBFC(Paged< 0:88b000> NA NA Paged< 0:88b000> NA NA ) Resident: 0 THREAD: 0xFF273120 (0x5df1120) Cid: 1b4.1b8 CreateTime: 0x1c5696619d6ba30 2005-06-05 00:32:49Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(6048000) ThreadsProcess: 0xFF2744C0 spoolsv.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E66208 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF27317C Contents: FF1B7DFC:FF27807C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27318C(5df118c) PostBlockList: 0xFF2732E4:FF2732E4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x77DC5AB7 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8614000 Stack Limit: 0xF8611000 Kernel Stack: 0xF8613CA0(Paged< 0:88a000> NA NA Paged< 0:88a000> NA NA ) Resident: 0 User stack base: 0x00290000(Paged< 0:1974000> Paged< 0:1933000> ) User stack Limit: 0x0028E000 THREAD: 0xFF272980 (0x5f25980) Cid: 1b4.1bc CreateTime: 0x1c5696619d6ba30 2005-06-05 00:32:49Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(5deb000) ThreadsProcess: 0xFF2744C0 spoolsv.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF2729DC Contents: FF244DFC:FF1C073C Queue List: 0xFF273A00:FF273A00 WaitBlockList: 0xFF2729EC(5f259ec) PostBlockList: 0xFF272B44:FF272B44 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x77D52BA1 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF80F7000 Stack Limit: 0xF80F4000 Kernel Stack: 0xF80F6C90(5bee000 NA NA 5bee000 NA NA ) Resident: 0 User stack base: 0x002D0000(5e8d000 ) User stack Limit: 0x002CF000 THREAD: 0xFF272220 (0x5f25220) Cid: 1b4.1c8 CreateTime: 0x1c5696619d84160 2005-06-05 00:32:49Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(6096000) ThreadsProcess: 0xFF2744C0 spoolsv.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E6ACA8 Wait:(WrExecutive) UserMode Non-Alertable WaitListHead: 0xFF27227C Contents: FF1C073C:FF2759BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27228C(5f2528c) PostBlockList: 0xFF2723E4:FF2723E4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x01005979 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8604000 Stack Limit: 0xF8601000 Kernel Stack: 0xF8603C48(34d3000 NA NA 34d3000 NA NA ) Resident: 0 User stack base: 0x007E0000(5e38000 NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA ) User stack Limit: 0x007D0000 THREAD: 0xFF1C89A0 (0x3e089a0) Cid: 1b4.398 CreateTime: 0x1c569662e0218c0 2005-06-05 00:33:22Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD7000(0) ThreadsProcess: 0xFF2744C0 spoolsv.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F16008 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1C89FC Contents: FF1B995C:FF1B7DFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1C8A0C(3e08a0c) PostBlockList: 0xE1E18510:E133A1B0 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x0100197F Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8063000 Stack Limit: 0xF8060000 Kernel Stack: 0xF8062930(Paged< 0:888000> NA NA Paged< 0:888000> NA NA ) Resident: 0 THREAD: 0xFF1B9900 (0x76f8900) Cid: 1b4.1c4 CreateTime: 0x1c569662e052720 2005-06-05 00:33:22Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(0) ThreadsProcess: 0xFF2744C0 spoolsv.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1B995C Contents: FF1BB79C:FF1C89FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1B996C(76f896c) PostBlockList: 0xFF1B9AC4:FF1B9AC4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x778321FE Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF80EF000 Stack Limit: 0xF80EC000 Kernel Stack: 0xF80EE930(Paged< 0:887000> NA NA Paged< 0:887000> NA NA ) Resident: 0 THREAD: 0xFF1BB9C0 (0x3c319c0) Cid: 1b4.39c CreateTime: 0x1c569662e29d3a0 2005-06-05 00:33:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD6000(5eaa000) ThreadsProcess: 0xFF2744C0 spoolsv.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1BBA1C Contents: FF25143C:FF0F791C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1BBA2C(3c31a2c) PostBlockList: 0xFF1BBB84:FF1BBB84 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x76AE7267 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B20000 Stack Limit: 0xF7B1D000 Kernel Stack: 0xF7B1FCA0(1830000 NA NA 1830000 NA NA ) Resident: 0 User stack base: 0x00D20000(7290000 NA NA NA ) User stack Limit: 0x00D1C000 THREAD: 0xFF1BB740 (0x3c31740) Cid: 1b4.3a0 CreateTime: 0x1c569662e29d3a0 2005-06-05 00:33:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD5000(72ab000) ThreadsProcess: 0xFF2744C0 spoolsv.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1BB79C Contents: FF1B81FC:FF1B995C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1BB7AC(3c317ac) PostBlockList: 0xFF1BB904:FF1BB904 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x76AC3A42 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B1C000 Stack Limit: 0xF7B19000 Kernel Stack: 0xF7B1BCA0(Paged< 0:886000> NA NA Paged< 0:886000> NA NA ) Resident: 0 User stack base: 0x00D60000(19f1000 NA NA NA ) User stack Limit: 0x00D5C000 THREAD: 0xFF1B81A0 (0x11c1a0) Cid: 1b4.3a4 CreateTime: 0x1c569662e360d20 2005-06-05 00:33:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD4000(198c000) ThreadsProcess: 0xFF2744C0 spoolsv.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1B81FC Contents: FF29507C:FF1BB79C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1B820C(11c20c) PostBlockList: 0xFF1B8364:FF1B8364 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x77D52BA1 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B18000 Stack Limit: 0xF7B15000 Kernel Stack: 0xF7B17C48(Paged< 0:885000> NA NA Paged< 0:885000> NA NA ) Resident: 0 User stack base: 0x00E70000(79fb000 NA NA NA ) User stack Limit: 0x00E6C000 THREAD: 0xFF1B7DA0 (0x6e2da0) Cid: 1b4.3b0 CreateTime: 0x1c569662e360d20 2005-06-05 00:33:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAD000(19ce000) ThreadsProcess: 0xFF2744C0 spoolsv.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1B7DFC Contents: FF1C89FC:FF27317C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1B7E0C(6e2e0c) PostBlockList: 0xFF1B7F64:FF1B7F64 Queue: 0x00000000 Start Address: 0x77E83775 LPC Server thread working on message Id 0x727 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF833B000 Stack Limit: 0xF8338000 Kernel Stack: 0xF833AC48(Paged< 0:889000> NA NA Paged< 0:889000> NA NA ) Resident: 0 User stack base: 0x00EB0000(7b54000 NA NA NA ) User stack Limit: 0x00EAC000 + 1d0 Avsynmgr.exe Source: from_active_process_list Eprocess Block: 0xFF26F9E0 (0x61539c4) CreateTime: 0x1c5696619e78940 2005-06-05 00:32:49Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x6173000 Process Environment Block: 0x7FFDF000 (1) Loader module block: 0x00000000 Command Line: Section: 0xE1E6B570 (0x5f54570) Section Base Address: 0x00400000 () SectionBasedAddress: 0x08B22C20 ) SizeOfSegment: 0x28000 SectionFileName: \Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe 0xe1343988 (0x1adc988) Handle Table: 0xFF271228 (0x5eb0228) Count: 103 TableCode: 0xE1E6E000 Process exiting: 0 VAD Root: 0xFF24EA28(66c5a28) Private: 264 Modified: 89 Locked: 0 AccessToken: 0xE1E6C910(5f35910) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,6220} ParentToken ID: {0,0} Modified ID: {0,4742} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Thread List Head: 0xFF26FA30 THREAD: 0xFF26F6A0 (0x61536a0) Cid: 1d0.1cc CreateTime: 0x1c5696619e78940 2005-06-05 00:32:49Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(0) ThreadsProcess: 0xFF26F9E0 Avsynmgr.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E6DDC8 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF26F6FC Contents: FF26E27C:FCC69A9C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF26F70C(615370c) PostBlockList: 0xFF26F864:FF26F864 Queue: 0x00000000 Start Address: 0x77E99264 Win32 Start Address: 0x00407070 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF85F4000 Stack Limit: 0xF85F1000 Kernel Stack: 0xF85F3BFC(Paged< 0:867000> NA NA Paged< 0:867000> NA NA ) Resident: 0 THREAD: 0xFF26E220 (0x5fbb220) Cid: 1d0.1d4 CreateTime: 0x1c5696619eda600 2005-06-05 00:32:49Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(5f86000) ThreadsProcess: 0xFF26F9E0 Avsynmgr.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E76848 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF26E27C Contents: FF24E81C:FF26F6FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF26E28C(5fbb28c) PostBlockList: 0xE12E10B0:E12E10B0 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x77DC5AB7 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF05A0000 Stack Limit: 0xF059D000 Kernel Stack: 0xF059F930(Paged< 0:866000> NA NA Paged< 0:866000> NA NA ) Resident: 0 User stack base: 0x007D0000(60c7000 6329000 66b4000 65f5000 68ff000 6a40000 69c1000 6a62000 6a23000 69e4000 69a5000 68a6000 6a87000 6ac8000 6a69000 690a000 6998000 6979000 ) User stack Limit: 0x007BE000 THREAD: 0xFF24E7C0 (0x66c57c0) Cid: 1d0.204 CreateTime: 0x1c569661b4a0cc0 2005-06-05 00:32:51Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(6867000) ThreadsProcess: 0xFF26F9E0 Avsynmgr.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF24E81C Contents: FF24A07C:FF26E27C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF24E82C(66c582c) PostBlockList: 0xFF24E984:FF24E984 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x11201ED0 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8023000 Stack Limit: 0xF8020000 Kernel Stack: 0xF8022930(Paged< 0:865000> NA NA Paged< 0:865000> NA NA ) Resident: 0 User stack base: 0x00F50000(662b000 7882000 ) User stack Limit: 0x00F4E000 THREAD: 0xFF1EA120 (0x294e120) Cid: 1d0.2dc CreateTime: 0x1c56966219c4850 2005-06-05 00:33:02Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(6f9000) ThreadsProcess: 0xFF26F9E0 Avsynmgr.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1EA17C Contents: FF294A3C:FF14691C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1EA18C(294e18c) PostBlockList: 0xFF1EA2E4:FF1EA2E4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x004010C8 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7DDF000 Stack Limit: 0xF7DDC000 Kernel Stack: 0xF7DDE930(3174000 3e53000 6b2000 3174000 3e53000 6b2000 ) Resident: 1 User stack base: 0x01050000(3d3a000 ) User stack Limit: 0x0104F000 + 1e0 svchost.exe Source: from_active_process_list Eprocess Block: 0xFF27D020 (0x5c70004) CreateTime: 0x1c5696619eda600 2005-06-05 00:32:49Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x5f78000 Process Environment Block: 0x7FFDF000 (6213000) Loader module block: 0x00071E90 (621300c) Command Line: C:\WINNT\System32\svchost.exe -k netsvcs Section: 0xE1E6C610 (0x5f35610) Section Base Address: 0x01000000 (5c91000) SectionBasedAddress: 0x089C0C38 ) SizeOfSegment: 0x5000 SectionFileName: \WINNT\system32\svchost.exe 0xe12e0d68 (0x1970d68) Handle Table: 0xFF26EB88 (0x5fbbb88) Count: 233 TableCode: 0xE1E71000 Process exiting: 0 VAD Root: 0xFF1E3708(61c708) Private: 508 Modified: 65 Locked: 0 AccessToken: 0xE1E6C3F0(5f353f0) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,6285} ParentToken ID: {0,0} Modified ID: {0,72ac} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled 0x01000000 0x01005000 (5c91000) svchost.exe C:\WINNT\System32\svchost.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00071F10 FullDllName physical address: 60f757c BaseDllName physical address: 5efcf10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F80 BaseDllName address: 0x00071FA4 FullDllName physical address: 5efcf80 BaseDllName physical address: 5efcfa4 0x77DB0000 0x77E0A000 (3210000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072420 BaseDllName address: 0x000723F8 FullDllName physical address: 5f3d420 BaseDllName physical address: 5f3d3f8 0x77E80000 0x77F35000 (3234000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724E0 BaseDllName address: 0x000724B8 FullDllName physical address: 5f3d4e0 BaseDllName physical address: 5f3d4b8 0x77D40000 0x77DB0000 (32dd000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072598 BaseDllName address: 0x00072578 FullDllName physical address: 5f3d598 BaseDllName physical address: 5f3d578 0x77A50000 0x77B45000 (1) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072668 BaseDllName address: 0x00072648 FullDllName physical address: 5f3d668 BaseDllName physical address: 5f3d648 0x77F40000 0x77F7C000 (31f2000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072718 BaseDllName address: 0x000726F8 FullDllName physical address: 5f3d718 BaseDllName physical address: 5f3d6f8 0x77E10000 0x77E74000 (3382000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000727C8 BaseDllName address: 0x000727A8 FullDllName physical address: 5f3d7c8 BaseDllName physical address: 5f3d7a8 0x76290000 0x762CD000 (1) es.dll c:\winnt\system32\es.dll Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007B8E8 BaseDllName address: 0x0007BDA0 FullDllName physical address: 62568e8 BaseDllName physical address: 6256da0 0x76120000 0x76178000 (1) TXFAUX.DLL c:\winnt\system32\TXFAUX.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007BE08 BaseDllName address: 0x0007BA10 FullDllName physical address: 6256e08 BaseDllName physical address: 6256a10 0x78000000 0x78046000 (335c000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xb3 TlsIndex: 0 FullDllName virtual address: 0x0007BFE0 BaseDllName address: 0x0007BFC0 FullDllName physical address: 6316000 BaseDllName physical address: 6256fc0 0x779B0000 0x77A45000 (1) OLEAUT32.DLL C:\WINNT\system32\OLEAUT32.DLL Flags: 0x84006 LoadCount: 0x1c TlsIndex: 0 FullDllName virtual address: 0x0007C078 BaseDllName address: 0x0007B960 FullDllName physical address: 6316078 BaseDllName physical address: 6256960 0x691D0000 0x69255000 (5bc0000) CLBCATQ.DLL C:\WINNT\System32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00080F78 BaseDllName address: 0x00080F58 FullDllName physical address: 610ef78 BaseDllName physical address: 610ef58 0x761D0000 0x76234000 (668a000) ntmssvc.dll c:\winnt\system32\ntmssvc.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00083508 BaseDllName address: 0x000832F0 FullDllName physical address: 621e508 BaseDllName physical address: 621e2f0 0x76180000 0x7618C000 (1) sens.dll c:\winnt\system32\sens.dll Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00083CB8 BaseDllName address: 0x00083420 FullDllName physical address: 621ecb8 BaseDllName physical address: 621e420 0x77B50000 0x77BD9000 (1) COMCTL32.dll C:\WINNT\system32\COMCTL32.dll Flags: 0xc4004 LoadCount: 0xe TlsIndex: 0 FullDllName virtual address: 0x00083E78 BaseDllName address: 0x00083C40 FullDllName physical address: 621ee78 BaseDllName physical address: 621ec40 0x75030000 0x75044000 (5085000) WS2_32.dll C:\WINNT\System32\WS2_32.dll Flags: 0x84004 LoadCount: 0x3f TlsIndex: 0 FullDllName virtual address: 0x00083D48 BaseDllName address: 0x00084228 FullDllName physical address: 621ed48 BaseDllName physical address: 6f27228 0x75020000 0x75028000 (5066000) WS2HELP.DLL C:\WINNT\System32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0x18 TlsIndex: 0 FullDllName virtual address: 0x00071FC0 BaseDllName address: 0x00072008 FullDllName physical address: 5efcfc0 BaseDllName physical address: 5f3d008 0x66DF0000 0x66E1C000 (125000) tapisrv.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0008CE48 BaseDllName address: 0x0008D7F0 FullDllName physical address: d65e48 BaseDllName physical address: 6f577f0 0x77BE0000 0x77BEF000 (4fda000) secur32.dll C:\WINNT\System32\secur32.dll Flags: 0xc4004 LoadCount: 0x1c TlsIndex: 0 FullDllName virtual address: 0x0008F468 BaseDllName address: 0x0008F448 FullDllName physical address: 385468 BaseDllName physical address: 385448 0x75710000 0x75739000 (2c9b000) rasmans.dll c:\winnt\system32\rasmans.dll Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x000909B8 BaseDllName address: 0x00090830 FullDllName physical address: 6cf9b8 BaseDllName physical address: 6cf830 0x77830000 0x7783E000 (5a72000) rtutils.dll c:\winnt\system32\rtutils.dll Flags: 0xc4006 LoadCount: 0xc TlsIndex: 0 FullDllName virtual address: 0x00090A50 BaseDllName address: 0x000908D0 FullDllName physical address: 6cfa50 BaseDllName physical address: 6cf8d0 0x77440000 0x774B8000 (5434000) CRYPT32.dll c:\winnt\system32\CRYPT32.dll Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00090B08 BaseDllName address: 0x00090AE8 FullDllName physical address: 6cfb08 BaseDllName physical address: 6cfae8 0x77430000 0x77440000 (1) MSASN1.DLL c:\winnt\system32\MSASN1.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00090BC0 BaseDllName address: 0x00090BA0 FullDllName physical address: 6cfbc0 BaseDllName physical address: 6cfba0 0x6A4B0000 0x6A539000 (1) netcfgx.dll c:\winnt\system32\netcfgx.dll Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00090C78 BaseDllName address: 0x00090C58 FullDllName physical address: 6cfc78 BaseDllName physical address: 6cfc58 0x77980000 0x779A4000 (1) DNSAPI.dll c:\winnt\system32\DNSAPI.dll Flags: 0xc4006 LoadCount: 0x10 TlsIndex: 0 FullDllName virtual address: 0x00090D30 BaseDllName address: 0x00090D10 FullDllName physical address: 6cfd30 BaseDllName physical address: 6cfd10 0x75050000 0x75058000 (1) WSOCK32.DLL c:\winnt\system32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0xb TlsIndex: 0 FullDllName virtual address: 0x00090DE8 BaseDllName address: 0x00090DC8 FullDllName physical address: 6cfde8 BaseDllName physical address: 6cfdc8 0x774E0000 0x77512000 (5a7d000) RASAPI32.dll c:\winnt\system32\RASAPI32.dll Flags: 0xc4006 LoadCount: 0xd TlsIndex: 0 FullDllName virtual address: 0x00090E80 BaseDllName address: 0x00080F08 FullDllName physical address: 6cfe80 BaseDllName physical address: 610ef08 0x774C0000 0x774D1000 (5aae000) RASMAN.DLL c:\winnt\system32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0xe TlsIndex: 0 FullDllName virtual address: 0x00090F38 BaseDllName address: 0x00090F18 FullDllName physical address: 6cff38 BaseDllName physical address: 6cff18 0x77530000 0x77552000 (5a9c000) TAPI32.DLL c:\winnt\system32\TAPI32.DLL Flags: 0x84006 LoadCount: 0xd TlsIndex: 0 FullDllName virtual address: 0x00090FF0 BaseDllName address: 0x00090FD0 FullDllName physical address: 3c30000 BaseDllName physical address: 6cffd0 0x77C70000 0x77CBA000 (331a000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xd TlsIndex: 0 FullDllName virtual address: 0x000910A8 BaseDllName address: 0x00091088 FullDllName physical address: 3c300a8 BaseDllName physical address: 3c30088 0x75870000 0x758F3000 (761000) RASDLG.dll c:\winnt\system32\RASDLG.dll Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00091160 BaseDllName address: 0x00091140 FullDllName physical address: 3c30160 BaseDllName physical address: 3c30140 0x77320000 0x77337000 (5a5f000) MPRAPI.dll c:\winnt\system32\MPRAPI.dll Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00091218 BaseDllName address: 0x000911F8 FullDllName physical address: 3c30218 BaseDllName physical address: 3c301f8 0x75150000 0x7515F000 (503b000) SAMLIB.DLL c:\winnt\system32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0xf TlsIndex: 0 FullDllName virtual address: 0x000912D0 BaseDllName address: 0x000912B0 FullDllName physical address: 3c302d0 BaseDllName physical address: 3c302b0 0x75170000 0x751BF000 (5046000) NETAPI32.DLL c:\winnt\system32\NETAPI32.DLL Flags: 0xc4006 LoadCount: 0x10 TlsIndex: 0 FullDllName virtual address: 0x00091368 BaseDllName address: 0x00090850 FullDllName physical address: 3c30368 BaseDllName physical address: 6cf850 0x751C0000 0x751C6000 (5028000) NETRAP.DLL c:\winnt\system32\NETRAP.DLL Flags: 0x4006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x00091420 BaseDllName address: 0x00091400 FullDllName physical address: 3c30420 BaseDllName physical address: 3c30400 0x77950000 0x77979000 (3349000) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0x11 TlsIndex: 0 FullDllName virtual address: 0x000914D8 BaseDllName address: 0x000914B8 FullDllName physical address: 3c304d8 BaseDllName physical address: 3c304b8 0x773B0000 0x773DE000 (59f8000) ACTIVEDS.DLL c:\winnt\system32\ACTIVEDS.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00091598 BaseDllName address: 0x00091570 FullDllName physical address: 3c30598 BaseDllName physical address: 3c30570 0x77380000 0x773A2000 (5a19000) ADSLDPC.DLL c:\winnt\system32\ADSLDPC.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00091650 BaseDllName address: 0x00091630 FullDllName physical address: 3c30650 BaseDllName physical address: 3c30630 0x77880000 0x7790D000 (56e6000) SETUPAPI.DLL c:\winnt\system32\SETUPAPI.DLL Flags: 0x84006 LoadCount: 0xa TlsIndex: 0 FullDllName virtual address: 0x00091710 BaseDllName address: 0x000916E8 FullDllName physical address: 3c30710 BaseDllName physical address: 3c306e8 0x77C10000 0x77C6D000 (5006000) USERENV.DLL c:\winnt\system32\USERENV.DLL Flags: 0xc4006 LoadCount: 0xc TlsIndex: 0 FullDllName virtual address: 0x000917C8 BaseDllName address: 0x000917A8 FullDllName physical address: 3c307c8 BaseDllName physical address: 3c307a8 0x69BF0000 0x69C0D000 (3fe1000) NTMARTA.DLL C:\WINNT\System32\NTMARTA.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0009FBC0 BaseDllName address: 0x00098F08 FullDllName physical address: 3da3bc0 BaseDllName physical address: 27def08 0x77800000 0x7781D000 (66f5000) WINSPOOL.DRV C:\WINNT\System32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0009C1A0 BaseDllName address: 0x00099270 FullDllName physical address: 291e1a0 BaseDllName physical address: 7d8270 0x77BF0000 0x77C01000 (5316000) NTDSAPI.dll C:\WINNT\System32\NTDSAPI.dll Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00098E40 BaseDllName address: 0x000991D8 FullDllName physical address: 27dee40 BaseDllName physical address: 7d81d8 0x77340000 0x77353000 (5a70000) iphlpapi.dll C:\WINNT\System32\iphlpapi.dll Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0009BDB0 BaseDllName address: 0x00087F40 FullDllName physical address: 1abddb0 BaseDllName physical address: 6daaf40 0x77520000 0x77525000 (5a0c000) ICMP.DLL C:\WINNT\System32\ICMP.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0009E3B8 BaseDllName address: 0x000A1728 FullDllName physical address: 15203b8 BaseDllName physical address: 6ee3728 0x77360000 0x77379000 (5978000) DHCPCSVC.DLL C:\WINNT\System32\DHCPCSVC.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0009BE98 BaseDllName address: 0x0009EBE8 FullDllName physical address: 1abde98 BaseDllName physical address: 1520be8 0x773E0000 0x773F2000 (7a32000) ATL.DLL C:\WINNT\System32\ATL.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00098F90 BaseDllName address: 0x0009F838 FullDllName physical address: 27def90 BaseDllName physical address: 3da3838 0x76240000 0x7626C000 (8c0000) NTMSDBA.dll C:\WINNT\System32\NTMSDBA.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B64D8 BaseDllName address: 0x0009FB78 FullDllName physical address: da24d8 BaseDllName physical address: 3da3b78 0x69800000 0x69A42000 (328f000) Shell32.dll C:\WINNT\system32\Shell32.dll Flags: 0x84004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x000B4A58 BaseDllName address: 0x000B2E28 FullDllName physical address: 5e7a58 BaseDllName physical address: 71b6e28 0x76270000 0x76289000 (2fa8000) netman.dll c:\winnt\system32\netman.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B57E0 BaseDllName address: 0x0009E278 FullDllName physical address: 75017e0 BaseDllName physical address: 1520278 0x76F20000 0x76F95000 (2787000) NETSHELL.dll C:\WINNT\system32\NETSHELL.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000D0C08 BaseDllName address: 0x000B7468 FullDllName physical address: 6bbec08 BaseDllName physical address: 6a08468 0x76110000 0x76114000 (2bb5000) WMI.dll C:\WINNT\System32\WMI.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B4DB0 BaseDllName address: 0x0009BC48 FullDllName physical address: 5e7db0 BaseDllName physical address: 1abdc48 0x694F0000 0x69630000 (50e2000) comsvcs.dll C:\WINNT\System32\comsvcs.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C0B10 BaseDllName address: 0x000C0D60 FullDllName physical address: 3230b10 BaseDllName physical address: 3230d60 0x015D0000 0x01674000 (5238000) MSDTCPRX.dll C:\WINNT\System32\MSDTCPRX.dll Flags: 0x2c4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C0CC8 BaseDllName address: 0x000DB918 FullDllName physical address: 3230cc8 BaseDllName physical address: 329f918 0x6A7A0000 0x6A7AF000 (6b33000) MTXCLU.DLL C:\WINNT\System32\MTXCLU.DLL Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0009A1C8 BaseDllName address: 0x000D0AE8 FullDllName physical address: 27c11c8 BaseDllName physical address: 6bbeae8 0x77820000 0x77827000 (3327000) VERSION.DLL C:\WINNT\system32\VERSION.DLL Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0009B9A8 BaseDllName address: 0x000C5938 FullDllName physical address: 1abd9a8 BaseDllName physical address: 5b59938 0x759B0000 0x759B6000 (3218000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0009A210 BaseDllName address: 0x000C5390 FullDllName physical address: 27c1210 BaseDllName physical address: 5b59390 0x73930000 0x73940000 (55cb000) CLUSAPI.DLL C:\WINNT\System32\CLUSAPI.DLL Flags: 0x4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000C0E40 BaseDllName address: 0x000C4860 FullDllName physical address: 3230e40 BaseDllName physical address: 71fa860 0x689D0000 0x689DD000 (7015000) RESUTILS.DLL C:\WINNT\System32\RESUTILS.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C4E30 BaseDllName address: 0x000B4E98 FullDllName physical address: 71fae30 BaseDllName physical address: 5e7e98 Thread List Head: 0xFF27D070 THREAD: 0xFF266D00 (0x6020d00) Cid: 1e0.1dc CreateTime: 0x1c5696619ef2d30 2005-06-05 00:32:49Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(0) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E6FEA8 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF266D5C Contents: FF26407C:FCDFF67C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF266D6C(6020d6c) PostBlockList: 0xFF266EC4:FF266EC4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x010010B8 C:\WINNT\System32\svchost.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF85E4000 Stack Limit: 0xF85E1000 Kernel Stack: 0xF85E3BFC(Paged< 0:987000> NA NA Paged< 0:987000> NA NA ) Resident: 0 THREAD: 0xFF264020 (0x62d3020) Cid: 1e0.1e8 CreateTime: 0x1c5696619fffc40 2005-06-05 00:32:49Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(6018000) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E74788 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF26407C Contents: FF2354FC:FF266D5C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF26408C(62d308c) PostBlockList: 0xE1E1E0B0:E1350990 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF85D4000 Stack Limit: 0xF85D1000 Kernel Stack: 0xF85D3CA0(Paged< 0:986000> NA NA Paged< 0:986000> NA NA ) Resident: 0 User stack base: 0x00440000(Paged< 0:d6a000> Paged< 0:d6b000> ) User stack Limit: 0x0043E000 THREAD: 0xFF25B760 (0x65b9760) Cid: 1e0.1fc CreateTime: 0x1c569661b20cab0 2005-06-05 00:32:51Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(669f000) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1DC0AE8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF25B7BC Contents: FF1BE07C:FF0EEC5C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF25B7CC(65b97cc) PostBlockList: 0xFF25B924:FF25B924 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7A8B000 Stack Limit: 0xF7A88000 Kernel Stack: 0xF7A8AC20(2b1b000 NA NA 2b1b000 NA NA ) Resident: 0 User stack base: 0x00900000(6780000 Paged< 0:d8d000> ) User stack Limit: 0x008FE000 THREAD: 0xFF245020 (0x6914020) Cid: 1e0.234 CreateTime: 0x1c569661bfe5ce0 2005-06-05 00:32:52Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(6ef3000) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EAC008 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF24507C Contents: FF1718FC:FF2957DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF24508C(691408c) PostBlockList: 0xE133F170:E12F7690 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF0530000 Stack Limit: 0xF052C000 Kernel Stack: 0xF052FC20(Paged< 0:a16000> NA NA NA Paged< 0:a16000> NA NA NA ) Resident: 0 User stack base: 0x00940000(6cb4000 Paged< 0:d8f000> Paged< 0:d93000> ) User stack Limit: 0x0093D000 THREAD: 0xFF23AA40 (0x6d9ea40) Cid: 1e0.220 CreateTime: 0x1c569661c230960 2005-06-05 00:32:52Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(6f49000) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Alertable WaitListHead: 0xFF23AA9C Contents: FF29D71C:FF1C75BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF23AAF4(6d9eaf4) PostBlockList: 0xFF23AC04:FF23AC04 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F828B5 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FE1000 Stack Limit: 0xF7FDE000 Kernel Stack: 0xF7FE0CC4(34f1000 NA NA 34f1000 NA NA ) Resident: 1 User stack base: 0x00980000(6d4a000 ) User stack Limit: 0x0097F000 THREAD: 0xFF2354A0 (0x6e374a0) Cid: 1e0.254 CreateTime: 0x1c569661c3b7c60 2005-06-05 00:32:53Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD7000(6cf1000) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EAC7E8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF2354FC Contents: FF1F507C:FF26407C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF23550C(6e3750c) PostBlockList: 0xFF235664:FF235664 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x76291901 c:\winnt\system32\es.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8634000 Stack Limit: 0xF8631000 Kernel Stack: 0xF8633930(Paged< 0:985000> NA NA Paged< 0:985000> NA NA ) Resident: 0 User stack base: 0x00A10000(Paged< 0:d82000> 45df000 4466000 ) User stack Limit: 0x00A0D000 THREAD: 0xFF1F5020 (0x17d020) Cid: 1e0.2ec CreateTime: 0x1c569662cde3bf0 2005-06-05 00:33:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD5000(67fa000) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1F507C Contents: FF1C607C:FF2354FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1F508C(17d08c) PostBlockList: 0xFF1F51E4:FF1F51E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7DCF000 Stack Limit: 0xF7DCC000 Kernel Stack: 0xF7DCECA0(Paged< 0:984000> NA NA Paged< 0:984000> NA NA ) Resident: 0 User stack base: 0x00A90000(28db000 75fc000 ) User stack Limit: 0x00A8E000 THREAD: 0xFF1C7560 (0x597560) Cid: 1e0.340 CreateTime: 0x1c569662cea7570 2005-06-05 00:33:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD4000(7a3000) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1C75BC Contents: FF23AA9C:FCDFFB7C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1C75CC(5975cc) PostBlockList: 0xFF1C7724:FF1C7724 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x66E0A585 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF821A000 Stack Limit: 0xF8217000 Kernel Stack: 0xF8219CA0(723000 1d19000 1f4e000 723000 1d19000 1f4e000 ) Resident: 0 User stack base: 0x00AE0000(2688000 ) User stack Limit: 0x00ADF000 THREAD: 0xFF1C7DA0 (0x597da0) Cid: 1e0.344 CreateTime: 0x1c569662cea7570 2005-06-05 00:33:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAF000(f86000) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF1C7DFC Contents: FF28D71C:FF29607C Queue List: 0xFF265420:FF265420 WaitBlockList: 0xFF1C7E0C(597e0c) PostBlockList: 0xFF1C7F64:FF1C7F64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7C73000 Stack Limit: 0xF7C70000 Kernel Stack: 0xF7C72C90(7649000 NA NA 7649000 NA NA ) Resident: 0 User stack base: 0x00B20000(7c09000 1aad000 ) User stack Limit: 0x00B1E000 THREAD: 0xFF1C6020 (0x2898020) Cid: 1e0.348 CreateTime: 0x1c569662cea7570 2005-06-05 00:33:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAE000(207000) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F07008 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1C607C Contents: FF1C70FC:FF1F507C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1C608C(289808c) PostBlockList: 0xFF1C61E4:FF1C61E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7BB8000 Stack Limit: 0xF7BB5000 Kernel Stack: 0xF7BB7C48(Paged< 0:983000> NA NA Paged< 0:983000> NA NA ) Resident: 0 User stack base: 0x00B60000(Paged< 0:d7f000> 19c5000 7a9c000 231d000 67e000 21bf000 7540000 ac1000 5d62000 ) User stack Limit: 0x00B57000 THREAD: 0xFF1C70A0 (0x5970a0) Cid: 1e0.350 CreateTime: 0x1c569662d2db1b0 2005-06-05 00:33:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAC000(2918000) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1C70FC Contents: FF1D007C:FF1C607C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1CD128(1914128) PostBlockList: 0xE133D7B0:E1E39510 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x778321FE c:\winnt\system32\rtutils.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7C67000 Stack Limit: 0xF7C64000 Kernel Stack: 0xF7C66930(Paged< 0:982000> NA NA Paged< 0:982000> NA NA ) Resident: 0 User stack base: 0x00BE0000(19a7000 ) User stack Limit: 0x00BDF000 THREAD: 0xFF1D0020 (0x940020) Cid: 1e0.2f0 CreateTime: 0x1c56966365be010 2005-06-05 00:33:36Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA9000(73a5000) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1D007C Contents: FF19375C:FF1C70FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1D008C(94008c) PostBlockList: 0xFF1D01E4:FF1D01E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x761D1FD3 c:\winnt\system32\ntmssvc.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7D07000 Stack Limit: 0xF7D04000 Kernel Stack: 0xF7D06CA0(Paged< 0:98d000> NA NA Paged< 0:98d000> NA NA ) Resident: 0 User stack base: 0x011D0000(6d27000 ) User stack Limit: 0x011CF000 THREAD: 0xFF193700 (0x206b700) Cid: 1e0.3e8 CreateTime: 0x1c5696642ee00f0 2005-06-05 00:33:58Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA8000(2ec1000) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EE6228 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF19375C Contents: FF1FB63C:FF1D007C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF19376C(206b76c) PostBlockList: 0xFF1938C4:FF1938C4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF80B3000 Stack Limit: 0xF80B0000 Kernel Stack: 0xF80B2C20(Paged< 0:98c000> NA NA Paged< 0:98c000> NA NA ) Resident: 0 User stack base: 0x01470000(2eeb000 2f55000 ) User stack Limit: 0x0146E000 THREAD: 0xFF1FB5E0 (0xd8d5e0) Cid: 1e0.33c CreateTime: 0x1c5699d2c01bf80 2005-06-05 07:07:01Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD8000(697d000) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1FB63C Contents: FF1ECDFC:FF19375C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1FB64C(d8d64c) PostBlockList: 0xFF1FB7A4:FF1FB7A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7AD3000 Stack Limit: 0xF7AD0000 Kernel Stack: 0xF7AD2C48(Paged< 0:98b000> NA NA Paged< 0:98b000> NA NA ) Resident: 0 User stack base: 0x01780000(5782000 5703000 ) User stack Limit: 0x0177E000 THREAD: 0xFF1ECDA0 (0x817da0) Cid: 1e0.468 CreateTime: 0x1c5699e3326c10 2005-06-05 07:13:02Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAD000(2203000) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1ECDFC Contents: FF0F8D3C:FF1FB63C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1ECE0C(817e0c) PostBlockList: 0xFF1ECF64:FF1ECF64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF77EB000 Stack Limit: 0xF77E8000 Kernel Stack: 0xF77EAC48(Paged< 0:98a000> NA NA Paged< 0:98a000> NA NA ) Resident: 0 User stack base: 0x01800000(50a4000 ) User stack Limit: 0x017FF000 + 21c regsvc.exe Source: from_active_process_list Eprocess Block: 0xFF24B300 (0x66ea2e4) CreateTime: 0x1c569661b5337e0 2005-06-05 00:32:51Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x67b5000 Process Environment Block: 0x7FFDF000 (66cb000) Loader module block: 0x00071E90 (66cb00c) Command Line: C:\WINNT\system32\regsvc.exe Section: 0xE1E82550 (0x6611550) Section Base Address: 0x01000000 (6a53000) SectionBasedAddress: 0x08BE5C28 ) SizeOfSegment: 0x14000 SectionFileName: \WINNT\system32\regsvc.exe 0xe1e82388 (0x6611388) Handle Table: 0xFF24F8A8 (0x67438a8) Count: 30 TableCode: 0xE1E8B000 Process exiting: 0 VAD Root: 0xFF24CF48(65cbf48) Private: 73 Modified: 0 Locked: 0 AccessToken: 0xE1E89910(663c910) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,6ca6} ParentToken ID: {0,0} Modified ID: {0,6319} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled 0x01000000 0x01014000 (6a53000) regsvc.exe C:\WINNT\system32\regsvc.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00071F10 FullDllName physical address: 682f57c BaseDllName physical address: 6894f10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F80 BaseDllName address: 0x00071FA4 FullDllName physical address: 6894f80 BaseDllName physical address: 6894fa4 0x77DB0000 0x77E0A000 (3210000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072420 BaseDllName address: 0x000723F8 FullDllName physical address: 67d5420 BaseDllName physical address: 67d53f8 0x77E80000 0x77F35000 (3234000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724E0 BaseDllName address: 0x000724B8 FullDllName physical address: 67d54e0 BaseDllName physical address: 67d54b8 0x77D40000 0x77DB0000 (32dd000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072598 BaseDllName address: 0x00072578 FullDllName physical address: 67d5598 BaseDllName physical address: 67d5578 0x77BE0000 0x77BEF000 (4fda000) secur32.dll C:\WINNT\system32\secur32.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00077B68 BaseDllName address: 0x00077B48 FullDllName physical address: 6aa2b68 BaseDllName physical address: 6aa2b48 Thread List Head: 0xFF24B350 THREAD: 0xFF24A020 (0x6869020) Cid: 21c.218 CreateTime: 0x1c569661b5337e0 2005-06-05 00:32:51Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(6790000) ThreadsProcess: 0xFF24B300 regsvc.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF24A07C Contents: FF22F07C:FF24E81C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF24A08C(686908c) PostBlockList: 0xFF24A1E4:FF24A1E4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x01002E80 C:\WINNT\system32\regsvc.exe Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FF1000 Stack Limit: 0xF7FEE000 Kernel Stack: 0xF7FF0BFC(Paged< 0:86a000> NA NA Paged< 0:86a000> NA NA ) Resident: 0 User stack base: 0x00070000(66f1000 6957000 ) User stack Limit: 0x0006E000 THREAD: 0xFF244DA0 (0x6a77da0) Cid: 21c.224 CreateTime: 0x1c569661b841de0 2005-06-05 00:32:51Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(6a63000) ThreadsProcess: 0xFF24B300 regsvc.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF244DFC Contents: FF23731C:FF2729DC Queue List: 0xFF25C120:FF25C120 WaitBlockList: 0xFF244E0C(6a77e0c) PostBlockList: 0xFF244F64:FF244F64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FE9000 Stack Limit: 0xF7FE6000 Kernel Stack: 0xF7FE8C90(2c64000 NA NA 2c64000 NA NA ) Resident: 0 User stack base: 0x006D0000(696a000 ) User stack Limit: 0x006CF000 + 228 MSTask.exe Source: from_active_process_list Eprocess Block: 0xFF244020 (0x6a77004) CreateTime: 0x1c569661b841de0 2005-06-05 00:32:51Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x6955000 Process Environment Block: 0x7FFDF000 (69de000) Loader module block: 0x00071E90 (69de00c) Command Line: Section: 0xE1E90A90 (0x692aa90) Section Base Address: 0x01000000 () SectionBasedAddress: 0x08DB7C30 ) SizeOfSegment: 0x1e000 SectionFileName: \WINNT\system32\MSTask.exe 0xe12d3f68 (0x1945f68) Handle Table: 0xFF24DEE8 (0x6704ee8) Count: 138 TableCode: 0xE1E92000 Process exiting: 0 VAD Root: 0xFF250408(6797408) Private: 220 Modified: 93 Locked: 1 AccessToken: 0xE1E91030(68f2030) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,6ea1} ParentToken ID: {0,0} Modified ID: {0,6319} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled Thread List Head: 0xFF244070 THREAD: 0xFF2446E0 (0x6a776e0) Cid: 228.188 CreateTime: 0x1c569661b841de0 2005-06-05 00:32:51Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(0) ThreadsProcess: 0xFF244020 MSTask.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E97D08 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF24473C Contents: FF23A6FC:FF1EF07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF24474C(6a7774c) PostBlockList: 0xFF2448A4:FF2448A4 Queue: 0x00000000 Start Address: 0x77E99264 Win32 Start Address: 0x01002F10 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8093000 Stack Limit: 0xF8090000 Kernel Stack: 0xF8092BFC(Paged< 0:902000> NA NA Paged< 0:902000> NA NA ) Resident: 0 THREAD: 0xFF24D380 (0x6704380) Cid: 228.20c CreateTime: 0x1c569661bfcd5b0 2005-06-05 00:32:52Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(0) ThreadsProcess: 0xFF244020 MSTask.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EA4EA8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF24D3DC Contents: FCD30C1C:FF23911C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1D6F88(58a0f88) PostBlockList: 0xE12F2850:E1EA6F90 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x77DC5AB7 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8073000 Stack Limit: 0xF8070000 Kernel Stack: 0xF8072930(Paged< 0:8ff000> NA NA Paged< 0:8ff000> NA NA ) Resident: 0 THREAD: 0xFF23A6A0 (0x6d9e6a0) Cid: 228.23c CreateTime: 0x1c569661c123a50 2005-06-05 00:32:52Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(0) ThreadsProcess: 0xFF244020 MSTask.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF23A6FC Contents: FF23911C:FF24473C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF23A70C(6d9e70c) PostBlockList: 0xFF23A864:FF23A864 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x77D52BA1 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8127000 Stack Limit: 0xF8124000 Kernel Stack: 0xF8126C48(Paged< 0:901000> NA NA Paged< 0:901000> NA NA ) Resident: 0 THREAD: 0xFF2390C0 (0x6e890c0) Cid: 228.240 CreateTime: 0x1c569661c1548b0 2005-06-05 00:32:52Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(6c78000) ThreadsProcess: 0xFF244020 MSTask.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF23911C Contents: FF24D3DC:FF23A6FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF242C88(697fc88) PostBlockList: 0xFF239284:FF239284 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x778321FE Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FD5000 Stack Limit: 0xF7FD2000 Kernel Stack: 0xF7FD4930(Paged< 0:900000> NA NA Paged< 0:900000> NA NA ) Resident: 0 User stack base: 0x00C10000(6e43000 ) User stack Limit: 0x00C0F000 THREAD: 0xFF2372C0 (0x6cca2c0) Cid: 228.244 CreateTime: 0x1c569661c185710 2005-06-05 00:32:52Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(6c0d000) ThreadsProcess: 0xFF244020 MSTask.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF23731C Contents: FF1C391C:FF244DFC Queue List: 0xFF241E80:FF241E80 WaitBlockList: 0xFF23732C(6cca32c) PostBlockList: 0xFF237484:FF237484 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x77D52BA1 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FD1000 Stack Limit: 0xF7FCE000 Kernel Stack: 0xF7FD0C90(1ea0000 NA NA 1ea0000 NA NA ) Resident: 0 User stack base: 0x00C60000(6d4f000 ) User stack Limit: 0x00C5F000 THREAD: 0xFF23A2A0 (0x6d9e2a0) Cid: 228.248 CreateTime: 0x1c569661c185710 2005-06-05 00:32:52Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(7016000) ThreadsProcess: 0xFF244020 MSTask.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EAA708 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF23A2FC Contents: FCDFEDFC:FF1C7DFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF23A30C(6d9e30c) PostBlockList: 0xFF23A464:FF23A464 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x01002939 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF0680000 Stack Limit: 0xF067D000 Kernel Stack: 0xF067FC20(6d7a000 NA NA 6d7a000 NA NA ) Resident: 0 User stack base: 0x00CA0000(6e77000 ) User stack Limit: 0x00C9F000 + 264 VsStat.exe Source: from_active_process_list Eprocess Block: 0xFF231120 (0x6f2d104) CreateTime: 0x1c569661cee4550 2005-06-05 00:32:54Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x739d000 Process Environment Block: 0x7FFDF000 (757e000) Loader module block: 0x00131E90 (757e00c) Command Line: Section: 0xE12D0FD0 (0x193dfd0) Section Base Address: 0x00400000 () SectionBasedAddress: 0x08F01C20 ) SizeOfSegment: 0x17000 SectionFileName: \Program Files\McAfee\McAfee VirusScan\VsStat.exe 0xe1e26b88 (0x546db88) Handle Table: 0xFF23EC28 (0x6b46c28) Count: 64 TableCode: 0xE1EB0000 Process exiting: 0 VAD Root: 0xFF2313C8(6f2d3c8) Private: 246 Modified: 57 Locked: 0 AccessToken: 0xE1EAD130(6f37130) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,746f} ParentToken ID: {0,0} Modified ID: {0,4742} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Thread List Head: 0xFF231170 THREAD: 0xFF231AC0 (0x6f2dac0) Cid: 264.260 CreateTime: 0x1c569661cee4550 2005-06-05 00:32:54Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(7623000) ThreadsProcess: 0xFF231120 VsStat.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EB4EA8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF231B1C Contents: FF27BD3C:FF18C5BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF231B2C(6f2db2c) PostBlockList: 0xE1DDE7F0:E1DDE7F0 Queue: 0x00000000 Start Address: 0x77E99264 Win32 Start Address: 0x0040AC9F Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7F62000 Stack Limit: 0xF7F5E000 Kernel Stack: 0xF7F61C20(Paged< 0:a33000> NA NA NA Paged< 0:a33000> NA NA NA ) Resident: 0 User stack base: 0x00130000(Paged< 0:16cc000> 750f000 737c000 74ab000 74cc000 ) User stack Limit: 0x0012B000 THREAD: 0xFF22F020 (0x7784020) Cid: 264.268 CreateTime: 0x1c569661cfa7ed0 2005-06-05 00:32:54Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(7781000) ThreadsProcess: 0xFF231120 VsStat.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF22F07C Contents: FF20607C:FF24A07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF22F08C(778408c) PostBlockList: 0xFF22F1E4:FF22F1E4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x11201ED0 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FC1000 Stack Limit: 0xF7FBE000 Kernel Stack: 0xF7FC0930(Paged< 0:869000> NA NA Paged< 0:869000> NA NA ) Resident: 0 User stack base: 0x01150000(75e6000 ) User stack Limit: 0x0114F000 + 274 Avconsol.exe Source: from_active_process_list Eprocess Block: 0xFF22F780 (0x7784764) CreateTime: 0x1c569661d116aa0 2005-06-05 00:32:54Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x76b2000 Process Environment Block: 0x7FFDF000 (79a9000) Loader module block: 0x00131E90 (79a900c) Command Line: Section: 0xE12E1E10 (0x1971e10) Section Base Address: 0x00400000 (7551000) SectionBasedAddress: 0x08F25428 ) SizeOfSegment: 0x2c000 SectionFileName: \Program Files\McAfee\McAfee VirusScan\Avconsol.exe 0xe1372f08 (0x2799f08) Handle Table: 0xFF22FEA8 (0x7784ea8) Count: 70 TableCode: 0xE1EBB000 Process exiting: 0 VAD Root: 0xFF22DF08(7b03f08) Private: 428 Modified: 148 Locked: 0 AccessToken: 0xE1E5C030(5a9b030) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,760a} ParentToken ID: {0,0} Modified ID: {0,4742} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Thread List Head: 0xFF22F7D0 THREAD: 0xFF22F400 (0x7784400) Cid: 274.270 CreateTime: 0x1c569661d116aa0 2005-06-05 00:32:54Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(75ee000) ThreadsProcess: 0xFF22F780 Avconsol.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E4C8E8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF22F45C Contents: FF29455C:FF1665BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF22F46C(778446c) PostBlockList: 0xE131FAD0:E131FAD0 Queue: 0x00000000 Start Address: 0x77E99264 Win32 Start Address: 0x00416CA4 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7F32000 Stack Limit: 0xF7F2E000 Kernel Stack: 0xF7F31C20(3ba5000 NA NA NA 3ba5000 NA NA NA ) Resident: 0 User stack base: 0x00130000(778f000 781a000 da5000 d66000 287000 2c8000 ) User stack Limit: 0x0012A000 THREAD: 0xFF206020 (0xdaa020) Cid: 274.2ac CreateTime: 0x1c569661e9d3030 2005-06-05 00:32:57Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(dc5000) ThreadsProcess: 0xFF22F780 Avconsol.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F0F008 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF20607C Contents: FF17345C:FF22F07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF20608C(daa08c) PostBlockList: 0xFF2061E4:FF2061E4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x11201ED0 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7B98000 Stack Limit: 0xF7B95000 Kernel Stack: 0xF7B97930(Paged< 0:868000> NA NA Paged< 0:868000> NA NA ) Resident: 0 User stack base: 0x01460000(d86000 22fa000 ) User stack Limit: 0x0145E000 + 2a0 WinMgmt.exe Source: from_active_process_list Eprocess Block: 0xFF1F5D60 (0x17dd44) CreateTime: 0x1c569661ff996f0 2005-06-05 00:32:59Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x1a24000 Process Environment Block: 0x7FFDF000 (2314000) Loader module block: 0x00131E90 (231400c) Command Line: Section: 0x00000000 (0x0) Section Base Address: 0x00400000 () SectionBasedAddress: 0x00000000 ) SizeOfSegment: 0x0 SectionFileName: Handle Table: 0xFF1F62E8 (0x35c2e8) Count: 89 TableCode: 0xE1BD8000 Process exiting: 0 VAD Root: 0xFF2459A8(69149a8) Private: 154 Modified: 1792 Locked: 0 AccessToken: 0xE1BD7C30(1b14c30) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,8afa} ParentToken ID: {0,0} Modified ID: {0,6319} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled Thread List Head: 0xFF1F5DB0 THREAD: 0xFF1F5AE0 (0x17dae0) Cid: 2a0.2bc CreateTime: 0x1c569661ff996f0 2005-06-05 00:32:59Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(0) ThreadsProcess: 0xFF1F5D60 WinMgmt.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F32968 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF1F5B3C Contents: FF1F9AFC:FF29507C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1F5B4C(17db4c) PostBlockList: 0xFF1F5CA4:FF1F5CA4 Queue: 0x00000000 Start Address: 0x77E99264 Win32 Start Address: 0x0041EFB6 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7ED2000 Stack Limit: 0xF7ECF000 Kernel Stack: 0xF7ED1BFC(Paged< 0:8bd000> NA NA Paged< 0:8bd000> NA NA ) Resident: 0 THREAD: 0xFF1EF020 (0x6e9020) Cid: 2a0.2c8 CreateTime: 0x1c56966200757a0 2005-06-05 00:32:59Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(1abc000) ThreadsProcess: 0xFF1F5D60 WinMgmt.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1BDAEA8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1EF07C Contents: FF24473C:FF1F9AFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27AA68(5cdea68) PostBlockList: 0xE1334690:E1317470 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x77DC5AB7 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7DCB000 Stack Limit: 0xF7DC8000 Kernel Stack: 0xF7DCA930(Paged< 0:8fe000> NA NA Paged< 0:8fe000> NA NA ) Resident: 0 User stack base: 0x00970000(291d000 Paged< 0:8f1000> ) User stack Limit: 0x0096E000 THREAD: 0xFF1F9AA0 (0xe90aa0) Cid: 2a0.3ac CreateTime: 0x1c5696b4401b630 2005-06-05 01:09:47Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(0) ThreadsProcess: 0xFF1F5D60 WinMgmt.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1F9AFC Contents: FF1EF07C:FF1F5B3C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1F9B0C(e90b0c) PostBlockList: 0xFF1F9C64:FF1F9C64 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x77D52BA1 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF78B7000 Stack Limit: 0xF78B4000 Kernel Stack: 0xF78B6C48(Paged< 0:8bf000> NA NA Paged< 0:8bf000> NA NA ) Resident: 0 + 334 Explorer.Exe Source: from_active_process_list Eprocess Block: 0xFF1BAAE0 (0x3e35ac4) CreateTime: 0x1c569663ffe30b0 2005-06-05 00:33:53Z SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x3ca1000 Process Environment Block: 0x7FFDF000 (454c000) Loader module block: 0x00071E90 (454c00c) Command Line: Explorer.Exe Section: 0xE1BF7EF0 (0x2ab5ef0) Section Base Address: 0x00400000 (67a0000) SectionBasedAddress: 0x08F06438 ) SizeOfSegment: 0x3e000 SectionFileName: \WINNT\Explorer.Exe 0xe1bf7f88 (0x2ab5f88) Handle Table: 0xFF1DA908 (0x6e63908) Count: 286 TableCode: 0xE1ECD000 Process exiting: 0 VAD Root: 0xFF27B5A8(5cf05a8) Private: 1334 Modified: 2253 Locked: 0 AccessToken: 0xE1EBA6F0(64ab6f0) SecurityDescriptor: 0xE1EB2778(9a4778) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,c615} ParentToken ID: {0,0} Modified ID: {0,11d67} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x0043E000 (67a0000) Explorer.Exe C:\WINNT\Explorer.Exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00020568 BaseDllName address: 0x00071F10 FullDllName physical address: 630568 BaseDllName physical address: 74b5f10 0x77F80000 0x77FFA000 (1) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F88 BaseDllName address: 0x00071FAC FullDllName physical address: 74b5f88 BaseDllName physical address: 74b5fac 0x77DB0000 0x77E0A000 (1) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072428 BaseDllName address: 0x00072400 FullDllName physical address: efc428 BaseDllName physical address: efc400 0x77E80000 0x77F35000 (1) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724E8 BaseDllName address: 0x000724C0 FullDllName physical address: efc4e8 BaseDllName physical address: efc4c0 0x77D40000 0x77DB0000 (1) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000725A0 BaseDllName address: 0x00072580 FullDllName physical address: efc5a0 BaseDllName physical address: efc580 0x77F40000 0x77F7C000 (1) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072658 BaseDllName address: 0x00072638 FullDllName physical address: efc658 BaseDllName physical address: efc638 0x77E10000 0x77E74000 (1) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072708 BaseDllName address: 0x000726E8 FullDllName physical address: efc708 BaseDllName physical address: efc6e8 0x77C70000 0x77CBA000 (1) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000727C0 BaseDllName address: 0x000727A0 FullDllName physical address: efc7c0 BaseDllName physical address: efc7a0 0x77B50000 0x77BD9000 (1) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072880 BaseDllName address: 0x00072858 FullDllName physical address: efc880 BaseDllName physical address: efc858 0x69800000 0x69A42000 (328f000) SHELL32.dll C:\WINNT\system32\SHELL32.dll Flags: 0x84004 LoadCount: 0x28 TlsIndex: 0 FullDllName virtual address: 0x00074DA8 BaseDllName address: 0x00072918 FullDllName physical address: 8dbda8 BaseDllName physical address: efc918 0x77A50000 0x77B45000 (1) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84004 LoadCount: 0x33 TlsIndex: 0 FullDllName virtual address: 0x00077580 BaseDllName address: 0x00077560 FullDllName physical address: 533c580 BaseDllName physical address: 533c560 0x691D0000 0x69255000 (1) CLBCATQ.DLL C:\WINNT\System32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00077DE8 BaseDllName address: 0x00077A30 FullDllName physical address: 533cde8 BaseDllName physical address: 533ca30 0x779B0000 0x77A45000 (1) OLEAUT32.dll C:\WINNT\system32\OLEAUT32.dll Flags: 0x84006 LoadCount: 0xc TlsIndex: 0 FullDllName virtual address: 0x000780A0 BaseDllName address: 0x0007F978 FullDllName physical address: 71440a0 BaseDllName physical address: 6ad978 0x78000000 0x78046000 (335c000) MSVCRT.dll C:\WINNT\system32\MSVCRT.dll Flags: 0x84006 LoadCount: 0x3b TlsIndex: 0 FullDllName virtual address: 0x00078158 BaseDllName address: 0x00078138 FullDllName physical address: 7144158 BaseDllName physical address: 7144138 0x77840000 0x7787C000 (3ef7000) cscui.dll C:\WINNT\System32\cscui.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00089860 BaseDllName address: 0x00089840 FullDllName physical address: 225e860 BaseDllName physical address: 225e840 0x770C0000 0x770E3000 (43a7000) CSCDLL.DLL C:\WINNT\System32\CSCDLL.DLL Flags: 0x84006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00089A00 BaseDllName address: 0x000899E0 FullDllName physical address: 225ea00 BaseDllName physical address: 225e9e0 0x76C80000 0x76D90000 (1) SHDOCVW.DLL C:\WINNT\System32\SHDOCVW.DLL Flags: 0xc4004 LoadCount: 0xc TlsIndex: 0 FullDllName virtual address: 0x00083E10 BaseDllName address: 0x00083E88 FullDllName physical address: 21de10 BaseDllName physical address: 21de88 0x76E10000 0x76ED7000 (1) browseui.dll C:\WINNT\System32\browseui.dll Flags: 0xc4004 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x0008D210 BaseDllName address: 0x0008D258 FullDllName physical address: 2b7f210 BaseDllName physical address: 2b7f258 0x77C10000 0x77C6D000 (1) USERENV.DLL C:\WINNT\System32\USERENV.DLL Flags: 0xc4004 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x000939C0 BaseDllName address: 0x00092C38 FullDllName physical address: bfb9c0 BaseDllName physical address: 3e6fc38 0x1A400000 0x1A471000 (1) URLMON.DLL C:\WINNT\system32\URLMON.DLL Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00099C38 BaseDllName address: 0x00099A30 FullDllName physical address: 15b8c38 BaseDllName physical address: 15b8a30 0x77820000 0x77827000 (1) VERSION.DLL C:\WINNT\system32\VERSION.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00099C80 BaseDllName address: 0x000999E8 FullDllName physical address: 15b8c80 BaseDllName physical address: 15b89e8 0x759B0000 0x759B6000 (1) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00090BF0 BaseDllName address: 0x00099D18 FullDllName physical address: 5d5abf0 BaseDllName physical address: 15b8d18 0x75D50000 0x75DD2000 (1) mlang.dll C:\WINNT\System32\mlang.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0008FEE0 BaseDllName address: 0x000AFFC8 FullDllName physical address: 733bee0 BaseDllName physical address: 31b1fc8 0x75AF0000 0x75D30000 (1) mshtml.dll C:\WINNT\System32\mshtml.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A1E88 BaseDllName address: 0x0008CF58 FullDllName physical address: 1c61e88 BaseDllName physical address: 2afff58 0x76C00000 0x76C74000 (1) WININET.DLL C:\WINNT\system32\WININET.DLL Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0008D0A8 BaseDllName address: 0x000923D8 FullDllName physical address: 2b7f0a8 BaseDllName physical address: 3e6f3d8 0x774E0000 0x77512000 (1) RASAPI32.DLL C:\WINNT\System32\RASAPI32.DLL Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000B2468 BaseDllName address: 0x000ACD30 FullDllName physical address: 1f80468 BaseDllName physical address: 1e6bd30 0x774C0000 0x774D1000 (1) RASMAN.DLL C:\WINNT\System32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000B24C8 BaseDllName address: 0x000ACD10 FullDllName physical address: 1f804c8 BaseDllName physical address: 1e6bd10 0x75030000 0x75044000 (1) WS2_32.DLL C:\WINNT\System32\WS2_32.DLL Flags: 0x84006 LoadCount: 0xf TlsIndex: 0 FullDllName virtual address: 0x000B2580 BaseDllName address: 0x000B2560 FullDllName physical address: 1f80580 BaseDllName physical address: 1f80560 0x75020000 0x75028000 (1) WS2HELP.DLL C:\WINNT\System32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x000B2638 BaseDllName address: 0x000B2618 FullDllName physical address: 1f80638 BaseDllName physical address: 1f80618 0x77530000 0x77552000 (1) TAPI32.DLL C:\WINNT\System32\TAPI32.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x000B26F0 BaseDllName address: 0x000B26D0 FullDllName physical address: 1f806f0 BaseDllName physical address: 1f806d0 0x77830000 0x7783E000 (1) RTUTILS.DLL C:\WINNT\System32\RTUTILS.DLL Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000B2CF0 BaseDllName address: 0x000B2CD0 FullDllName physical address: 1f80cf0 BaseDllName physical address: 1f80cd0 0x75AB0000 0x75AB5000 (1) sensapi.dll C:\WINNT\System32\sensapi.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000AD438 BaseDllName address: 0x000B2788 FullDllName physical address: 206d438 BaseDllName physical address: 1f80788 0x75170000 0x751BF000 (1) netapi32.dll C:\WINNT\System32\netapi32.dll Flags: 0xc4004 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x000ADA68 BaseDllName address: 0x000AD480 FullDllName physical address: 206da68 BaseDllName physical address: 206d480 0x77BE0000 0x77BEF000 (1) SECUR32.DLL C:\WINNT\System32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x000ADAF0 BaseDllName address: 0x000AD528 FullDllName physical address: 206daf0 BaseDllName physical address: 206d528 0x751C0000 0x751C6000 (1) NETRAP.DLL C:\WINNT\System32\NETRAP.DLL Flags: 0x4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x000ADB88 BaseDllName address: 0x000AD880 FullDllName physical address: 206db88 BaseDllName physical address: 206d880 0x75150000 0x7515F000 (1) SAMLIB.DLL C:\WINNT\System32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x000ADC40 BaseDllName address: 0x000ADC20 FullDllName physical address: 206dc40 BaseDllName physical address: 206dc20 0x77950000 0x77979000 (1) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x000ADD10 BaseDllName address: 0x000ADCF0 FullDllName physical address: 206dd10 BaseDllName physical address: 206dcf0 0x77980000 0x779A4000 (1) DNSAPI.DLL C:\WINNT\System32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x000ADDC8 BaseDllName address: 0x000ADDA8 FullDllName physical address: 206ddc8 BaseDllName physical address: 206dda8 0x75050000 0x75058000 (1) WSOCK32.DLL C:\WINNT\System32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x000ADE80 BaseDllName address: 0x000ADE60 FullDllName physical address: 206de80 BaseDllName physical address: 206de60 0x6E3D0000 0x6E413000 (1) INETCFG.DLL C:\WINNT\System32\INETCFG.DLL Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B5368 BaseDllName address: 0x000AE9A8 FullDllName physical address: 2091368 BaseDllName physical address: 226d9a8 0x76B30000 0x76B6E000 (1) comdlg32.dll C:\WINNT\system32\comdlg32.dll Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000B53B0 BaseDllName address: 0x000B5108 FullDllName physical address: 20913b0 BaseDllName physical address: 2091108 0x75090000 0x750A0000 (1) MPR.dll C:\WINNT\system32\MPR.dll Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000B5180 BaseDllName address: 0x000B96F0 FullDllName physical address: 2091180 BaseDllName physical address: 209f6f0 0x6EA10000 0x6EA15000 (1) ICFGNT5.DLL C:\WINNT\System32\ICFGNT5.DLL Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BAD98 BaseDllName address: 0x000BAB18 FullDllName physical address: 20c1d98 BaseDllName physical address: 20c1b18 0x77880000 0x7790D000 (1) SETUPAPI.dll C:\WINNT\System32\SETUPAPI.dll Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x000BAE30 BaseDllName address: 0x000B5130 FullDllName physical address: 20c1e30 BaseDllName physical address: 2091130 0x76DF0000 0x76E01000 (1) mydocs.dll C:\WINNT\System32\mydocs.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000D3210 BaseDllName address: 0x000D31F0 FullDllName physical address: 237d210 BaseDllName physical address: 237d1f0 0x76FA0000 0x76FAF000 (1) ntshrui.dll C:\WINNT\System32\ntshrui.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000BD468 BaseDllName address: 0x000D3278 FullDllName physical address: 22f4468 BaseDllName physical address: 237d278 0x773E0000 0x773F2000 (1) ATL.DLL C:\WINNT\System32\ATL.DLL Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000BD688 BaseDllName address: 0x000BAFC0 FullDllName physical address: 22f4688 BaseDllName physical address: 20c1fc0 0x76D90000 0x76DE3000 (1) shdoclc.dll C:\WINNT\System32\shdoclc.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BE008 BaseDllName address: 0x000BD448 FullDllName physical address: 25bc008 BaseDllName physical address: 22f4448 0x76F20000 0x76F95000 (2787000) NETSHELL.dll C:\WINNT\system32\NETSHELL.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C05B0 BaseDllName address: 0x000BD190 FullDllName physical address: 27255b0 BaseDllName physical address: 22f4190 0x76680000 0x766C1000 (1abf000) webcheck.dll C:\WINNT\System32\webcheck.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BBCB8 BaseDllName address: 0x000BBD00 FullDllName physical address: 22f3cb8 BaseDllName physical address: 22f3d00 0x75DE0000 0x75E57000 (1) jscript.dll C:\WINNT\System32\jscript.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BBD80 BaseDllName address: 0x000BBDC8 FullDllName physical address: 22f3d80 BaseDllName physical address: 22f3dc8 0x766D0000 0x766E8000 (1) stobject.dll C:\WINNT\System32\stobject.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000BBFF8 BaseDllName address: 0x000BBFD0 FullDllName physical address: 22d5000 BaseDllName physical address: 22f3fd0 0x76740000 0x76748000 (1) BATMETER.DLL C:\WINNT\System32\BATMETER.DLL Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000BC0B8 BaseDllName address: 0x000BC090 FullDllName physical address: 22d50b8 BaseDllName physical address: 22d5090 0x766F0000 0x766F7000 (1) POWRPROF.DLL C:\WINNT\System32\POWRPROF.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x000BC178 BaseDllName address: 0x000BC150 FullDllName physical address: 22d5178 BaseDllName physical address: 22d5150 0x77570000 0x775A0000 (1) WINMM.DLL C:\WINNT\System32\WINMM.DLL Flags: 0xc4006 LoadCount: 0xa TlsIndex: 0 FullDllName virtual address: 0x000B6248 BaseDllName address: 0x000BC210 FullDllName physical address: 2092248 BaseDllName physical address: 22d5210 0x770F0000 0x772AE000 (1) MSI.DLL C:\WINNT\System32\MSI.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BC2D0 BaseDllName address: 0x000BB870 FullDllName physical address: 22d52d0 BaseDllName physical address: 22f3870 0x75160000 0x7516C000 (1) ntlanman.dll C:\WINNT\System32\ntlanman.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000996C8 BaseDllName address: 0x000AFD10 FullDllName physical address: 15b86c8 BaseDllName physical address: 31b1d10 0x75210000 0x75225000 (1) NETUI0.DLL C:\WINNT\System32\NETUI0.DLL Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00099710 BaseDllName address: 0x00095720 FullDllName physical address: 15b8710 BaseDllName physical address: 2218720 0x751D0000 0x75208000 (1) NETUI1.DLL C:\WINNT\System32\NETUI1.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00099758 BaseDllName address: 0x000BC8A0 FullDllName physical address: 15b8758 BaseDllName physical address: 22d58a0 0x75AC0000 0x75AE8000 (1) MSLS31.DLL C:\WINNT\System32\MSLS31.DLL Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BD008 BaseDllName address: 0x0008F740 FullDllName physical address: 22f4008 BaseDllName physical address: 733b740 0x75E60000 0x75E7A000 (1) IMM32.DLL C:\WINNT\System32\IMM32.DLL Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000CEB80 BaseDllName address: 0x00093DB0 FullDllName physical address: 2bfdb80 BaseDllName physical address: bfbdb0 0x77560000 0x77569000 (1) wdmaud.drv C:\WINNT\System32\wdmaud.drv Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0009C078 BaseDllName address: 0x0009AFF8 FullDllName physical address: 1bf5078 BaseDllName physical address: 1c16000 0x77400000 0x77408000 (1) msacm32.drv C:\WINNT\System32\msacm32.drv Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000C01A8 BaseDllName address: 0x0009CDC0 FullDllName physical address: 27251a8 BaseDllName physical address: 1bf5dc0 0x77410000 0x77423000 (1) MSACM32.dll C:\WINNT\System32\MSACM32.dll Flags: 0x84006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000D9A30 BaseDllName address: 0x0008FEC0 FullDllName physical address: 2f6ba30 BaseDllName physical address: 733bec0 0x76710000 0x76719000 (1) LINKINFO.DLL C:\WINNT\System32\LINKINFO.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0008FE78 BaseDllName address: 0x000BF8A8 FullDllName physical address: 733be78 BaseDllName physical address: 25be8a8 0x76290000 0x762CD000 (1) es.dll C:\WINNT\System32\es.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B5FF8 BaseDllName address: 0x0009C1C0 FullDllName physical address: 2092000 BaseDllName physical address: 1bf51c0 0x76120000 0x76178000 (1) TXFAUX.DLL C:\WINNT\System32\TXFAUX.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BFB60 BaseDllName address: 0x000E1880 FullDllName physical address: 25beb60 BaseDllName physical address: 2d77880 0x6E490000 0x6E49A000 (1) imgutil.dll C:\WINNT\System32\imgutil.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000E1C10 BaseDllName address: 0x000E6FC0 FullDllName physical address: 2d77c10 BaseDllName physical address: 70eefc0 0x69190000 0x6919E000 (1) pngfilt.dll C:\WINNT\System32\pngfilt.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BF668 BaseDllName address: 0x000E1860 FullDllName physical address: 25be668 BaseDllName physical address: 2d77860 0x10000000 0x1000A000 (1) WMHook.dll C:\PROGRA~1\Sony\JOGDIA~1\WMHook.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000D99D8 BaseDllName address: 0x00097828 FullDllName physical address: 2f6b9d8 BaseDllName physical address: 74ed828 0x01DD0000 0x01DDC000 (1) EzAuto.dll C:\Program Files\Apoint\EzAuto.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B4960 BaseDllName address: 0x000B5F78 FullDllName physical address: 2090960 BaseDllName physical address: 2091f78 0x770B0000 0x770B7000 (1) CfgMgr32.dll C:\WINNT\System32\CfgMgr32.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BD920 BaseDllName address: 0x000B6EE0 FullDllName physical address: 22f4920 BaseDllName physical address: 2092ee0 0x020F0000 0x0210A000 (1) Apoint.DLL C:\Program Files\Apoint\Apoint.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000DA880 BaseDllName address: 0x000DA8D0 FullDllName physical address: 3042880 BaseDllName physical address: 30428d0 0x02110000 0x0211A000 (1) Vxdif.dll C:\WINNT\System32\Vxdif.dll Flags: 0x284006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B5FB8 BaseDllName address: 0x0008F388 FullDllName physical address: 2091fb8 BaseDllName physical address: 733b388 Thread List Head: 0xFF1BAB30 THREAD: 0xFF1BA860 (0x3e35860) Cid: 334.330 CreateTime: 0x1c569663ffe30b0 2005-06-05 00:33:53Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(6d1000) ThreadsProcess: 0xFF1BAAE0 Explorer.Exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EBA408 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF1BA8BC Contents: FCDFD23C:8047F6F8 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1BA8CC(3e358cc) PostBlockList: 0xE1EE38F0:E1ED3DF0 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x004015A8 C:\WINNT\Explorer.Exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7D9B000 Stack Limit: 0xF7D97000 Kernel Stack: 0xF7D9ACC8(762000 NA NA NA 762000 NA NA NA ) Resident: 1 User stack base: 0x00070000(812000 f19000 78d000 Paged< 0:19c5000> Paged< 0:19c6000> Paged< 0:19c7000> Paged< 0:19cc000> Paged< 0:19cd000> Paged< 0:449000> Paged< 0:44c000> Paged< 0:44d000> Paged< 0:44e000> Paged< 0:44f000> Paged< 0:450000> ) User stack Limit: 0x00062000 THREAD: 0xFF1B3880 (0xb56880) Cid: 334.31c CreateTime: 0x1c569664025eb90 2005-06-05 00:33:53Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(0) ThreadsProcess: 0xFF1BAAE0 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EF4488 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1B38DC Contents: FF19307C:FF17B71C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1B38EC(b568ec) PostBlockList: 0xFF1B3A44:FF1B3A44 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL LPC Server thread working on message Id 0xa59 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7BC8000 Stack Limit: 0xF7BC5000 Kernel Stack: 0xF7BC7C48(Paged< 0:92e000> NA NA Paged< 0:92e000> NA NA ) Resident: 0 THREAD: 0xFF19B020 (0x5a5020) Cid: 334.2fc CreateTime: 0x1c5696640353370 2005-06-05 00:33:53Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDC000(3c7f000) ThreadsProcess: 0xFF1BAAE0 Explorer.Exe Priority: 11 Base Priority: 9 Priority decrement: 0 Win32Thread: 0xE1C0C548 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF19B07C Contents: FF17495C:FF29F63C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF19B08C(5a508c) PostBlockList: 0xFF19B1E4:FF19B1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77C8962F C:\WINNT\system32\SHLWAPI.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8053000 Stack Limit: 0xF804E000 Kernel Stack: 0xF8052CC8(727c000 7aa5000 2866000 3447000 3a31000 727c000 7aa5000 2866000 3447000 3a31000 ) Resident: 1 User stack base: 0x00D30000(6d18000 42ba000 Paged< 0:16b0000> Paged< 0:16b6000> Paged< 0:82f000> ) User stack Limit: 0x00D2B000 THREAD: 0xFF198140 (0x19d1140) Cid: 334.358 CreateTime: 0x1c56966407e8c70 2005-06-05 00:33:53Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDB000(784e000) ThreadsProcess: 0xFF1BAAE0 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F55EA8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF19819C Contents: FF0C141C:FF22507C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF15F328(7aa0328) PostBlockList: 0xFF198304:FF198304 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x69803C33 C:\WINNT\system32\SHELL32.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7AAB000 Stack Limit: 0xF7AA7000 Kernel Stack: 0xF7AAA930(Paged< 0:a2f000> NA NA NA Paged< 0:a2f000> NA NA NA ) Resident: 0 User stack base: 0x00D80000(2831000 Paged< 0:448000> ) User stack Limit: 0x00D7E000 THREAD: 0xFF193020 (0x206b020) Cid: 334.1c0 CreateTime: 0x1c56966412cbfd0 2005-06-05 00:33:55Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDA000(0) ThreadsProcess: 0xFF1BAAE0 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF19307C Contents: FF18373C:FF1B38DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF19308C(206b08c) PostBlockList: 0xFF1931E4:FF1931E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x778321FE C:\WINNT\System32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7C6B000 Stack Limit: 0xF7C68000 Kernel Stack: 0xF7C6A930(Paged< 0:92d000> NA NA Paged< 0:92d000> NA NA ) Resident: 0 THREAD: 0xFF191240 (0x2138240) Cid: 334.32c CreateTime: 0x1c5696641dc7a60 2005-06-05 00:33:56Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD7000(1a00000) ThreadsProcess: 0xFF1BAAE0 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1361748 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF19129C Contents: FCC968FC:FF23731C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1912AC(21382ac) PostBlockList: 0xFF191404:FF191404 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77C77CC4 C:\WINNT\system32\SHLWAPI.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7A3B000 Stack Limit: 0xF7A38000 Kernel Stack: 0xF7A3A930(6a5a000 NA NA 6a5a000 NA NA ) Resident: 0 User stack base: 0x01380000(2521000 Paged< 0:16b9000> Paged< 0:16b7000> Paged< 0:16b3000> Paged< 0:16b4000> Paged< 0:196000> Paged< 0:197000> ) User stack Limit: 0x01379000 THREAD: 0xFF18CDA0 (0x2579da0) Cid: 334.35c CreateTime: 0x1c56966422efe80 2005-06-05 00:33:56Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD5000(2a20000) ThreadsProcess: 0xFF1BAAE0 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Alertable WaitListHead: 0xFF18CDFC Contents: FF294A3C:FF1665BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18CE54(2579e54) PostBlockList: 0xFF18CF64:FF18CF64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F828B5 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7AEF000 Stack Limit: 0xF7AEC000 Kernel Stack: 0xF7AEECC4(3b6f000 NA NA 3b6f000 NA NA ) Resident: 0 User stack base: 0x01540000(2af8000 ) User stack Limit: 0x0153F000 THREAD: 0xFF18C560 (0x2579560) Cid: 334.370 CreateTime: 0x1c56966423cbf30 2005-06-05 00:33:56Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD4000(2b0e000) ThreadsProcess: 0xFF1BAAE0 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE13A85C8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF18C5BC Contents: FF231B1C:FF1823DC Queue List: 0xFCCAA6C0:FCCAA6C0 WaitBlockList: 0xFF18C5CC(25795cc) PostBlockList: 0xFF18C724:FF18C724 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F961B4 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7A2B000 Stack Limit: 0xF7A27000 Kernel Stack: 0xF7A2AC20(Paged< 0:a11000> NA NA NA Paged< 0:a11000> NA NA NA ) Resident: 0 User stack base: 0x01680000(2b11000 2d1a000 2dac000 Paged< 0:78a000> ) User stack Limit: 0x0167C000 THREAD: 0xFF18B020 (0x2b84020) Cid: 334.25c CreateTime: 0x1c569664253ab00 2005-06-05 00:33:57Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFAF000(0) ThreadsProcess: 0xFF1BAAE0 Explorer.Exe Priority: 15 Base Priority: 1 Priority decrement: 14 Win32Thread: 0xE1F415E8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF18B07C Contents: FF17B71C:FF1B775C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18B08C(2b8408c) PostBlockList: 0xFF18B1E4:FF18B1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x766819DC C:\WINNT\System32\webcheck.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF05F0000 Stack Limit: 0xF05ED000 Kernel Stack: 0xF05EF930(Paged< 0:930000> NA NA Paged< 0:930000> NA NA ) Resident: 0 THREAD: 0xFF18BDA0 (0x2b84da0) Cid: 334.3bc CreateTime: 0x1c569664253ab00 2005-06-05 00:33:57Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFAE000(2b89000) ThreadsProcess: 0xFF1BAAE0 Explorer.Exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F86CA8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF18BDFC Contents: FF28B73C:FCDFD23C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18BE0C(2b84e0c) PostBlockList: 0xFF18BF64:FF18BF64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x766D1690 C:\WINNT\System32\stobject.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7F52000 Stack Limit: 0xF7F4C000 Kernel Stack: 0xF7F51C20(2cd9000 154000 19f5000 5116000 244000 6065000 2cd9000 154000 19f5000 5116000 244000 6065000 ) Resident: 1 User stack base: 0x01700000(2cd6000 Paged< 0:16bf000> Paged< 0:7cb000> Paged< 0:4b5000> ) User stack Limit: 0x016FC000 THREAD: 0xFF17B6C0 (0x2dc36c0) Cid: 334.324 CreateTime: 0x1c5696643c0e0d0 2005-06-05 00:33:59Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFAB000(0) ThreadsProcess: 0xFF1BAAE0 Explorer.Exe Priority: 15 Base Priority: 15 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF17B71C Contents: FF1B38DC:FF18B07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF17B72C(2dc372c) PostBlockList: 0xFF17B884:FF17B884 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77562BDF C:\WINNT\System32\wdmaud.drv Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7D03000 Stack Limit: 0xF7D00000 Kernel Stack: 0xF7D02930(Paged< 0:92f000> NA NA Paged< 0:92f000> NA NA ) Resident: 0 THREAD: 0xFF18C9A0 (0x25799a0) Cid: 334.404 CreateTime: 0x1c56966442ee650 2005-06-05 00:34:00Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFAA000(40ed000) ThreadsProcess: 0xFF1BAAE0 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF18C9FC Contents: FF235DFC:FF29D71C Queue List: 0xFF0EED10:FF1E9E40 WaitBlockList: 0xFF18CA0C(2579a0c) PostBlockList: 0xFF18CB64:FF18CB64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7AE3000 Stack Limit: 0xF7AE0000 Kernel Stack: 0xF7AE2C90(464f000 NA NA 464f000 NA NA ) Resident: 0 User stack base: 0x01960000(4097000 ) User stack Limit: 0x0195F000 THREAD: 0xFF1836E0 (0x2df96e0) Cid: 334.45c CreateTime: 0x1c569664edb1990 2005-06-05 00:34:18Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD6000(0) ThreadsProcess: 0xFF1BAAE0 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF18373C Contents: FF205DFC:FF19307C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18374C(2df974c) PostBlockList: 0xFF1838A4:FF1838A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x766D5659 C:\WINNT\System32\stobject.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FED000 Stack Limit: 0xF7FEA000 Kernel Stack: 0xF7FECCA0(Paged< 0:92c000> NA NA Paged< 0:92c000> NA NA ) Resident: 0 THREAD: 0xFF0EEC00 (0x5900c00) Cid: 334.22c CreateTime: 0x1c569d7f9f67010 2005-06-05 14:07:58Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD9000(6df6000) ThreadsProcess: 0xFF1BAAE0 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF0EEC5C Contents: FF25B7BC:FF235DFC Queue List: 0xFF1E9E40:FF18CAB0 WaitBlockList: 0xFF0EEC6C(5900c6c) PostBlockList: 0xFF0EEDC4:FF0EEDC4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8226000 Stack Limit: 0xF8223000 Kernel Stack: 0xF8225C90(4355000 NA NA 4355000 NA NA ) Resident: 0 User stack base: 0x025D0000(2338000 ) User stack Limit: 0x025CF000 + 3c4 Apoint.exe Source: from_active_process_list Eprocess Block: 0xFF18B400 (0x2b843e4) CreateTime: 0x1c56966425fe480 2005-06-05 00:33:57Z SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x2bf1000 Process Environment Block: 0x7FFDF000 (2bf6000) Loader module block: 0x00131E90 (2bf600c) Command Line: Section: 0xE12CFA10 (0x191ba10) Section Base Address: 0x00400000 (2c10000) SectionBasedAddress: 0x09966438 ) SizeOfSegment: 0x1a000 SectionFileName: \Program Files\Apoint\Apoint.exe 0xe13a5e88 (0x2a31e88) Handle Table: 0xFF1B35E8 (0xb565e8) Count: 50 TableCode: 0xE1F71000 Process exiting: 0 VAD Root: 0xFF28B648(579d648) Private: 298 Modified: 107 Locked: 0 AccessToken: 0xE1F864B0(26ee4b0) SecurityDescriptor: 0xE1EB2778(9a4778) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,103a7} ParentToken ID: {0,0} Modified ID: {0,d4c8} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x0041A000 (2c10000) Apoint.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00020588 BaseDllName address: 0x00131F10 FullDllName physical address: 1694588 BaseDllName physical address: 2d80f10 0x77F80000 0x77FFA000 (1) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 2d80f80 BaseDllName physical address: 2d80fa4 0x77E80000 0x77F35000 (1) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x001323F8 FullDllName physical address: 2d1b420 BaseDllName physical address: 2d1b3f8 0x77E10000 0x77E74000 (1) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324F0 BaseDllName address: 0x001324D0 FullDllName physical address: 2d1b4f0 BaseDllName physical address: 2d1b4d0 0x77F40000 0x77F7C000 (1) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001325A8 BaseDllName address: 0x00132588 FullDllName physical address: 2d1b5a8 BaseDllName physical address: 2d1b588 0x77DB0000 0x77E0A000 (1) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132660 BaseDllName address: 0x00132638 FullDllName physical address: 2d1b660 BaseDllName physical address: 2d1b638 0x77D40000 0x77DB0000 (1) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132718 BaseDllName address: 0x001326F8 FullDllName physical address: 2d1b718 BaseDllName physical address: 2d1b6f8 0x69800000 0x69A42000 (1) SHELL32.dll C:\WINNT\system32\SHELL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327D0 BaseDllName address: 0x001327B0 FullDllName physical address: 2d1b7d0 BaseDllName physical address: 2d1b7b0 0x77C70000 0x77CBA000 (1) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132888 BaseDllName address: 0x00132868 FullDllName physical address: 2d1b888 BaseDllName physical address: 2d1b868 0x77B50000 0x77BD9000 (1) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132948 BaseDllName address: 0x00132920 FullDllName physical address: 2d1b948 BaseDllName physical address: 2d1b920 0x77570000 0x775A0000 (1) WINMM.dll C:\WINNT\System32\WINMM.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132A00 BaseDllName address: 0x001329E0 FullDllName physical address: 2d1ba00 BaseDllName physical address: 2d1b9e0 Thread List Head: 0xFF18B450 THREAD: 0xFF18A020 (0x2bf8020) Cid: 3c4.3c0 CreateTime: 0x1c5696642616bb0 2005-06-05 00:33:57Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(2c1f000) ThreadsProcess: 0xFF18B400 Apoint.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F90868 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF18A07C Contents: FCDFF3FC:FF1728BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18A08C(2bf808c) PostBlockList: 0xFF18A1E4:FF18A1E4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x004064A4 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF80A3000 Stack Limit: 0xF809F000 Kernel Stack: 0xF80A2C20(2e84000 2ea3000 2ea2000 2e86000 2e84000 2ea3000 2ea2000 2e86000 ) Resident: 1 User stack base: 0x00130000(2cdf000 2e60000 Paged< 0:1a19000> Paged< 0:1a28000> 431c000 Paged< 0:1a3b000> Paged< 0:1a44000> ) User stack Limit: 0x00129000 THREAD: 0xFF176080 (0x4556080) Cid: 3c4.41c CreateTime: 0x1c5696644cc4aa0 2005-06-05 00:34:01Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(4475000) ThreadsProcess: 0xFF18B400 Apoint.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1760DC Contents: FF27E59C:FF15781C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1760EC(45560ec) PostBlockList: 0xFF176244:FF176244 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7CE7000 Stack Limit: 0xF7CE4000 Kernel Stack: 0xF7CE6C48(Paged< 0:873000> NA NA Paged< 0:873000> NA NA ) Resident: 0 User stack base: 0x00EE0000(Paged< 0:16a4000> ) User stack Limit: 0x00EDF000 + 3cc HKserv.exe Source: from_active_process_list Eprocess Block: 0xFF18A6E0 (0x2bf86c4) CreateTime: 0x1c5696642723ac0 2005-06-05 00:33:57Z SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x2ce7000 Process Environment Block: 0x7FFDF000 (2cec000) Loader module block: 0x00131E90 (2cec00c) Command Line: Section: 0xE1333130 (0x1aa7130) Section Base Address: 0x00400000 () SectionBasedAddress: 0x09971C28 ) SizeOfSegment: 0xc000 SectionFileName: \Program Files\Sony\HotKey Utility\HKserv.exe 0xe13a7c48 (0x2b6ac48) Handle Table: 0xFF190168 (0x214a168) Count: 55 TableCode: 0xE1FB0000 Process exiting: 0 VAD Root: 0xFF179EE8(323cee8) Private: 233 Modified: 61 Locked: 0 AccessToken: 0xE1BF6D70(4514d70) SecurityDescriptor: 0xE1EB2778(9a4778) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,10ca6} ParentToken ID: {0,0} Modified ID: {0,d4c8} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled Thread List Head: 0xFF18A730 THREAD: 0xFF18A460 (0x2bf8460) Cid: 3cc.3c8 CreateTime: 0x1c5696642723ac0 2005-06-05 00:33:57Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(2cce000) ThreadsProcess: 0xFF18A6E0 HKserv.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F8ECE8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF18A4BC Contents: FF1823DC:FF1718FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18A4CC(2bf84cc) PostBlockList: 0xFF18A624:FF18A624 Queue: 0x00000000 Start Address: 0x77E99264 Win32 Start Address: 0x00406FD4 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7F12000 Stack Limit: 0xF7F0E000 Kernel Stack: 0xF7F11C20(Paged< 0:a13000> NA NA NA Paged< 0:a13000> NA NA NA ) Resident: 0 User stack base: 0x00130000(2d01000 Paged< 0:18ff000> Paged< 0:191b000> b09000 ) User stack Limit: 0x0012C000 THREAD: 0xFF173400 (0x44ce400) Cid: 3cc.420 CreateTime: 0x1c56966458221f0 2005-06-05 00:34:02Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(59af000) ThreadsProcess: 0xFF18A6E0 HKserv.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF17345C Contents: FF1B661C:FF20607C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF17346C(44ce46c) PostBlockList: 0xFF1735C4:FF1735C4 Queue: 0x00000000 Start Address: 0x77E83775 LPC Server thread working on message Id 0x6dc Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7ADB000 Stack Limit: 0xF7AD8000 Kernel Stack: 0xF7ADAC48(Paged< 0:86f000> NA NA Paged< 0:86f000> NA NA ) Resident: 0 User stack base: 0x00DC0000(5971000 ) User stack Limit: 0x00DBF000 THREAD: 0xFF132020 (0x72bf020) Cid: 3cc.26c CreateTime: 0x1c569664ab51640 2005-06-05 00:34:11Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDB000(3136000) ThreadsProcess: 0xFF18A6E0 HKserv.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF13207C Contents: FF1708BC:FCDFF8FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF13208C(72bf08c) PostBlockList: 0xFF1321E4:FF1321E4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x00FF4420 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7AB7000 Stack Limit: 0xF7AB4000 Kernel Stack: 0xF7AB6CA0(ead000 215000 5ab6000 ead000 215000 5ab6000 ) Resident: 1 User stack base: 0x01230000(7518000 ) User stack Limit: 0x0122F000 + 3dc DragDrop.exe Source: from_active_process_list Eprocess Block: 0xFF189020 (0x2c46004) CreateTime: 0x1c5696642a62f20 2005-06-05 00:33:57Z SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x2dbc000 Process Environment Block: 0x7FFDF000 (2de1000) Loader module block: 0x00131E90 (2de100c) Command Line: "C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe" /StartUp Section: 0xE1C0E770 (0x7369770) Section Base Address: 0x00400000 () SectionBasedAddress: 0x09965438 ) SizeOfSegment: 0xa9000 SectionFileName: \Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe 0xe1e32e88 (0x5595e88) Handle Table: 0xFF18AB88 (0x2bf8b88) Count: 62 TableCode: 0xE1F95000 Process exiting: 0 VAD Root: 0xFF14E0E8(dbe0e8) Private: 852 Modified: 223 Locked: 0 AccessToken: 0xE1F7FD70(25a8d70) SecurityDescriptor: 0xE1EB2778(9a4778) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,12036} ParentToken ID: {0,0} Modified ID: {0,11d67} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x004A9000 (1) DragDrop.exe C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000205A8 BaseDllName address: 0x00131F10 FullDllName physical address: 2de65a8 BaseDllName physical address: 2e22f10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F88 BaseDllName address: 0x00131FAC FullDllName physical address: 2e22f88 BaseDllName physical address: 2e22fac 0x10000000 0x10019000 (1) PRIMOSDK.dll C:\Program Files\Drag'n Drop CD\BinFiles\PRIMOSDK.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327C8 BaseDllName address: 0x00132400 FullDllName physical address: 2e237c8 BaseDllName physical address: 2e23400 0x77E80000 0x77F35000 (3234000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132428 BaseDllName address: 0x00132890 FullDllName physical address: 2e23428 BaseDllName physical address: 2e23890 0x77E10000 0x77E74000 (3382000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132940 BaseDllName address: 0x00132920 FullDllName physical address: 2e23940 BaseDllName physical address: 2e23920 0x77F40000 0x77F7C000 (31f2000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001329F8 BaseDllName address: 0x001329D8 FullDllName physical address: 2e239f8 BaseDllName physical address: 2e239d8 0x77820000 0x77827000 (1) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132AA8 BaseDllName address: 0x00132A88 FullDllName physical address: 2e23aa8 BaseDllName physical address: 2e23a88 0x759B0000 0x759B6000 (1) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132B60 BaseDllName address: 0x00132B40 FullDllName physical address: 2e23b60 BaseDllName physical address: 2e23b40 0x00230000 0x0026F000 (1) PX.dll C:\WINNT\System32\PX.dll Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132BF0 BaseDllName address: 0x00132908 FullDllName physical address: 2e23bf0 BaseDllName physical address: 2e23908 0x77DB0000 0x77E0A000 (3210000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132DE8 BaseDllName address: 0x00132DC0 FullDllName physical address: 2e23de8 BaseDllName physical address: 2e23dc0 0x77D40000 0x77DB0000 (32dd000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132EA0 BaseDllName address: 0x00132E80 FullDllName physical address: 2e23ea0 BaseDllName physical address: 2e23e80 0x00270000 0x00328000 (1) ezCDmker.dll C:\Program Files\Drag'n Drop CD\BinFiles\ezCDmker.dll Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132FA8 BaseDllName address: 0x00132F38 FullDllName physical address: 2d55000 BaseDllName physical address: 2e23f38 0x77570000 0x775A0000 (1) WINMM.dll C:\WINNT\System32\WINMM.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133090 BaseDllName address: 0x00133070 FullDllName physical address: 2d55090 BaseDllName physical address: 2d55070 0x76B30000 0x76B6E000 (1) comdlg32.dll C:\WINNT\system32\comdlg32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132F60 BaseDllName address: 0x00133250 FullDllName physical address: 2e23f60 BaseDllName physical address: 2d55250 0x77C70000 0x77CBA000 (1) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001332E8 BaseDllName address: 0x001332C8 FullDllName physical address: 2d552e8 BaseDllName physical address: 2d552c8 0x77B50000 0x77BD9000 (336b000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001333A8 BaseDllName address: 0x00133380 FullDllName physical address: 2d553a8 BaseDllName physical address: 2d55380 0x69800000 0x69A42000 (1) SHELL32.DLL C:\WINNT\system32\SHELL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133460 BaseDllName address: 0x00133440 FullDllName physical address: 2d55460 BaseDllName physical address: 2d55440 0x78000000 0x78046000 (335c000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133518 BaseDllName address: 0x001334F8 FullDllName physical address: 2d55518 BaseDllName physical address: 2d554f8 0x77800000 0x7781D000 (1) WINSPOOL.DRV C:\WINNT\System32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001335D8 BaseDllName address: 0x001335B0 FullDllName physical address: 2d555d8 BaseDllName physical address: 2d555b0 0x00330000 0x00337000 (1) TRANSWIN.dll C:\Program Files\Drag'n Drop CD\BinFiles\TRANSWIN.dll Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001336E0 BaseDllName address: 0x00133670 FullDllName physical address: 2d556e0 BaseDllName physical address: 2d55670 0x6C370000 0x6C462000 (1) MFC42.DLL C:\WINNT\System32\MFC42.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001337C8 BaseDllName address: 0x001337A8 FullDllName physical address: 2d557c8 BaseDllName physical address: 2d557a8 0x00340000 0x0036D000 (1) DGSSTRM.DLL C:\Program Files\Drag'n Drop CD\BinFiles\DGSSTRM.DLL Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133878 BaseDllName address: 0x00133858 FullDllName physical address: 2d55878 BaseDllName physical address: 2d55858 0x77410000 0x77423000 (1) MSACM32.dll C:\WINNT\System32\MSACM32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133698 BaseDllName address: 0x00133940 FullDllName physical address: 2d55698 BaseDllName physical address: 2d55940 0x00370000 0x00399000 (1) ezLICEN.dll C:\Program Files\Drag'n Drop CD\BinFiles\ezLICEN.dll Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133A18 BaseDllName address: 0x001339B0 FullDllName physical address: 2d55a18 BaseDllName physical address: 2d559b0 0x76C00000 0x76C74000 (1) WININET.dll C:\WINNT\system32\WININET.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001339D0 BaseDllName address: 0x00133AE0 FullDllName physical address: 2d559d0 BaseDllName physical address: 2d55ae0 0x752F0000 0x7530F000 (1) oledlg.dll C:\WINNT\System32\oledlg.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133B70 BaseDllName address: 0x00133B50 FullDllName physical address: 2d55b70 BaseDllName physical address: 2d55b50 0x77A50000 0x77B45000 (1) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133C28 BaseDllName address: 0x00133C08 FullDllName physical address: 2d55c28 BaseDllName physical address: 2d55c08 0x695E0000 0x69609000 (1) OLEPRO32.DLL C:\WINNT\System32\OLEPRO32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133CE0 BaseDllName address: 0x00133CB8 FullDllName physical address: 2d55ce0 BaseDllName physical address: 2d55cb8 0x779B0000 0x77A45000 (1) OLEAUT32.dll C:\WINNT\system32\OLEAUT32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133DA0 BaseDllName address: 0x00133D78 FullDllName physical address: 2d55da0 BaseDllName physical address: 2d55d78 0x5FD00000 0x5FD0D000 (6da7000) MFC42LOC.DLL C:\WINNT\System32\MFC42LOC.DLL Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013A2E0 BaseDllName address: 0x001348D0 FullDllName physical address: 6f462e0 BaseDllName physical address: 6c448d0 0x01780000 0x017EA000 (22c3000) DDCDRES.DLL C:\Program Files\Drag'n Drop CD\BinFiles\DDCDRES.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013ED00 BaseDllName address: 0x001612E0 FullDllName physical address: 7353d00 BaseDllName physical address: 74f32e0 0x01800000 0x0181D000 (7c02000) PXMAS.DLL C:\WINNT\System32\PXMAS.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00137B50 BaseDllName address: 0x00164FD0 FullDllName physical address: 6f06b50 BaseDllName physical address: 79d6fd0 0x01930000 0x01998000 (925000) PXWAVE.DLL C:\WINNT\System32\PXWAVE.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00161258 BaseDllName address: 0x00165080 FullDllName physical address: 74f3258 BaseDllName physical address: 7986080 0x01AB0000 0x01AB7000 (b9f000) TRANS.DLL C:\Program Files\Drag'n Drop CD\BinFiles\TRANS.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00133E38 BaseDllName address: 0x001650F0 FullDllName physical address: 2d55e38 BaseDllName physical address: 79860f0 0x01AC0000 0x01AE2000 (396000) DGMP3RD.DLL C:\Program Files\Drag'n Drop CD\BinFiles\DGMP3RD.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00164F48 BaseDllName address: 0x00166250 FullDllName physical address: 79d6f48 BaseDllName physical address: d74250 0x01C00000 0x01C13000 (e26000) DGWAVOT.DLL C:\Program Files\Drag'n Drop CD\BinFiles\DGWAVOT.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001662C0 BaseDllName address: 0x00166338 FullDllName physical address: d742c0 BaseDllName physical address: d74338 0x01D30000 0x01D43000 (335000) DGWAVRD.DLL C:\Program Files\Drag'n Drop CD\BinFiles\DGWAVRD.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001663A8 BaseDllName address: 0x00166420 FullDllName physical address: d743a8 BaseDllName physical address: d74420 0x01E60000 0x01E76000 (1915000) DGWAVWT.DLL C:\Program Files\Drag'n Drop CD\BinFiles\DGWAVWT.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00166518 BaseDllName address: 0x00166590 FullDllName physical address: d74518 BaseDllName physical address: d74590 0x01F90000 0x02001000 (3e9e000) DGMP3WT.DLL C:\Program Files\Drag'n Drop CD\BinFiles\DGMP3WT.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001666E0 BaseDllName address: 0x00166670 FullDllName physical address: d746e0 BaseDllName physical address: d74670 0x02020000 0x0202A000 (230000) WMHook.dll C:\PROGRA~1\Sony\JOGDIA~1\WMHook.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013C390 BaseDllName address: 0x00165348 FullDllName physical address: 6ead390 BaseDllName physical address: 7986348 Thread List Head: 0xFF189070 THREAD: 0xFF1885C0 (0x2d155c0) Cid: 3dc.3d8 CreateTime: 0x1c5696642a62f20 2005-06-05 00:33:57Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(2e03000) ThreadsProcess: 0xFF189020 DragDrop.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F8BEA8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF18861C Contents: FF1728BC:FF13207C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18862C(2d1562c) PostBlockList: 0xE1E18170:E1339FB0 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x0044ACB1 C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF0600000 Stack Limit: 0xF05FB000 Kernel Stack: 0xF05FFC20(6e53000 6b12000 6ac6000 6d07000 72d1000 6e53000 6b12000 6ac6000 6d07000 72d1000 ) Resident: 1 User stack base: 0x00130000(2ddd000 6c83000 71a9000 77e0000 ) User stack Limit: 0x0012C000 + 3f0 alogserv.exe Source: from_active_process_list Eprocess Block: 0xFF182A20 (0x2e7ea04) CreateTime: 0x1c5696642e34ea0 2005-06-05 00:33:57Z SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x2e4c000 Process Environment Block: 0x7FFDF000 (2e92000) Loader module block: 0x00131E90 (2e9200c) Command Line: "C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe" Section: 0xE12CC3B0 (0x19303b0) Section Base Address: 0x00400000 (2e3a000) SectionBasedAddress: 0x099F2C20 ) SizeOfSegment: 0x8000 SectionFileName: \Program Files\McAfee\McAfee VirusScan\alogserv.exe 0xe1f6b8e8 (0x290f8e8) Handle Table: 0xFF186EC8 (0x2dafec8) Count: 21 TableCode: 0xE1F8F000 Process exiting: 0 VAD Root: 0xFF186868(2daf868) Private: 106 Modified: 0 Locked: 0 AccessToken: 0xE1F8E030(2e4e030) SecurityDescriptor: 0xE1EB2778(9a4778) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,13bd5} ParentToken ID: {0,0} Modified ID: {0,11d67} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x00408000 (2e3a000) alogserv.exe C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000205A8 BaseDllName address: 0x00131F10 FullDllName physical address: 2ecc5a8 BaseDllName physical address: 2f04f10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F88 BaseDllName address: 0x00131FAC FullDllName physical address: 2f04f88 BaseDllName physical address: 2f04fac 0x10000000 0x1000D000 (2f2f000) ACTILOG.dll C:\Program Files\McAfee\McAfee VirusScan\ACTILOG.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327C0 BaseDllName address: 0x00132400 FullDllName physical address: 2f287c0 BaseDllName physical address: 2f28400 0x77E80000 0x77F35000 (3234000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x00132888 FullDllName physical address: 2f28420 BaseDllName physical address: 2f28888 0x77E10000 0x77E74000 (3382000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132938 BaseDllName address: 0x00132918 FullDllName physical address: 2f28938 BaseDllName physical address: 2f28918 0x77F40000 0x77F7C000 (31f2000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001329F0 BaseDllName address: 0x001329D0 FullDllName physical address: 2f289f0 BaseDllName physical address: 2f289d0 0x77DB0000 0x77E0A000 (3210000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132AA8 BaseDllName address: 0x00132A80 FullDllName physical address: 2f28aa8 BaseDllName physical address: 2f28a80 0x77D40000 0x77DB0000 (32dd000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132B60 BaseDllName address: 0x00132B40 FullDllName physical address: 2f28b60 BaseDllName physical address: 2f28b40 0x00B40000 0x00B4A000 (230000) WMHook.dll C:\PROGRA~1\Sony\JOGDIA~1\WMHook.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00134EA0 BaseDllName address: 0x00132BF8 FullDllName physical address: 2feaea0 BaseDllName physical address: 2f28bf8 Thread List Head: 0xFF182A70 THREAD: 0xFF182380 (0x2e7e380) Cid: 3f0.3ec CreateTime: 0x1c5696642f10f50 2005-06-05 00:33:58Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(2eaf000) ThreadsProcess: 0xFF182A20 alogserv.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F8EEA8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF1823DC Contents: FF18C5BC:FF18A4BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1823EC(2e7e3ec) PostBlockList: 0xFF182544:FF182544 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x00402560 C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7F02000 Stack Limit: 0xF7EFE000 Kernel Stack: 0xF7F01C20(Paged< 0:a12000> NA NA NA Paged< 0:a12000> NA NA NA ) Resident: 0 User stack base: 0x00130000(2eec000 2fad000 ) User stack Limit: 0x0012E000 THREAD: 0xFF1B65C0 (0x54255c0) Cid: 3f0.3f8 CreateTime: 0x1c5696643747970 2005-06-05 00:33:58Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(2d64000) ThreadsProcess: 0xFF182A20 alogserv.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1B661C Contents: FF28E07C:FF17345C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1B662C(542562c) PostBlockList: 0xFF1B6784:FF1B6784 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x00401300 C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF79F7000 Stack Limit: 0xF79F4000 Kernel Stack: 0xF79F6930(Paged< 0:86e000> NA NA Paged< 0:86e000> NA NA ) Resident: 0 User stack base: 0x00AC0000(2d6d000 73aa000 ) User stack Limit: 0x00ABE000 + 3f4 tgcmd.exe Source: from_active_process_list Eprocess Block: 0xFF17D6A0 (0x3082684) CreateTime: 0x1c56966436fe3e0 2005-06-05 00:33:58Z SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x2ce5000 Process Environment Block: 0x7FFDF000 (3a04000) Loader module block: 0x00131E90 (3a0400c) Command Line: Section: 0xE1F267F0 (0x2887f0) Section Base Address: 0x00400000 () SectionBasedAddress: 0x09A4F430 ) SizeOfSegment: 0xa5000 SectionFileName: \Program Files\Support.com\Client\bin\tgcmd.exe 0xe1ee0c48 (0x3c9ac48) Handle Table: 0xFF1BF908 (0x1a52908) Count: 210 TableCode: 0xE1FCA000 Process exiting: 0 VAD Root: 0xFF187708(2dd0708) Private: 372 Modified: 97445 Locked: 0 AccessToken: 0xE1FC9030(3014030) SecurityDescriptor: 0xE1EB2778(9a4778) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,14f2f} ParentToken ID: {0,0} Modified ID: {0,11d67} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x004A5000 (1) tgcmd.exe 祫祬祭祮祯祰祱祲祳祴祵祶祷祸祹祺祻祼祽祾祿禀禁禂禃 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000205A8 BaseDllName address: 0x00131F10 FullDllName physical address: 20215a8 BaseDllName physical address: 62ef10 0x77F80000 0x77FFA000 (1) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 62ef80 BaseDllName physical address: 62efa4 0x75050000 0x75058000 (1) WSOCK32.dll C:\WINNT\System32\WSOCK32.dll Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132418 BaseDllName address: 0x001323F8 FullDllName physical address: 6e64418 BaseDllName physical address: 6e643f8 0x77E80000 0x77F35000 (1) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132828 BaseDllName address: 0x00132800 FullDllName physical address: 6e64828 BaseDllName physical address: 6e64800 0x75030000 0x75044000 (1) WS2_32.DLL C:\WINNT\System32\WS2_32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001328E0 BaseDllName address: 0x001328C0 FullDllName physical address: 6e648e0 BaseDllName physical address: 6e648c0 0x78000000 0x78046000 (1) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132998 BaseDllName address: 0x00132978 FullDllName physical address: 6e64998 BaseDllName physical address: 6e64978 0x77DB0000 0x77E0A000 (1) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132A70 BaseDllName address: 0x00132A48 FullDllName physical address: 6e64a70 BaseDllName physical address: 6e64a48 0x77D40000 0x77DB0000 (1) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132B28 BaseDllName address: 0x00132B08 FullDllName physical address: 6e64b28 BaseDllName physical address: 6e64b08 0x75020000 0x75028000 (1) WS2HELP.DLL C:\WINNT\System32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132BE0 BaseDllName address: 0x00132BC0 FullDllName physical address: 6e64be0 BaseDllName physical address: 6e64bc0 0x77E10000 0x77E74000 (1) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132C98 BaseDllName address: 0x00132C78 FullDllName physical address: 6e64c98 BaseDllName physical address: 6e64c78 0x77F40000 0x77F7C000 (1) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132D50 BaseDllName address: 0x00132D30 FullDllName physical address: 6e64d50 BaseDllName physical address: 6e64d30 0x69800000 0x69A42000 (1) SHELL32.dll C:\WINNT\system32\SHELL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132E00 BaseDllName address: 0x00132DE0 FullDllName physical address: 6e64e00 BaseDllName physical address: 6e64de0 0x77C70000 0x77CBA000 (1) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132EB8 BaseDllName address: 0x00132E98 FullDllName physical address: 6e64eb8 BaseDllName physical address: 6e64e98 0x77B50000 0x77BD9000 (1) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132F78 BaseDllName address: 0x00132F50 FullDllName physical address: 6e64f78 BaseDllName physical address: 6e64f50 0x77A50000 0x77B45000 (1) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133030 BaseDllName address: 0x00133010 FullDllName physical address: 1ce5030 BaseDllName physical address: 1ce5010 0x779B0000 0x77A45000 (1) OLEAUT32.dll C:\WINNT\system32\OLEAUT32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001330E8 BaseDllName address: 0x001330C0 FullDllName physical address: 1ce50e8 BaseDllName physical address: 1ce50c0 0x60F30000 0x60F5D000 (1) SSLEAY32.dll C:\Program Files\Support.com\Client\bin\SSLEAY32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133328 BaseDllName address: 0x00133180 FullDllName physical address: 1ce5328 BaseDllName physical address: 1ce5180 0x60F60000 0x60FF3000 (1) LIBEAY32.dll C:\Program Files\Support.com\Client\bin\LIBEAY32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133418 BaseDllName address: 0x001333F0 FullDllName physical address: 1ce5418 BaseDllName physical address: 1ce53f0 0x75170000 0x751BF000 (1) NETAPI32.dll C:\WINNT\System32\NETAPI32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001331A8 BaseDllName address: 0x001334E0 FullDllName physical address: 1ce51a8 BaseDllName physical address: 1ce54e0 0x77BE0000 0x77BEF000 (1) SECUR32.DLL C:\WINNT\System32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133578 BaseDllName address: 0x00133558 FullDllName physical address: 1ce5578 BaseDllName physical address: 1ce5558 0x751C0000 0x751C6000 (1) NETRAP.DLL C:\WINNT\System32\NETRAP.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133630 BaseDllName address: 0x00133610 FullDllName physical address: 1ce5630 BaseDllName physical address: 1ce5610 0x75150000 0x7515F000 (1) SAMLIB.DLL C:\WINNT\System32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001336E8 BaseDllName address: 0x001336C8 FullDllName physical address: 1ce56e8 BaseDllName physical address: 1ce56c8 0x77950000 0x77979000 (1) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001337A0 BaseDllName address: 0x00133780 FullDllName physical address: 1ce57a0 BaseDllName physical address: 1ce5780 0x77980000 0x779A4000 (1) DNSAPI.DLL C:\WINNT\System32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133858 BaseDllName address: 0x00133838 FullDllName physical address: 1ce5858 BaseDllName physical address: 1ce5838 0x76C00000 0x76C74000 (1) Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00136A70 BaseDllName address: 0x00136A50 FullDllName physical address: 722a70 BaseDllName physical address: 722a50 0x1A400000 0x1A471000 (1) URLMON.DLL C:\WINNT\system32\URLMON.DLL Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001380E8 BaseDllName address: 0x001380C8 FullDllName physical address: 28f50e8 BaseDllName physical address: 28f50c8 0x77820000 0x77827000 (1) VERSION.DLL C:\WINNT\system32\VERSION.DLL Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001381A0 BaseDllName address: 0x00138180 FullDllName physical address: 28f51a0 BaseDllName physical address: 28f5180 0x759B0000 0x759B6000 (1) LZ32.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00136950 BaseDllName address: 0x00138238 FullDllName physical address: 722950 BaseDllName physical address: 28f5238 0x774E0000 0x77512000 (1) RASAPI32.DLL C:\WINNT\System32\RASAPI32.DLL Flags: 0xc4004 LoadCount: 0x1d TlsIndex: 0 FullDllName virtual address: 0x001406D8 BaseDllName address: 0x001396A0 FullDllName physical address: 67ae6d8 BaseDllName physical address: 68796a0 0x774C0000 0x774D1000 (1) RASMAN.DLL C:\WINNT\System32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0x1d TlsIndex: 0 FullDllName virtual address: 0x00140B88 BaseDllName address: 0x001396C8 FullDllName physical address: 67aeb88 BaseDllName physical address: 68796c8 0x77530000 0x77552000 (1) TAPI32.DLL C:\WINNT\System32\TAPI32.DLL Flags: 0x84006 LoadCount: 0x1d TlsIndex: 0 FullDllName virtual address: 0x00140C40 BaseDllName address: 0x00140C20 FullDllName physical address: 67aec40 BaseDllName physical address: 67aec20 0x77830000 0x7783E000 (1) RTUTILS.DLL C:\WINNT\System32\RTUTILS.DLL Flags: 0xc4004 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00141100 BaseDllName address: 0x001410E0 FullDllName physical address: 58d4100 BaseDllName physical address: 58d40e0 0x75AB0000 0x75AB5000 (1) sensapi.dll C:\WINNT\System32\sensapi.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00141848 BaseDllName address: 0x001418B8 FullDllName physical address: 58d4848 BaseDllName physical address: 58d48b8 0x77C10000 0x77C6D000 (1) USERENV.DLL C:\WINNT\System32\USERENV.DLL Flags: 0xc4004 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00146278 BaseDllName address: 0x00141958 FullDllName physical address: 592c278 BaseDllName physical address: 58d4958 0x74FD0000 0x74FED000 (1) msafd.dll C:\WINNT\system32\msafd.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x001465F8 BaseDllName address: 0x001465B0 FullDllName physical address: 592c5f8 BaseDllName physical address: 592c5b0 0x77340000 0x77353000 (1) IPHLPAPI.DLL C:\WINNT\System32\IPHLPAPI.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x00146820 BaseDllName address: 0x00141890 FullDllName physical address: 592c820 BaseDllName physical address: 58d4890 0x77520000 0x77525000 (1) ICMP.DLL C:\WINNT\System32\ICMP.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00145488 BaseDllName address: 0x00146638 FullDllName physical address: 596e488 BaseDllName physical address: 592c638 0x77320000 0x77337000 (1) C:\WINNT\System32\MPRAPI.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00145518 BaseDllName address: 0x0014AFD0 FullDllName physical address: 596e518 BaseDllName physical address: 85afd0 0x773B0000 0x773DE000 (1) ACTIVEDS.DLL C:\WINNT\System32\ACTIVEDS.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x001455B0 BaseDllName address: 0x001465D0 FullDllName physical address: 596e5b0 BaseDllName physical address: 592c5d0 0x77380000 0x773A2000 (1) ADSLDPC.DLL C:\WINNT\System32\ADSLDPC.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00145668 BaseDllName address: 0x00145648 FullDllName physical address: 596e668 BaseDllName physical address: 596e648 0x77880000 0x7790D000 (1) SETUPAPI.DLL C:\WINNT\System32\SETUPAPI.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00145700 BaseDllName address: 0x00146880 FullDllName physical address: 596e700 BaseDllName physical address: 592c880 0x77360000 0x77379000 (1) DHCPCSVC.DLL C:\WINNT\System32\DHCPCSVC.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00145798 BaseDllName address: 0x001418D8 FullDllName physical address: 596e798 BaseDllName physical address: 58d48d8 0x691D0000 0x69255000 (1) CLBCATQ.DLL C:\WINNT\System32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00145878 BaseDllName address: 0x00145858 FullDllName physical address: 596e878 BaseDllName physical address: 596e858 0x75010000 0x75017000 (1) wshtcpip.dll C:\WINNT\System32\wshtcpip.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014CC30 BaseDllName address: 0x0014CC78 FullDllName physical address: 33a7c30 BaseDllName physical address: 33a7c78 0x78280000 0x7828C000 (1) rnr20.dll C:\WINNT\System32\rnr20.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00132138 BaseDllName address: 0x0014B800 FullDllName physical address: 6e64138 BaseDllName physical address: 72ae800 0x777E0000 0x777E8000 (1) winrnr.dll C:\WINNT\System32\winrnr.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014D388 BaseDllName address: 0x001321B0 FullDllName physical address: 688e388 BaseDllName physical address: 6e641b0 0x777F0000 0x777F5000 (1) rasadhlp.dll C:\WINNT\System32\rasadhlp.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014D2F0 BaseDllName address: 0x0014FA30 FullDllName physical address: 688e2f0 BaseDllName physical address: 7561a30 0x75090000 0x750A0000 (1) mpr.dll C:\WINNT\system32\mpr.dll Flags: 0xc4004 LoadCount: 0x23 TlsIndex: 0 FullDllName virtual address: 0x0014F6A8 BaseDllName address: 0x0014F730 FullDllName physical address: 75616a8 BaseDllName physical address: 7561730 0x10000000 0x1000A000 (1) WMHook.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014A468 BaseDllName address: 0x0014FA58 FullDllName physical address: 85a468 BaseDllName physical address: 7561a58 0x5FFE0000 0x5FFE9000 (1) sdcidle.dll C:\Program Files\Support.com\Client\bin\sdcidle.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0014D280 BaseDllName address: 0x001527E0 FullDllName physical address: 688e280 BaseDllName physical address: 3b707e0 Thread List Head: 0xFF17D6F0 THREAD: 0xFF183020 (0x2df9020) Cid: 3f4.368 CreateTime: 0x1c5696643716b10 2005-06-05 00:33:58Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(0) ThreadsProcess: 0xFF17D6A0 tgcmd.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F424A8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF18307C Contents: FF17007C:FCDFE07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18308C(2df908c) PostBlockList: 0xE1ED8D50:E12A5DF0 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x0040FB59 祫祬祭祮祯祰祱祲祳祴祵祶祷祸祹祺祻祼祽祾祿禀禁禂禃 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7D3B000 Stack Limit: 0xF7D38000 Kernel Stack: 0xF7D3A930(5363000 NA NA 5363000 NA NA ) Resident: 0 THREAD: 0xFF170020 (0x611e020) Cid: 3f4.410 CreateTime: 0x1c5696645df5860 2005-06-05 00:34:02Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(0) ThreadsProcess: 0xFF17D6A0 tgcmd.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF17007C Contents: FF166DFC:FF18307C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1E9D08(7f5d08) PostBlockList: 0xFF1701E4:FF1701E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x778321FE C:\WINNT\System32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7AD7000 Stack Limit: 0xF7AD4000 Kernel Stack: 0xF7AD6930(52e6000 NA NA 52e6000 NA NA ) Resident: 0 THREAD: 0xFF166DA0 (0x582cda0) Cid: 3f4.37c CreateTime: 0x1c5696648289930 2005-06-05 00:34:06Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDC000(0) ThreadsProcess: 0xFF17D6A0 tgcmd.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF166DFC Contents: FF16633C:FF17007C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF166E0C(582ce0c) PostBlockList: 0xE1F36970:E1BF8590 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x0040F2CB 祫祬祭祮祯祰祱祲祳祴祵祶祷祸祹祺祻祼祽祾祿禀禁禂禃 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B38000 Stack Limit: 0xF7B35000 Kernel Stack: 0xF7B37CA0(55b3000 NA NA 55b3000 NA NA ) Resident: 0 THREAD: 0xFF166940 (0x582c940) Cid: 3f4.44c CreateTime: 0x1c56966482a2060 2005-06-05 00:34:06Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDB000(e57000) ThreadsProcess: 0xFF17D6A0 tgcmd.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF16699C Contents: FF19129C:FF13F8FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1605C8(70be5c8) PostBlockList: 0xE1F38970:E1C002F0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x0040F2CB 祫祬祭祮祯祰祱祲祳祴祵祶祷祸祹祺祻祼祽祾祿禀禁禂禃 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FB5000 Stack Limit: 0xF7FB2000 Kernel Stack: 0xF7FB4930(6e10000 NA NA 6e10000 NA NA ) Resident: 0 User stack base: 0x012C0000(20f0000 6bf8000 Paged< 0:91f000> Paged< 0:924000> Paged< 0:922000> ) User stack Limit: 0x012BB000 THREAD: 0xFF166560 (0x582c560) Cid: 3f4.450 CreateTime: 0x1c56966482a2060 2005-06-05 00:34:06Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDA000(2b3d000) ThreadsProcess: 0xFF17D6A0 tgcmd.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F60A48 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1665BC Contents: FF22F45C:FF29DCFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF0CC4C8(46804c8) PostBlockList: 0xFF166724:FF166724 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x0040F2CB 祫祬祭祮祯祰祱祲祳祴祵祶祷祸祹祺祻祼祽祾祿禀禁禂禃 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7897000 Stack Limit: 0xF7894000 Kernel Stack: 0xF7896930(2159000 NA NA 2159000 NA NA ) Resident: 0 User stack base: 0x013C0000(17cf000 3201000 6852000 Paged< 0:91a000> Paged< 0:58d000> Paged< 0:58e000> Paged< 0:58f000> Paged< 0:590000> Paged< 0:591000> Paged< 0:592000> Paged< 0:593000> Paged< 0:594000> Paged< 0:595000> Paged< 0:596000> Paged< 0:597000> Paged< 0:598000> Paged< 0:599000> Paged< 0:59a000> Paged< 0:5bd000> ) User stack Limit: 0x013AD000 THREAD: 0xFF1662E0 (0x582c2e0) Cid: 3f4.454 CreateTime: 0x1c56966482a2060 2005-06-05 00:34:06Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD9000(0) ThreadsProcess: 0xFF17D6A0 tgcmd.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF16633C Contents: FF15E33C:FF166DFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF16634C(582c34c) PostBlockList: 0xFF1664A4:FF1664A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x0040F2CB 祫祬祭祮祯祰祱祲祳祴祵祶祷祸祹祺祻祼祽祾祿禀禁禂禃 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7DD3000 Stack Limit: 0xF7DD0000 Kernel Stack: 0xF7DD2CA0(5959000 NA NA 5959000 NA NA ) Resident: 0 THREAD: 0xFF15E2E0 (0x7c1b2e0) Cid: 3f4.460 CreateTime: 0x1c56966488d7390 2005-06-05 00:34:07Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD7000(0) ThreadsProcess: 0xFF17D6A0 tgcmd.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF15E33C Contents: FF25C25C:FF16633C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF15E34C(7c1b34c) PostBlockList: 0xFF15E4A4:FF15E4A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x7517B646 C:\WINNT\System32\NETAPI32.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7CFB000 Stack Limit: 0xF7CF8000 Kernel Stack: 0xF7CFA930(597c000 NA NA 597c000 NA NA ) Resident: 0 THREAD: 0xFF26D020 (0x5f3a020) Cid: 3f4.2cc CreateTime: 0x1c5699c31a297d0 2005-06-05 07:00:01Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD8000(607f000) ThreadsProcess: 0xFF17D6A0 tgcmd.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE20D6EA8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF26D07C Contents: FF1D407C:FF0E113C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF26D08C(5f3a08c) PostBlockList: 0xFF26D1E4:FF26D1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x0040F2CB 祫祬祭祮祯祰祱祲祳祴祵祶祷祸祹祺祻祼祽祾祿禀禁禂禃 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7D8B000 Stack Limit: 0xF7D87000 Kernel Stack: 0xF7D8AC20(6030000 1f38000 1f39000 1d7a000 6030000 1f38000 1f39000 1d7a000 ) Resident: 0 User stack base: 0x019F0000(7040000 ) User stack Limit: 0x019EF000 + 418 PcfMgr.exe Source: from_active_process_list Eprocess Block: 0xFF177660 (0x40b4644) CreateTime: 0x1c5696644c19850 2005-06-05 00:34:01Z SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x43de000 Process Environment Block: 0x7FFDF000 (44bb000) Loader module block: 0x00131E90 (44bb00c) Command Line: Section: 0xE1F49C90 (0x4098c90) Section Base Address: 0x00400000 () SectionBasedAddress: 0x09233430 ) SizeOfSegment: 0xc5000 SectionFileName: \Program Files\PowerPanel\Program\PcfMgr.exe 0xe1d41ba8 (0x43b6ba8) Handle Table: 0xFF187B88 (0x2dd0b88) Count: 119 TableCode: 0xE1FB7000 Process exiting: 0 VAD Root: 0xFF144688(306688) Private: 536 Modified: 104 Locked: 0 AccessToken: 0xE1FAFD70(4491d70) SecurityDescriptor: 0xE1EB2778(9a4778) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,1698c} ParentToken ID: {0,0} Modified ID: {0,1b43e} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x004C5000 (1) PcfMgr.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000205D8 BaseDllName address: 0x00131F10 FullDllName physical address: ba35d8 BaseDllName physical address: 44ddf10 0x77F80000 0x77FFA000 (1) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 44ddf80 BaseDllName physical address: 44ddfa4 0x77570000 0x775A0000 (1) WINMM.dll C:\WINNT\System32\WINMM.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132418 BaseDllName address: 0x001323F8 FullDllName physical address: 44be418 BaseDllName physical address: 44be3f8 0x77E10000 0x77E74000 (1) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132848 BaseDllName address: 0x00132828 FullDllName physical address: 44be848 BaseDllName physical address: 44be828 0x77E80000 0x77F35000 (1) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132908 BaseDllName address: 0x001328E0 FullDllName physical address: 44be908 BaseDllName physical address: 44be8e0 0x77F40000 0x77F7C000 (1) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001329C0 BaseDllName address: 0x001329A0 FullDllName physical address: 44be9c0 BaseDllName physical address: 44be9a0 0x77DB0000 0x77E0A000 (1) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132A78 BaseDllName address: 0x00132A50 FullDllName physical address: 44bea78 BaseDllName physical address: 44bea50 0x77D40000 0x77DB0000 (1) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132B30 BaseDllName address: 0x00132B10 FullDllName physical address: 44beb30 BaseDllName physical address: 44beb10 0x76B30000 0x76B6E000 (1) comdlg32.dll C:\WINNT\system32\comdlg32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132C08 BaseDllName address: 0x00132BE0 FullDllName physical address: 44bec08 BaseDllName physical address: 44bebe0 0x77C70000 0x77CBA000 (1) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132CC0 BaseDllName address: 0x00132CA0 FullDllName physical address: 44becc0 BaseDllName physical address: 44beca0 0x77B50000 0x77BD9000 (1) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132D80 BaseDllName address: 0x00132D58 FullDllName physical address: 44bed80 BaseDllName physical address: 44bed58 0x69800000 0x69A42000 (1) SHELL32.DLL C:\WINNT\system32\SHELL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132E38 BaseDllName address: 0x00132E18 FullDllName physical address: 44bee38 BaseDllName physical address: 44bee18 0x78000000 0x78046000 (1) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132EF0 BaseDllName address: 0x00132ED0 FullDllName physical address: 44beef0 BaseDllName physical address: 44beed0 0x77800000 0x7781D000 (1) WINSPOOL.DRV C:\WINNT\System32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132FB0 BaseDllName address: 0x00132F88 FullDllName physical address: 44befb0 BaseDllName physical address: 44bef88 0x752F0000 0x7530F000 (1) oledlg.dll C:\WINNT\System32\oledlg.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001331D0 BaseDllName address: 0x001331B0 FullDllName physical address: 506f1d0 BaseDllName physical address: 506f1b0 0x77A50000 0x77B45000 (1) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133288 BaseDllName address: 0x00133268 FullDllName physical address: 506f288 BaseDllName physical address: 506f268 0x779B0000 0x77A45000 (1) OLEAUT32.dll C:\WINNT\system32\OLEAUT32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133340 BaseDllName address: 0x00133318 FullDllName physical address: 506f340 BaseDllName physical address: 506f318 0x691D0000 0x69255000 (1) CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0015B568 BaseDllName address: 0x00135248 FullDllName physical address: bde568 BaseDllName physical address: 5287248 0x10000000 0x1018D000 (1) UILib.dll C:\PROGRA~1\COMMON~1\SONYSH~1\UILIBR~1\UILib.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001624D0 BaseDllName address: 0x00162540 FullDllName physical address: 70c04d0 BaseDllName physical address: 70c0540 0x77820000 0x77827000 (1) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001625D0 BaseDllName address: 0x001625B0 FullDllName physical address: 70c05d0 BaseDllName physical address: 70c05b0 0x759B0000 0x759B6000 (1) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00162688 BaseDllName address: 0x00162668 FullDllName physical address: 70c0688 BaseDllName physical address: 70c0668 0x00F30000 0x00FB7000 (7302000) gold.dll C:\Program Files\Common Files\Sony Shared\UILibrary\Tastes\gold.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00164BB0 BaseDllName address: 0x00164B10 FullDllName physical address: 7029bb0 BaseDllName physical address: 7029b10 0x01100000 0x01150000 (7ac1000) EngPM.dll C:\Program Files\PowerPanel\Program\EngPM.dll Flags: 0x204004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0016AFD0 BaseDllName address: 0x00165688 FullDllName physical address: 7ae0000 BaseDllName physical address: 252a688 0x01150000 0x01164000 (4022000) PMDM.dll C:\Program Files\PowerPanel\PROGRAM\PMDM.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001568D0 BaseDllName address: 0x0016B2C8 FullDllName physical address: 596c8d0 BaseDllName physical address: 7ae02c8 0x01180000 0x01186000 (9cb000) EngDM.DLL C:\Program Files\PowerPanel\Program\EngDM.DLL Flags: 0x204004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0016B350 BaseDllName address: 0x001568B0 FullDllName physical address: 7ae0350 BaseDllName physical address: 596c8b0 0x01190000 0x011BA000 (ce0000) PTLACPI.DLL C:\Program Files\PowerPanel\Program\PTLACPI.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0016B3B8 BaseDllName address: 0x0016B440 FullDllName physical address: 7ae03b8 BaseDllName physical address: 7ae0440 0x770B0000 0x770B7000 (5fdf000) CFGMGR32.dll C:\WINNT\System32\CFGMGR32.dll Flags: 0x4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0016B0B0 BaseDllName address: 0x001753F8 FullDllName physical address: 7ae00b0 BaseDllName physical address: 8b13f8 0x77880000 0x7790D000 (56e6000) setupapi.dll C:\WINNT\System32\setupapi.dll Flags: 0x84004 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x0016D300 BaseDllName address: 0x0016B720 FullDllName physical address: b74300 BaseDllName physical address: 7ae0720 0x77C10000 0x77C6D000 (5006000) USERENV.DLL C:\WINNT\System32\USERENV.DLL Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x00176D28 BaseDllName address: 0x00156938 FullDllName physical address: 9dbd28 BaseDllName physical address: 596c938 0x766F0000 0x766F7000 (79c4000) PowrProf.Dll C:\WINNT\System32\PowrProf.Dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00177458 BaseDllName address: 0x00176D00 FullDllName physical address: 7a4c458 BaseDllName physical address: 9dbd00 0x015D0000 0x015DE000 (316000) SnyUtils.dll C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0016CB78 BaseDllName address: 0x0016B290 FullDllName physical address: 7af0b78 BaseDllName physical address: 7ae0290 0x6C370000 0x6C462000 (2df6000) MFC42.DLL C:\WINNT\System32\MFC42.DLL Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001569D0 BaseDllName address: 0x0016D210 FullDllName physical address: 596c9d0 BaseDllName physical address: b74210 0x5FD00000 0x5FD0D000 (6da7000) MFC42LOC.DLL C:\WINNT\System32\MFC42LOC.DLL Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001765E8 BaseDllName address: 0x0016D230 FullDllName physical address: 9db5e8 BaseDllName physical address: b74230 0x015E0000 0x015FE000 (e85000) sxbios.dll C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll Flags: 0x284004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00164B30 BaseDllName address: 0x0016D258 FullDllName physical address: 7029b30 BaseDllName physical address: b74258 0x77840000 0x7787C000 (3ef7000) cscui.dll C:\WINNT\System32\cscui.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0016CF48 BaseDllName address: 0x0016F9E0 FullDllName physical address: 7af0f48 BaseDllName physical address: a309e0 0x770C0000 0x770E3000 (43a7000) CSCDLL.DLL C:\WINNT\System32\CSCDLL.DLL Flags: 0x84006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00176C50 BaseDllName address: 0x00173BB0 FullDllName physical address: 9dbc50 BaseDllName physical address: 3eb6bb0 0x01860000 0x0186A000 (230000) WMHook.dll C:\PROGRA~1\Sony\JOGDIA~1\WMHook.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001728D8 BaseDllName address: 0x0016FA70 FullDllName physical address: 28dd8d8 BaseDllName physical address: a30a70 0x77560000 0x77569000 (637e000) wdmaud.drv C:\WINNT\System32\wdmaud.drv Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00176960 BaseDllName address: 0x00171B50 FullDllName physical address: 9db960 BaseDllName physical address: 1937b50 0x01AD0000 0x01AEF000 (708000) BSACPICM.DLL C:\Program Files\PowerPanel\Program\BSACPICM.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0016A870 BaseDllName address: 0x0016EB20 FullDllName physical address: 7630870 BaseDllName physical address: db1b20 0x01C00000 0x01C24000 (6c1c000) BSNTSBS.DLL C:\Program Files\PowerPanel\Program\BSNTSBS.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00172870 BaseDllName address: 0x00171E50 FullDllName physical address: 28dd870 BaseDllName physical address: 1937e50 Thread List Head: 0xFF1776B0 THREAD: 0xFF17B020 (0x2dc3020) Cid: 418.414 CreateTime: 0x1c5696644c31f80 2005-06-05 00:34:01Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(44bd000) ThreadsProcess: 0xFF177660 PcfMgr.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1FDB008 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF17B07C Contents: FF14691C:FF19B07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF17B08C(2dc308c) PostBlockList: 0xE1ED3E70:E12F77D0 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00437C03 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7B68000 Stack Limit: 0xF7B64000 Kernel Stack: 0xF7B67C20(79df000 1f9f000 7c0000 1da1000 79df000 1f9f000 7c0000 1da1000 ) Resident: 1 User stack base: 0x00130000(4498000 528c000 Paged< 0:c07000> 6c4000 3e07000 ) User stack Limit: 0x0012B000 THREAD: 0xFF189580 (0x2c46580) Cid: 418.374 CreateTime: 0x1c5696646de88b0 2005-06-05 00:34:04Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(0) ThreadsProcess: 0xFF177660 PcfMgr.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1895DC Contents: FF15781C:FF1329DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1895EC(2c465ec) PostBlockList: 0xFF189744:FF189744 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7AEB000 Stack Limit: 0xF7AE8000 Kernel Stack: 0xF7AEAC48(Paged< 0:871000> NA NA Paged< 0:871000> NA NA ) Resident: 0 THREAD: 0xFF145020 (0x1987020) Cid: 418.478 CreateTime: 0x1c56966499bebc0 2005-06-05 00:34:09Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDC000(166000) ThreadsProcess: 0xFF177660 PcfMgr.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF14507C Contents: FF19B07C:FF1EDCBC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF14508C(198708c) PostBlockList: 0xFF1451E4:FF1451E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x015D4420 C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FD9000 Stack Limit: 0xF7FD6000 Kernel Stack: 0xF7FD8CA0(1c5000 1924000 15e3000 1c5000 1924000 15e3000 ) Resident: 1 User stack base: 0x01810000(27a9000 ) User stack Limit: 0x0180F000 THREAD: 0xFF132980 (0x72bf980) Cid: 418.488 CreateTime: 0x1c569664ac14fc0 2005-06-05 00:34:11Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDB000(5c0000) ThreadsProcess: 0xFF177660 PcfMgr.exe Priority: 15 Base Priority: 15 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1329DC Contents: FF1895DC:FF15937C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1329EC(72bf9ec) PostBlockList: 0xFF132B44:FF132B44 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77562BDF C:\WINNT\System32\wdmaud.drv Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7ACB000 Stack Limit: 0xF7AC8000 Kernel Stack: 0xF7ACA930(Paged< 0:872000> NA NA Paged< 0:872000> NA NA ) Resident: 0 User stack base: 0x01AD0000(621000 ) User stack Limit: 0x01ACF000 + 428 JogServ2.exe Source: from_active_process_list Eprocess Block: 0xFF172C40 (0x58cbc24) CreateTime: 0x1c569664592f100 2005-06-05 00:34:02Z SecurityDescriptor: 0xE1ED4B18(7911b18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;0x100201;;;SY) Session: 0x0 DirectoryTableBase: 0x5a23000 Process Environment Block: 0x7FFDF000 (5a1f000) Loader module block: 0x00131E90 (5a1f00c) Command Line: C:\PROGRA~1\Sony\JOGDIA~1\JogServ2.exe -Embedding Section: 0xE1DCD930 (0x5180930) Section Base Address: 0x00400000 (2d41000) SectionBasedAddress: 0x09987428 ) SizeOfSegment: 0x151000 SectionFileName: \Program Files\Sony\Jog Dial Utility\JogServ2.exe 0xe1e329a8 (0x55959a8) Handle Table: 0xFF1B6468 (0x5425468) Count: 89 TableCode: 0xE1FE4000 Process exiting: 0 VAD Root: 0xFF144448(306448) Private: 590 Modified: 9 Locked: 0 AccessToken: 0xE1FE2910(5932910) SecurityDescriptor: 0xE1FCEE18(31c8e18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;DCLCSWWPDTLORC;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;SW;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,17528} ParentToken ID: {0,0} Modified ID: {0,1a5c2} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x00551000 (2d41000) JogServ2.exe C:\PROGRA~1\Sony\JOGDIA~1\JogServ2.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000205D8 BaseDllName address: 0x00131F10 FullDllName physical address: 5b085d8 BaseDllName physical address: 5b73f10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F88 BaseDllName address: 0x00131FAC FullDllName physical address: 5b73f88 BaseDllName physical address: 5b73fac 0x77820000 0x77827000 (3327000) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x00132400 FullDllName physical address: 5a54420 BaseDllName physical address: 5a54400 0x77E80000 0x77F35000 (3234000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324E0 BaseDllName address: 0x001324B8 FullDllName physical address: 5a544e0 BaseDllName physical address: 5a544b8 0x759B0000 0x759B6000 (3218000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132598 BaseDllName address: 0x00132578 FullDllName physical address: 5a54598 BaseDllName physical address: 5a54578 0x77E10000 0x77E74000 (3382000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132648 BaseDllName address: 0x00132628 FullDllName physical address: 5a54648 BaseDllName physical address: 5a54628 0x77F40000 0x77F7C000 (31f2000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132700 BaseDllName address: 0x001326E0 FullDllName physical address: 5a54700 BaseDllName physical address: 5a546e0 0x77570000 0x775A0000 (5654000) WINMM.dll C:\WINNT\system32\WINMM.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327B0 BaseDllName address: 0x00132790 FullDllName physical address: 5a547b0 BaseDllName physical address: 5a54790 0x77DB0000 0x77E0A000 (1) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132BE8 BaseDllName address: 0x00132BC0 FullDllName physical address: 5a54be8 BaseDllName physical address: 5a54bc0 0x77D40000 0x77DB0000 (1) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132CA0 BaseDllName address: 0x00132C80 FullDllName physical address: 5a54ca0 BaseDllName physical address: 5a54c80 0x10000000 0x10009000 (2e83000) SeTimer.dll C:\PROGRA~1\Sony\JOGDIA~1\SeTimer.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132F20 BaseDllName address: 0x00132D50 FullDllName physical address: 5a54f20 BaseDllName physical address: 5a54d50 0x6C370000 0x6C462000 (2df6000) MFC42.DLL C:\WINNT\system32\MFC42.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132FE8 BaseDllName address: 0x00132FC8 FullDllName physical address: 5a1e000 BaseDllName physical address: 5a54fc8 0x78000000 0x78046000 (335c000) MSVCRT.dll C:\WINNT\system32\MSVCRT.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132D70 BaseDllName address: 0x00133078 FullDllName physical address: 5a54d70 BaseDllName physical address: 5a1e078 0x00230000 0x0024B000 (2efa000) SeCommon.dll C:\PROGRA~1\Sony\JOGDIA~1\SeCommon.dll Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133158 BaseDllName address: 0x001330E8 FullDllName physical address: 5a1e158 BaseDllName physical address: 5a1e0e8 0x69800000 0x69A42000 (328f000) SHELL32.dll C:\WINNT\system32\SHELL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133110 BaseDllName address: 0x00133200 FullDllName physical address: 5a1e110 BaseDllName physical address: 5a1e200 0x77C70000 0x77CBA000 (331a000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133290 BaseDllName address: 0x00133270 FullDllName physical address: 5a1e290 BaseDllName physical address: 5a1e270 0x77B50000 0x77BD9000 (336b000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133350 BaseDllName address: 0x00133328 FullDllName physical address: 5a1e350 BaseDllName physical address: 5a1e328 0x77A50000 0x77B45000 (3269000) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133408 BaseDllName address: 0x001333E8 FullDllName physical address: 5a1e408 BaseDllName physical address: 5a1e3e8 0x00250000 0x00267000 (2fb9000) PnPEvent.dll C:\PROGRA~1\Sony\JOGDIA~1\PnPEvent.dll Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133508 BaseDllName address: 0x00133498 FullDllName physical address: 5a1e508 BaseDllName physical address: 5a1e498 0x779B0000 0x77A45000 (1) OLEAUT32.dll C:\WINNT\system32\OLEAUT32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001334C0 BaseDllName address: 0x001335B0 FullDllName physical address: 5a1e4c0 BaseDllName physical address: 5a1e5b0 0x5FD00000 0x5FD0D000 (6da7000) MFC42LOC.DLL C:\WINNT\System32\MFC42LOC.DLL Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001379C0 BaseDllName address: 0x00134090 FullDllName physical address: 581d9c0 BaseDllName physical address: 5a92090 0x00980000 0x00B11000 (4339000) SeLocale.DLL C:\PROGRA~1\Sony\JOGDIA~1\SeLocale.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00137E40 BaseDllName address: 0x00137D20 FullDllName physical address: 581de40 BaseDllName physical address: 581dd20 0x691D0000 0x69255000 (5bc0000) CLBCATQ.DLL C:\WINNT\system32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00140990 BaseDllName address: 0x00140970 FullDllName physical address: 64c9990 BaseDllName physical address: 64c9970 0x01140000 0x012CD000 (2d32000) UILib.dll C:\PROGRA~1\COMMON~1\SONYSH~1\UILIBR~1\UILib.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001442E0 BaseDllName address: 0x00144350 FullDllName physical address: 30692e0 BaseDllName physical address: 3069350 0x77800000 0x7781D000 (66f5000) WINSPOOL.DRV C:\WINNT\system32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x001443E8 BaseDllName address: 0x001443C0 FullDllName physical address: 30693e8 BaseDllName physical address: 30693c0 0x012E0000 0x01367000 (7302000) gold.dll C:\Program Files\Common Files\Sony Shared\UILibrary\Tastes\gold.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00146B80 BaseDllName address: 0x00146AE0 FullDllName physical address: 7196b80 BaseDllName physical address: 7196ae0 0x01490000 0x01561000 (25e7000) JogLocale.dll C:\PROGRA~1\Sony\JOGDIA~1\JogLocale.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014A258 BaseDllName address: 0x00146C28 FullDllName physical address: 21df258 BaseDllName physical address: 7196c28 0x01670000 0x0167E000 (316000) SnyUtils.dll C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014AC80 BaseDllName address: 0x0014AD18 FullDllName physical address: 21dfc80 BaseDllName physical address: 21dfd18 0x77880000 0x7790D000 (56e6000) SETUPAPI.dll C:\WINNT\system32\SETUPAPI.dll Flags: 0x84006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00146A98 BaseDllName address: 0x0014AD40 FullDllName physical address: 7196a98 BaseDllName physical address: 21dfd40 0x77C10000 0x77C6D000 (5006000) USERENV.DLL C:\WINNT\system32\USERENV.DLL Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0014ADB8 BaseDllName address: 0x00147600 FullDllName physical address: 21dfdb8 BaseDllName physical address: 19fc600 0x01680000 0x0169E000 (e85000) sxbios.dll C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014AA78 BaseDllName address: 0x00132180 FullDllName physical address: 21dfa78 BaseDllName physical address: 5a54180 0x766F0000 0x766F7000 (79c4000) powrprof.dll C:\WINNT\System32\powrprof.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014B558 BaseDllName address: 0x00137FE8 FullDllName physical address: 77f1558 BaseDllName physical address: 581dfe8 0x018B0000 0x018BA000 (230000) WMHook.dll C:\PROGRA~1\Sony\JOGDIA~1\WMHook.dll Flags: 0x284004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00157EB0 BaseDllName address: 0x0014B7E8 FullDllName physical address: 1b8eeb0 BaseDllName physical address: 77f17e8 0x019D0000 0x01A0C000 (5f23000) GUIPlugInCJ.dll C:\Program Files\Sony\Jog GUI PlugIn CJ\GUIPlugInCJ.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014A8B0 BaseDllName address: 0x0014B988 FullDllName physical address: 21df8b0 BaseDllName physical address: 77f1988 0x01D60000 0x01D6C000 (659d000) EzAuto.dll C:\Program Files\Apoint\EzAuto.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014F330 BaseDllName address: 0x00158FD8 FullDllName physical address: aa9330 BaseDllName physical address: 3e72fd8 0x01E80000 0x01E9A000 (5807000) Apoint.DLL C:\Program Files\Apoint\Apoint.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014F4E0 BaseDllName address: 0x001492C0 FullDllName physical address: aa94e0 BaseDllName physical address: 218a2c0 0x76B30000 0x76B6E000 (3281000) comdlg32.dll C:\WINNT\system32\comdlg32.dll Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014B9B0 BaseDllName address: 0x0014AAF8 FullDllName physical address: 77f19b0 BaseDllName physical address: 21dfaf8 0x01EA0000 0x01EAA000 (642000) Vxdif.dll C:\WINNT\system32\Vxdif.dll Flags: 0x284006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001438D8 BaseDllName address: 0x00141A30 FullDllName physical address: 643e8d8 BaseDllName physical address: 63b4a30 Thread List Head: 0xFF172C90 THREAD: 0xFF172860 (0x58cb860) Cid: 428.424 CreateTime: 0x1c569664592f100 2005-06-05 00:34:02Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(5ae5000) ThreadsProcess: 0xFF172C40 JogServ2.exe Priority: 11 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1FE2DC8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF1728BC Contents: FCDFF3FC:FF18861C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1728CC(58cb8cc) PostBlockList: 0xE12B4630:E1EDC290 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x0043F6C8 C:\PROGRA~1\Sony\JOGDIA~1\JogServ2.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8664000 Stack Limit: 0xF865E000 Kernel Stack: 0xF8663C20(5abd000 5b5b000 5ada000 5a7e000 b0e000 5805000 5abd000 5b5b000 5ada000 5a7e000 b0e000 5805000 ) Resident: 1 User stack base: 0x00130000(5a4a000 5a91000 6dd9000 99a000 70fb000 1942000 1963000 ) User stack Limit: 0x00129000 THREAD: 0xFF1468C0 (0x2658c0) Cid: 428.474 CreateTime: 0x1c56966499a6490 2005-06-05 00:34:09Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDB000(17f000) ThreadsProcess: 0xFF172C40 JogServ2.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF14691C Contents: FF1EA17C:FF18861C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF14692C(26592c) PostBlockList: 0xFF146A84:FF146A84 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x01674420 C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF80EB000 Stack Limit: 0xF80E8000 Kernel Stack: 0xF80EACA0(199e000 3fd000 37c000 199e000 3fd000 37c000 ) Resident: 1 User stack base: 0x018B0000(2b68000 ) User stack Limit: 0x018AF000 THREAD: 0xFF225020 (0x9be020) Cid: 428.2e8 CreateTime: 0x1c5696724c33cd0 2005-06-05 00:40:16Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDC000(43a6000) ThreadsProcess: 0xFF172C40 JogServ2.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF22507C Contents: FF19819C:FF27BD3C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF22508C(9be08c) PostBlockList: 0xFF2251E4:FF2251E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7CEB000 Stack Limit: 0xF7CE8000 Kernel Stack: 0xF7CEAC48(Paged< 0:a30000> NA NA Paged< 0:a30000> NA NA ) Resident: 0 User stack base: 0x020C0000(647000 ) User stack Limit: 0x020BF000 THREAD: 0xFF10E680 (0x6b57680) Cid: 428.308 CreateTime: 0x1c569de608827e0 2005-06-05 14:53:47Z ExitTime: 1c569de608827e0 2005-06-05 14:53:52Z SecurityDescriptor: (null) Teb: 0x00000000(0) ThreadsProcess: 0xFF172C40 JogServ2.exe Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF10E6DC Contents: FF0E72DC:8047F7D0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF10E734(6b57734) PostBlockList: 0xFF10E844:FF10E844 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x78002432 C:\WINNT\system32\MSVCRT.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0x00000000 Stack Limit: 0xF77DB000 Kernel Stack: 0xF77DEC48() Resident: 1 Terminated: Yes + 430 Apntex.exe Source: from_active_process_list Eprocess Block: 0xFF171B20 (0x5a59b04) CreateTime: 0x1c5696645b180c0 2005-06-05 00:34:02Z SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x5d0c000 Process Environment Block: 0x7FFDF000 (5c92000) Loader module block: 0x00131E90 (5c9200c) Command Line: "Apntex.exe" Section: 0xE1F8BBF0 (0x441ebf0) Section Base Address: 0x00400000 (567f000) SectionBasedAddress: 0x09AD3C38 ) SizeOfSegment: 0x8000 SectionFileName: \Program Files\Apoint\Apntex.exe 0xe1f6ea28 (0x1bcea28) Handle Table: 0xFF185F88 (0x2ddbf88) Count: 24 TableCode: 0xE1FE6000 Process exiting: 0 VAD Root: 0xFF174868(448f868) Private: 88 Modified: 0 Locked: 0 AccessToken: 0xE1FE5AB0(5936ab0) SecurityDescriptor: 0xE1EB2778(9a4778) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,17692} ParentToken ID: {0,0} Modified ID: {0,d4c8} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x00408000 (567f000) Apntex.exe C:\Program Files\Apoint\Apntex.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00020588 BaseDllName address: 0x00131F10 FullDllName physical address: 5d7d588 BaseDllName physical address: 5bcaf10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 5bcaf80 BaseDllName physical address: 5bcafa4 0x77E80000 0x77F35000 (3234000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x001323F8 FullDllName physical address: 5b0b420 BaseDllName physical address: 5b0b3f8 0x77E10000 0x77E74000 (3382000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324F0 BaseDllName address: 0x001324D0 FullDllName physical address: 5b0b4f0 BaseDllName physical address: 5b0b4d0 0x77F40000 0x77F7C000 (31f2000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001325A8 BaseDllName address: 0x00132588 FullDllName physical address: 5b0b5a8 BaseDllName physical address: 5b0b588 0x10000000 0x1000A000 (642000) VXDIF.DLL C:\WINNT\System32\VXDIF.DLL Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00133548 BaseDllName address: 0x00133588 FullDllName physical address: 5b6e548 BaseDllName physical address: 5b6e588 0x77DB0000 0x77E0A000 (3210000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x001335F8 BaseDllName address: 0x00133038 FullDllName physical address: 5b6e5f8 BaseDllName physical address: 5b6e038 0x77D40000 0x77DB0000 (32dd000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001336B0 BaseDllName address: 0x00133690 FullDllName physical address: 5b6e6b0 BaseDllName physical address: 5b6e690 0x009C0000 0x009CA000 (230000) WMHook.dll C:\PROGRA~1\Sony\JOGDIA~1\WMHook.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00134C40 BaseDllName address: 0x00134C98 FullDllName physical address: 5c12c40 BaseDllName physical address: 5c12c98 Thread List Head: 0xFF171B70 THREAD: 0xFF1718A0 (0x5a598a0) Cid: 430.42c CreateTime: 0x1c5696645b180c0 2005-06-05 00:34:02Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(5d94000) ThreadsProcess: 0xFF171B20 Apntex.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1FDB328 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF1718FC Contents: FF18A4BC:FF24507C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF17190C(5a5990c) PostBlockList: 0xFF171A64:FF171A64 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x004014E0 C:\Program Files\Apoint\Apntex.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7D4B000 Stack Limit: 0xF7D47000 Kernel Stack: 0xF7D4AC20(Paged< 0:a14000> NA NA NA Paged< 0:a14000> NA NA NA ) Resident: 0 User stack base: 0x00130000(57e7000 5b4d000 ) User stack Limit: 0x0012E000 THREAD: 0xFF174900 (0x448f900) Cid: 430.360 CreateTime: 0x1c5696645b307f0 2005-06-05 00:34:02Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(5c34000) ThreadsProcess: 0xFF171B20 Apntex.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1FAE3E8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF17495C Contents: FF29077C:FF29F63C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF17496C(448f96c) PostBlockList: 0xFF174AC4:FF174AC4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x004011E0 C:\Program Files\Apoint\Apntex.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7857000 Stack Limit: 0xF7854000 Kernel Stack: 0xF7856CA0(2ee6000 NA NA 2ee6000 NA NA ) Resident: 0 User stack base: 0x009B0000(5dbd000 5dfe000 ) User stack Limit: 0x009AE000 + 434 cmd.exe Source: from_active_process_list Eprocess Block: 0xFF191C40 (0x2138c24) CreateTime: 0x1c5696672df82f0 2005-06-05 00:35:18Z SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x575e000 Process Environment Block: 0x7FFDF000 (72ff000) Loader module block: 0x00131E90 (72ff00c) Command Line: "C:\WINNT\System32\cmd.exe" Section: 0xE12F33B0 (0x19bf3b0) Section Base Address: 0x4AD00000 (629d000) SectionBasedAddress: 0x09CB3C38 ) SizeOfSegment: 0x48000 SectionFileName: \WINNT\System32\cmd.exe 0xe1f298a8 (0xe6f8a8) Handle Table: 0xFF1490E8 (0xeb20e8) Count: 22 TableCode: 0xE1E2C000 Process exiting: 0 VAD Root: 0xFF150988(c95988) Private: 70 Modified: 0 Locked: 0 AccessToken: 0xE1F51030(1d05030) SecurityDescriptor: 0xE1EB2778(9a4778) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,1cc60} ParentToken ID: {0,0} Modified ID: {0,11d67} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x4AD00000 0x4AD48000 (629d000) cmd.exe C:\WINNT\System32\cmd.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00131F10 FullDllName physical address: 71c357c BaseDllName physical address: 4468f10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F78 BaseDllName address: 0x00131F9C FullDllName physical address: 4468f78 BaseDllName physical address: 4468f9c 0x77E80000 0x77F35000 (3234000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132418 BaseDllName address: 0x001323F0 FullDllName physical address: 6589418 BaseDllName physical address: 65893f0 0x77E10000 0x77E74000 (3382000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324D0 BaseDllName address: 0x001324B0 FullDllName physical address: 65894d0 BaseDllName physical address: 65894b0 0x77F40000 0x77F7C000 (31f2000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132588 BaseDllName address: 0x00132568 FullDllName physical address: 6589588 BaseDllName physical address: 6589568 0x77DB0000 0x77E0A000 (3210000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132640 BaseDllName address: 0x00132618 FullDllName physical address: 6589640 BaseDllName physical address: 6589618 0x77D40000 0x77DB0000 (32dd000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001326F8 BaseDllName address: 0x001326D8 FullDllName physical address: 65896f8 BaseDllName physical address: 65896d8 0x78000000 0x78046000 (335c000) MSVCRT.dll C:\WINNT\system32\MSVCRT.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327B0 BaseDllName address: 0x00132790 FullDllName physical address: 65897b0 BaseDllName physical address: 6589790 Thread List Head: 0xFF191C90 THREAD: 0xFF28E020 (0x57a0020) Cid: 434.394 CreateTime: 0x1c5696672df82f0 2005-06-05 00:35:18Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(63c4000) ThreadsProcess: 0xFF191C40 cmd.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1BF4A68 Wait:(WrLpcReply) UserMode Non-Alertable WaitListHead: 0xFF28E07C Contents: FF170D1C:FF1B661C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28E08C(57a008c) PostBlockList: 0xFF28E1E4:FF28E1E4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x4AD1A420 C:\WINNT\System32\cmd.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7BA8000 Stack Limit: 0xF7BA5000 Kernel Stack: 0xF7BA7C18(Paged< 0:86d000> NA NA Paged< 0:86d000> NA NA ) Resident: 0 User stack base: 0x00130000(4605000 2eac000 f1c000 ) User stack Limit: 0x0012D000 + 29c UMGR32.EXE Source: from_active_process_list Eprocess Block: 0xFF15B020 (0x95f004) CreateTime: 0x1c56969385796d0 2005-06-05 00:55:08Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x75a7000 Process Environment Block: 0x7FFDF000 (532f000) Loader module block: 0x00131E90 (532f00c) Command Line: Section: 0xE12BE190 (0x18f5190) Section Base Address: 0x03140000 () SectionBasedAddress: 0x08B34C28 ) SizeOfSegment: 0x26000 SectionFileName: \WINNT\System32\UMGR32.EXE 0xe1bf45a8 (0x93e5a8) Handle Table: 0xFF289E08 (0x58c3e08) Count: 164 TableCode: 0xE2057000 Process exiting: 0 VAD Root: 0xFF1E6488(766488) Private: 332 Modified: 93 Locked: 0 AccessToken: 0xE1EA6290(6d81290) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,1fef8} ParentToken ID: {0,0} Modified ID: {0,200c5} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege Enabled 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege Enabled 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege Enabled 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled Thread List Head: 0xFF15B070 THREAD: 0xFF12C020 (0x5abe020) Cid: 29c.1a8 CreateTime: 0x1c56969385796d0 2005-06-05 00:55:08Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(6b94000) ThreadsProcess: 0xFF15B020 UMGR32.EXE Priority: 1 Base Priority: 1 Priority decrement: 0 Win32Thread: 0xE1E07D88 Ready WaitListHead: 0xFF12C07C Contents: 8047F788:8047F788 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF12C0D4(5abe0d4) PostBlockList: 0xE1BE6B10:E1BD72D0 Queue: 0x00000000 Start Address: 0x77E99264 Win32 Start Address: 0x03145232 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7D6B000 Stack Limit: 0xF7D68000 Kernel Stack: 0xF7D6ACC4(7381000 897000 4398000 7381000 897000 4398000 ) Resident: 1 User stack base: 0x00130000(73f5000 73e000 Paged< 0:b89000> 868000 3f17000 7cb8000 2699000 1c9a000 321b000 7cdc000 ) User stack Limit: 0x00126000 THREAD: 0xFF1577C0 (0xc3e7c0) Cid: 29c.390 CreateTime: 0x1c5696941b52400 2005-06-05 00:55:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(e2c000) ThreadsProcess: 0xFF15B020 UMGR32.EXE Priority: 4 Base Priority: 4 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF15781C Contents: FF1760DC:FF1895DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF12B088(5aff088) PostBlockList: 0xFF157984:FF157984 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x778321FE Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7AFB000 Stack Limit: 0xF7AF8000 Kernel Stack: 0xF7AFA930(Paged< 0:870000> NA NA Paged< 0:870000> NA NA ) Resident: 0 User stack base: 0x01370000(70dd000 ) User stack Limit: 0x0136F000 + 250 dfrws2005.exe Source: from_active_process_list Eprocess Block: 0xFF191640 (0x2138624) CreateTime: 0x1c5696a6185ff0 2005-06-05 01:00:53Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x3e02000 Process Environment Block: 0x7FFDF000 (1) Loader module block: 0x00000000 Command Line: Section: 0xE1C07B30 (0x18adb30) Section Base Address: 0x00400000 () SectionBasedAddress: 0x09545C30 ) SizeOfSegment: 0x88000 SectionFileName: \winnt\system32\dfrws2005.exe 0xe20854a8 (0x6cc64a8) Handle Table: 0xFF15E168 (0x7c1b168) Count: 35 TableCode: 0xE2093000 Process exiting: 0 VAD Root: 0xFF21A7A8(ac67a8) Private: 244 Modified: 35 Locked: 0 AccessToken: 0xE100DE10(1610e10) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,21df0} ParentToken ID: {0,0} Modified ID: {0,6319} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled Thread List Head: 0xFF191690 THREAD: 0xFF17B980 (0x2dc3980) Cid: 250.134 CreateTime: 0x1c5696a6185ff0 2005-06-05 01:00:53Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(0) ThreadsProcess: 0xFF191640 dfrws2005.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EAE4E8 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF17B9DC Contents: FCC94DBC:FF248B7C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF17B9EC(2dc39ec) PostBlockList: 0xFF17BB44:FF17BB44 Queue: 0x00000000 Start Address: 0x77E99264 Win32 Start Address: 0x0040EAFC Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7837000 Stack Limit: 0xF7833000 Kernel Stack: 0xF7836BFC(Paged< 0:864000> NA NA NA Paged< 0:864000> NA NA NA ) Resident: 0 THREAD: 0xFF170CC0 (0x611ecc0) Cid: 250.1e4 CreateTime: 0x1c5696a61b6e50 2005-06-05 01:00:53Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(5cc5000) ThreadsProcess: 0xFF191640 dfrws2005.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF170D1C Contents: FF15937C:FF28E07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF170D2C(611ed2c) PostBlockList: 0xFF170E84:FF170E84 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x77DC5AB7 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FC5000 Stack Limit: 0xF7FC2000 Kernel Stack: 0xF7FC4CA0(Paged< 0:86c000> NA NA Paged< 0:86c000> NA NA ) Resident: 0 User stack base: 0x00BA0000(22ba000 3fad000 NA NA ) User stack Limit: 0x00B9C000 + 448 nc.exe Source: from_active_process_list Eprocess Block: 0xFF16E3C0 (0x625d3a4) CreateTime: 0x1c5696a664c750 2005-06-05 01:00:54Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x600d000 Process Environment Block: 0x7FFDF000 (b43000) Loader module block: 0x00131E90 (b4300c) Command Line: "c:\winnt\system32\nc.exe" -L -p 3000 -t -e cmd.exe Section: 0xE1E2B4D0 (0x55144d0) Section Base Address: 0x00400000 (1a4b000) SectionBasedAddress: 0x095904A8 ) SizeOfSegment: 0x13000 SectionFileName: \winnt\system32\nc.exe 0xe1e9de48 (0x6971e48) Handle Table: 0xFF15D528 (0xa0f528) Count: 96 TableCode: 0xE2095000 Process exiting: 0 VAD Root: 0xFF1CB1C8(ae91c8) Private: 190 Modified: 0 Locked: 0 AccessToken: 0xE1F138D0(b1d8d0) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,2209c} ParentToken ID: {0,0} Modified ID: {0,6319} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled 0x00400000 0x00413000 (1a4b000) nc.exe c:\winnt\system32\nc.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00131F10 FullDllName physical address: 1dc57c BaseDllName physical address: 3c19f10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F78 BaseDllName address: 0x00131F9C FullDllName physical address: 3c19f78 BaseDllName physical address: 3c19f9c 0x77E80000 0x77F35000 (3234000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132418 BaseDllName address: 0x001323F0 FullDllName physical address: a1a418 BaseDllName physical address: a1a3f0 0x75050000 0x75058000 (503c000) WSOCK32.dll c:\winnt\system32\WSOCK32.dll Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324E8 BaseDllName address: 0x001324C8 FullDllName physical address: a1a4e8 BaseDllName physical address: a1a4c8 0x75030000 0x75044000 (5085000) WS2_32.DLL c:\winnt\system32\WS2_32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001328C8 BaseDllName address: 0x001328A8 FullDllName physical address: a1a8c8 BaseDllName physical address: a1a8a8 0x78000000 0x78046000 (335c000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132980 BaseDllName address: 0x00132960 FullDllName physical address: a1a980 BaseDllName physical address: a1a960 0x77DB0000 0x77E0A000 (3210000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132A40 BaseDllName address: 0x00132A18 FullDllName physical address: a1aa40 BaseDllName physical address: a1aa18 0x77D40000 0x77DB0000 (32dd000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132AF8 BaseDllName address: 0x00132AD8 FullDllName physical address: a1aaf8 BaseDllName physical address: a1aad8 0x75020000 0x75028000 (5066000) WS2HELP.DLL c:\winnt\system32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132BB0 BaseDllName address: 0x00132B90 FullDllName physical address: a1abb0 BaseDllName physical address: a1ab90 0x78280000 0x7828C000 (5e1f000) rnr20.dll C:\WINNT\System32\rnr20.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013A2C8 BaseDllName address: 0x00132C48 FullDllName physical address: 79382c8 BaseDllName physical address: a1ac48 0x77E10000 0x77E74000 (3382000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0x46 TlsIndex: 0 FullDllName virtual address: 0x0013A280 BaseDllName address: 0x0013A358 FullDllName physical address: 7938280 BaseDllName physical address: 7938358 0x77F40000 0x77F7C000 (31f2000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0x22 TlsIndex: 0 FullDllName virtual address: 0x0013A3E8 BaseDllName address: 0x0013A3C8 FullDllName physical address: 79383e8 BaseDllName physical address: 79383c8 0x77980000 0x779A4000 (505b000) DNSAPI.DLL c:\winnt\system32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x0013A498 BaseDllName address: 0x0013A478 FullDllName physical address: 7938498 BaseDllName physical address: 7938478 0x777E0000 0x777E8000 (5eaf000) winrnr.dll C:\WINNT\System32\winrnr.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013DD20 BaseDllName address: 0x0013CB78 FullDllName physical address: 3e88d20 BaseDllName physical address: e8db78 0x77950000 0x77979000 (3349000) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x0013DD68 BaseDllName address: 0x0013DC80 FullDllName physical address: 3e88d68 BaseDllName physical address: 3e88c80 0x777F0000 0x777F5000 (5e3f000) rasadhlp.dll c:\winnt\system32\rasadhlp.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013E070 BaseDllName address: 0x0013DC58 FullDllName physical address: 830070 BaseDllName physical address: 3e88c58 0x77830000 0x7783E000 (5a72000) RTUTILS.DLL c:\winnt\system32\RTUTILS.DLL Flags: 0xc4004 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0013E1A8 BaseDllName address: 0x0013CCC8 FullDllName physical address: 8301a8 BaseDllName physical address: e8dcc8 0x74FD0000 0x74FED000 (5bd8000) msafd.dll C:\WINNT\system32\msafd.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0013DC18 BaseDllName address: 0x0013EA90 FullDllName physical address: 3e88c18 BaseDllName physical address: 830a90 0x77340000 0x77353000 (5a70000) IPHLPAPI.DLL c:\winnt\system32\IPHLPAPI.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x00138310 BaseDllName address: 0x0013DBC8 FullDllName physical address: 352310 BaseDllName physical address: 3e88bc8 0x77520000 0x77525000 (5a0c000) ICMP.DLL c:\winnt\system32\ICMP.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0013CBC0 BaseDllName address: 0x0013EB50 FullDllName physical address: e8dbc0 BaseDllName physical address: 830b50 0x77320000 0x77337000 (5a5f000) MPRAPI.DLL c:\winnt\system32\MPRAPI.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0013ECE0 BaseDllName address: 0x0013ECC0 FullDllName physical address: 830ce0 BaseDllName physical address: 830cc0 0x75150000 0x7515F000 (503b000) SAMLIB.DLL c:\winnt\system32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0013ED98 BaseDllName address: 0x0013ED78 FullDllName physical address: 830d98 BaseDllName physical address: 830d78 0x75170000 0x751BF000 (5046000) NETAPI32.DLL c:\winnt\system32\NETAPI32.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0013EE30 BaseDllName address: 0x0013DBA0 FullDllName physical address: 830e30 BaseDllName physical address: 3e88ba0 0x77BE0000 0x77BEF000 (4fda000) SECUR32.DLL c:\winnt\system32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x0013EEE8 BaseDllName address: 0x0013EEC8 FullDllName physical address: 830ee8 BaseDllName physical address: 830ec8 0x751C0000 0x751C6000 (5028000) NETRAP.DLL c:\winnt\system32\NETRAP.DLL Flags: 0x4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0013EFA0 BaseDllName address: 0x0013EF80 FullDllName physical address: 830fa0 BaseDllName physical address: 830f80 0x77A50000 0x77B45000 (3269000) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84006 LoadCount: 0xe TlsIndex: 0 FullDllName virtual address: 0x0013F058 BaseDllName address: 0x0013F038 FullDllName physical address: 759e058 BaseDllName physical address: 759e038 0x779B0000 0x77A45000 (325a000) OLEAUT32.DLL C:\WINNT\system32\OLEAUT32.DLL Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x0013F0E8 BaseDllName address: 0x0013CB50 FullDllName physical address: 759e0e8 BaseDllName physical address: e8db50 0x773B0000 0x773DE000 (59f8000) ACTIVEDS.DLL c:\winnt\system32\ACTIVEDS.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0013F1A8 BaseDllName address: 0x0013F180 FullDllName physical address: 759e1a8 BaseDllName physical address: 759e180 0x77380000 0x773A2000 (5a19000) ADSLDPC.DLL c:\winnt\system32\ADSLDPC.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0013F260 BaseDllName address: 0x0013F240 FullDllName physical address: 759e260 BaseDllName physical address: 759e240 0x77880000 0x7790D000 (56e6000) SETUPAPI.DLL c:\winnt\system32\SETUPAPI.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0013F320 BaseDllName address: 0x0013F2F8 FullDllName physical address: 759e320 BaseDllName physical address: 759e2f8 0x77C10000 0x77C6D000 (5006000) USERENV.DLL c:\winnt\system32\USERENV.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0013F3D8 BaseDllName address: 0x0013F3B8 FullDllName physical address: 759e3d8 BaseDllName physical address: 759e3b8 0x774E0000 0x77512000 (5a7d000) RASAPI32.DLL c:\winnt\system32\RASAPI32.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0013F498 BaseDllName address: 0x0013F470 FullDllName physical address: 759e498 BaseDllName physical address: 759e470 0x774C0000 0x774D1000 (5aae000) RASMAN.DLL c:\winnt\system32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0013F550 BaseDllName address: 0x0013F530 FullDllName physical address: 759e550 BaseDllName physical address: 759e530 0x77530000 0x77552000 (5a9c000) TAPI32.DLL c:\winnt\system32\TAPI32.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0013F608 BaseDllName address: 0x0013F5E8 FullDllName physical address: 759e608 BaseDllName physical address: 759e5e8 0x77B50000 0x77BD9000 (336b000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0013F6C8 BaseDllName address: 0x0013F6A0 FullDllName physical address: 759e6c8 BaseDllName physical address: 759e6a0 0x77C70000 0x77CBA000 (331a000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0013F780 BaseDllName address: 0x0013F760 FullDllName physical address: 759e780 BaseDllName physical address: 759e760 0x77360000 0x77379000 (5978000) DHCPCSVC.DLL c:\winnt\system32\DHCPCSVC.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0013F840 BaseDllName address: 0x0013F818 FullDllName physical address: 759e840 BaseDllName physical address: 759e818 0x691D0000 0x69255000 (5bc0000) CLBCATQ.DLL c:\winnt\system32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013F9D0 BaseDllName address: 0x0013F9B0 FullDllName physical address: 759e9d0 BaseDllName physical address: 759e9b0 0x75010000 0x75017000 (5df3000) wshtcpip.dll C:\WINNT\System32\wshtcpip.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00132180 BaseDllName address: 0x00144798 FullDllName physical address: a1a180 BaseDllName physical address: 79798 Thread List Head: 0xFF16E410 THREAD: 0xFF264D60 (0x62d3d60) Cid: 448.36c CreateTime: 0x1c5696a664c750 2005-06-05 01:00:54Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(17c000) ThreadsProcess: 0xFF16E3C0 nc.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1BE68A8 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF264DBC Contents: FF27807C:FF1DDBBC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF264DCC(62d3dcc) PostBlockList: 0xE1ECF290:E131D9F0 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x00404C00 c:\winnt\system32\nc.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7DBB000 Stack Limit: 0xF7DB8000 Kernel Stack: 0xF7DBACA0(Paged< 0:87c000> NA NA Paged< 0:87c000> NA NA ) Resident: 0 User stack base: 0x00130000(276c000 75a000 713c000 706c000 f8d000 3f8e000 798f000 15b0000 151000 ) User stack Limit: 0x00127000 THREAD: 0xFF159320 (0x1f1320) Cid: 448.400 CreateTime: 0x1c5696a66df270 2005-06-05 01:00:54Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(13b000) ThreadsProcess: 0xFF16E3C0 nc.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF15937C Contents: FF1329DC:FF170D1C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF134008(3d67008) PostBlockList: 0xFF1594E4:FF1594E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x778321FE c:\winnt\system32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF803F000 Stack Limit: 0xF803C000 Kernel Stack: 0xF803E930(Paged< 0:86b000> NA NA Paged< 0:86b000> NA NA ) Resident: 0 User stack base: 0x00B00000(549000 ) User stack Limit: 0x00AFF000 + 144 helix.exe Source: from_active_process_list Eprocess Block: 0xFF144020 (0x306004) CreateTime: 0x1c569d82f089020 2005-06-05 14:09:27Z SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x6f53000 Process Environment Block: 0x7FFDF000 (c1b000) Loader module block: 0x00131E90 (c1b00c) Command Line: E:\helix.exe Section: 0xE20FF2B0 (0x42842b0) Section Base Address: 0x00400000 (7a52000) SectionBasedAddress: 0x0A0E2CB8 ) SizeOfSegment: 0x26b000 SectionFileName: \helix.exe 0xe21c2b88 (0x2136b88) Handle Table: 0xFF242148 (0x697f148) Count: 212 TableCode: 0xE2088000 Process exiting: 0 VAD Root: 0xFF15C428(b14428) Private: 6760 Modified: 20904 Locked: 5 AccessToken: 0xE22294B0(6f5a4b0) SecurityDescriptor: 0xE1EB2778(9a4778) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,27503c} ParentToken ID: {0,0} Modified ID: {0,11d67} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x0066B000 (7a52000) helix.exe E:\helix.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00020560 BaseDllName address: 0x00131F10 FullDllName physical address: 719f560 BaseDllName physical address: 6e4cf10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 6e4cf80 BaseDllName physical address: 6e4cfa4 0x77E80000 0x77F35000 (3234000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x001323F8 FullDllName physical address: 3fed420 BaseDllName physical address: 3fed3f8 0x77DB0000 0x77E0A000 (3210000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324E0 BaseDllName address: 0x001324B8 FullDllName physical address: 3fed4e0 BaseDllName physical address: 3fed4b8 0x77D40000 0x77DB0000 (32dd000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132598 BaseDllName address: 0x00132578 FullDllName physical address: 3fed598 BaseDllName physical address: 3fed578 0x77B50000 0x77BD9000 (336b000) COMCTL32.dll C:\WINNT\system32\COMCTL32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132658 BaseDllName address: 0x00132630 FullDllName physical address: 3fed658 BaseDllName physical address: 3fed630 0x77F40000 0x77F7C000 (31f2000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132710 BaseDllName address: 0x001326F0 FullDllName physical address: 3fed710 BaseDllName physical address: 3fed6f0 0x77E10000 0x77E74000 (3382000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327C0 BaseDllName address: 0x001327A0 FullDllName physical address: 3fed7c0 BaseDllName physical address: 3fed7a0 0x76B30000 0x76B6E000 (3281000) comdlg32.dll C:\WINNT\system32\comdlg32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132880 BaseDllName address: 0x00132858 FullDllName physical address: 3fed880 BaseDllName physical address: 3fed858 0x77C70000 0x77CBA000 (331a000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132938 BaseDllName address: 0x00132918 FullDllName physical address: 3fed938 BaseDllName physical address: 3fed918 0x69800000 0x69A42000 (328f000) SHELL32.DLL C:\WINNT\system32\SHELL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001329F0 BaseDllName address: 0x001329D0 FullDllName physical address: 3fed9f0 BaseDllName physical address: 3fed9d0 0x78000000 0x78046000 (335c000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132AA8 BaseDllName address: 0x00132A88 FullDllName physical address: 3fedaa8 BaseDllName physical address: 3feda88 0x77410000 0x77423000 (1) MSACM32.dll C:\WINNT\System32\MSACM32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132B78 BaseDllName address: 0x00132B58 FullDllName physical address: 3fedb78 BaseDllName physical address: 3fedb58 0x77570000 0x775A0000 (1) WINMM.dll C:\WINNT\System32\WINMM.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132F38 BaseDllName address: 0x00132F18 FullDllName physical address: 3fedf38 BaseDllName physical address: 3fedf18 0x75170000 0x751BF000 (1) NETAPI32.dll C:\WINNT\System32\NETAPI32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132FF0 BaseDllName address: 0x00132FC8 FullDllName physical address: 8fa000 BaseDllName physical address: 3fedfc8 0x77BE0000 0x77BEF000 (1) SECUR32.DLL C:\WINNT\System32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133198 BaseDllName address: 0x00133178 FullDllName physical address: 8fa198 BaseDllName physical address: 8fa178 0x751C0000 0x751C6000 (1) NETRAP.DLL C:\WINNT\System32\NETRAP.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133250 BaseDllName address: 0x00133230 FullDllName physical address: 8fa250 BaseDllName physical address: 8fa230 0x75150000 0x7515F000 (503b000) SAMLIB.DLL C:\WINNT\System32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133308 BaseDllName address: 0x001332E8 FullDllName physical address: 8fa308 BaseDllName physical address: 8fa2e8 0x75030000 0x75044000 (5085000) WS2_32.DLL C:\WINNT\System32\WS2_32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001333C0 BaseDllName address: 0x001333A0 FullDllName physical address: 8fa3c0 BaseDllName physical address: 8fa3a0 0x75020000 0x75028000 (5066000) WS2HELP.DLL C:\WINNT\System32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133478 BaseDllName address: 0x00133458 FullDllName physical address: 8fa478 BaseDllName physical address: 8fa458 0x77950000 0x77979000 (3349000) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133530 BaseDllName address: 0x00133510 FullDllName physical address: 8fa530 BaseDllName physical address: 8fa510 0x77980000 0x779A4000 (505b000) DNSAPI.DLL C:\WINNT\System32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001335E8 BaseDllName address: 0x001335C8 FullDllName physical address: 8fa5e8 BaseDllName physical address: 8fa5c8 0x75050000 0x75058000 (503c000) WSOCK32.DLL C:\WINNT\System32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001336A0 BaseDllName address: 0x00133680 FullDllName physical address: 8fa6a0 BaseDllName physical address: 8fa680 0x77A50000 0x77B45000 (3269000) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133758 BaseDllName address: 0x00133738 FullDllName physical address: 8fa758 BaseDllName physical address: 8fa738 0x779B0000 0x77A45000 (325a000) OLEAUT32.dll C:\WINNT\system32\OLEAUT32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133810 BaseDllName address: 0x001337E8 FullDllName physical address: 8fa810 BaseDllName physical address: 8fa7e8 0x752F0000 0x7530F000 (1) oledlg.dll C:\WINNT\System32\oledlg.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001338C8 BaseDllName address: 0x001338A8 FullDllName physical address: 8fa8c8 BaseDllName physical address: 8fa8a8 0x695E0000 0x69609000 (1) OLEPRO32.DLL C:\WINNT\System32\OLEPRO32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133988 BaseDllName address: 0x00133960 FullDllName physical address: 8fa988 BaseDllName physical address: 8fa960 0x77820000 0x77827000 (3327000) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133A40 BaseDllName address: 0x00133A20 FullDllName physical address: 8faa40 BaseDllName physical address: 8faa20 0x759B0000 0x759B6000 (3218000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133AF8 BaseDllName address: 0x00133AD8 FullDllName physical address: 8faaf8 BaseDllName physical address: 8faad8 0x76C00000 0x76C74000 (1) WININET.dll C:\WINNT\system32\WININET.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133BA8 BaseDllName address: 0x00133B88 FullDllName physical address: 8faba8 BaseDllName physical address: 8fab88 0x77800000 0x7781D000 (66f5000) WINSPOOL.DRV C:\WINNT\System32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133C68 BaseDllName address: 0x00133C40 FullDllName physical address: 8fac68 BaseDllName physical address: 8fac40 0x10000000 0x1000A000 (1) WMHook.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00139090 BaseDllName address: 0x0015BE38 FullDllName physical address: a69090 BaseDllName physical address: 2a4de38 0x77560000 0x77569000 (1) wdmaud.drv C:\WINNT\System32\wdmaud.drv Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0016AAF8 BaseDllName address: 0x00136E30 FullDllName physical address: 401eaf8 BaseDllName physical address: 6e70e30 0x51080000 0x510D9000 (31fc000) dsound.dll C:\WINNT\System32\dsound.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0016EC50 BaseDllName address: 0x0016ADD0 FullDllName physical address: 2f57c50 BaseDllName physical address: 401edd0 0x77400000 0x77408000 (1) msacm32.drv C:\WINNT\System32\msacm32.drv Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0016EE50 BaseDllName address: 0x00178300 FullDllName physical address: 2f57e50 BaseDllName physical address: 4528300 0x5EF80000 0x5EF84000 (7200000) KsUser.dll C:\WINNT\System32\KsUser.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0017B548 BaseDllName address: 0x00178500 FullDllName physical address: 7c5b548 BaseDllName physical address: 4528500 0x691D0000 0x69255000 (5bc0000) CLBCATQ.DLL C:\WINNT\System32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00185CD0 BaseDllName address: 0x00184098 FullDllName physical address: 2677cd0 BaseDllName physical address: ada098 0x77840000 0x7787C000 (3ef7000) cscui.dll C:\WINNT\System32\cscui.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0018A930 BaseDllName address: 0x0018A910 FullDllName physical address: 2e37930 BaseDllName physical address: 2e37910 0x770C0000 0x770E3000 (43a7000) CSCDLL.DLL C:\WINNT\System32\CSCDLL.DLL Flags: 0x84006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0018A9E0 BaseDllName address: 0x0018A9C0 FullDllName physical address: 2e379e0 BaseDllName physical address: 2e379c0 0x01FB0000 0x01FDD000 (5963000) Clipboard.lmd E:\AutoPlay\Plugins\Clipboard\Clipboard.lmd Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00196C10 BaseDllName address: 0x00196C70 FullDllName physical address: 54fac10 BaseDllName physical address: 54fac70 0x01FF0000 0x02034000 (50ee000) Crypto.lmd E:\AutoPlay\Plugins\Crypto\Crypto.lmd Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00196920 BaseDllName address: 0x00197FF8 FullDllName physical address: 54fa920 BaseDllName physical address: 2dd4000 0x023B0000 0x023BC000 (659d000) EzAuto.dll C:\Program Files\Apoint\EzAuto.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0019EBB8 BaseDllName address: 0x0019EC08 FullDllName physical address: 68dcbb8 BaseDllName physical address: 68dcc08 0x777F0000 0x777F5000 (5e3f000) rasadhlp.dll C:\WINNT\System32\rasadhlp.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00180688 BaseDllName address: 0x001815D8 FullDllName physical address: 6490688 BaseDllName physical address: 45d95d8 0x77830000 0x7783E000 (5a72000) RTUTILS.DLL C:\WINNT\System32\RTUTILS.DLL Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x001C0098 BaseDllName address: 0x001BFBD8 FullDllName physical address: 403b098 BaseDllName physical address: 1fd8bd8 0x03DF0000 0x03E3E000 (6ca000) WinButton.apo E:\AutoPlay\Plugins\WinButton\WinButton.apo Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001C8870 BaseDllName address: 0x001C2398 FullDllName physical address: efe870 BaseDllName physical address: 883398 0x05160000 0x051B8000 (40c0000) ComboBox.apo E:\AutoPlay\Plugins\ComboBox\ComboBox.apo Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x04450F08 BaseDllName address: 0x001CE808 FullDllName physical address: 6a3cf08 BaseDllName physical address: 1720808 0x05860000 0x0587A000 (5807000) Apoint.DLL C:\Program Files\Apoint\Apoint.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001DC168 BaseDllName address: 0x001D9B90 FullDllName physical address: 6c9b168 BaseDllName physical address: 4f8b90 0x05880000 0x0588A000 (642000) Vxdif.dll C:\WINNT\System32\Vxdif.dll Flags: 0x284006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001DC800 BaseDllName address: 0x001DC7E0 FullDllName physical address: 6c9b800 BaseDllName physical address: 6c9b7e0 Thread List Head: 0xFF144070 THREAD: 0xFF1C06E0 (0xe6e6e0) Cid: 144.378 CreateTime: 0x1c569d82f089020 2005-06-05 14:09:27Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(860000) ThreadsProcess: 0xFF144020 helix.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F5CD68 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF1C073C Contents: FF2729DC:FF1665BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1C074C(e6e74c) PostBlockList: 0xE1C0DF10:E2131F90 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x006627E0 E:\helix.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7847000 Stack Limit: 0xF7842000 Kernel Stack: 0xF7846C20(1f31000 NA NA NA NA 1f31000 NA NA NA NA ) Resident: 0 User stack base: 0x00130000(3e47000 d73000 77be000 727e000 54cf000 241f000 ) User stack Limit: 0x0012A000 THREAD: 0xFF0C13C0 (0x40723c0) Cid: 144.3e4 CreateTime: 0x1c569d83001a3b0 2005-06-05 14:09:28Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(56c6000) ThreadsProcess: 0xFF144020 helix.exe Priority: 15 Base Priority: 15 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF0C141C Contents: FF0BA69C:FF19819C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF0C142C(407242c) PostBlockList: 0xFF0C1584:FF0C1584 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77562BDF C:\WINNT\System32\wdmaud.drv Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7CFF000 Stack Limit: 0xF7CFC000 Kernel Stack: 0xF7CFE930(Paged< 0:17aa000> NA NA Paged< 0:17aa000> NA NA ) Resident: 0 User stack base: 0x01630000(Paged< 0:18c3000> ) User stack Limit: 0x0162F000 THREAD: 0xFF0BA640 (0x5a34640) Cid: 144.328 CreateTime: 0x1c569d8301eac40 2005-06-05 14:09:29Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDC000(2134000) ThreadsProcess: 0xFF144020 helix.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF0BA69C Contents: FF0EB45C:FF0C141C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF0B79E8(1cec9e8) PostBlockList: 0xFF0BA804:FF0BA804 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x510C00B0 C:\WINNT\System32\dsound.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7C5B000 Stack Limit: 0xF7C58000 Kernel Stack: 0xF7C5A930(Paged< 0:17a9000> NA NA Paged< 0:17a9000> NA NA ) Resident: 0 User stack base: 0x01740000(589d000 ) User stack Limit: 0x0173F000 THREAD: 0xFF0D94A0 (0x2d8e4a0) Cid: 144.128 CreateTime: 0x1c569d830310280 2005-06-05 14:09:29Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDB000(6c02000) ThreadsProcess: 0xFF144020 helix.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE21D2008 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF0D94FC Contents: FF18BDFC:FF1708BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF0D950C(2d8e50c) PostBlockList: 0xFF0D9664:FF0D9664 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x510C00B0 C:\WINNT\System32\dsound.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7A9B000 Stack Limit: 0xF7A97000 Kernel Stack: 0xF7A9A930(72d8000 223f000 3bf6000 673a000 72d8000 223f000 3bf6000 673a000 ) Resident: 1 User stack base: 0x01840000(1ba8000 ) User stack Limit: 0x0183F000 THREAD: 0xFF0FB1E0 (0x7cb61e0) Cid: 144.2a8 CreateTime: 0x1c569d830359810 2005-06-05 14:09:29Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDA000(296c000) ThreadsProcess: 0xFF144020 helix.exe Priority: 15 Base Priority: 15 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Non-Alertable WaitListHead: 0xFF0FB23C Contents: FF0E72DC:FF18A07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF0FB294(7cb6294) PostBlockList: 0xFF0FB3A4:FF0FB3A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x004FF21D E:\helix.exe Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF821E000 Stack Limit: 0xF821B000 Kernel Stack: 0xF821DCC4(1fbf000 663e000 445d000 1fbf000 663e000 445d000 ) Resident: 1 User stack base: 0x01A40000(643000 ) User stack Limit: 0x01A3F000 THREAD: 0xFF0E7280 (0x225d280) Cid: 144.338 CreateTime: 0x1c569d830359810 2005-06-05 14:09:29Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD9000(15ce000) ThreadsProcess: 0xFF144020 helix.exe Priority: 10 Base Priority: 10 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Non-Alertable WaitListHead: 0xFF0E72DC Contents: FF0D94FC:FF0FB23C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF0E7334(225d334) PostBlockList: 0xFF0E7444:FF0E7444 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x004EB57F E:\helix.exe Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7CF7000 Stack Limit: 0xF7CF4000 Kernel Stack: 0xF7CF6CC4(654b000 52c8000 6ee7000 654b000 52c8000 6ee7000 ) Resident: 1 User stack base: 0x01B40000(2f4d000 ) User stack Limit: 0x01B3F000 THREAD: 0xFF0EB400 (0x6e7a400) Cid: 144.d4 CreateTime: 0x1c569d8303a2da0 2005-06-05 14:09:29Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD8000(2fa1000) ThreadsProcess: 0xFF144020 helix.exe Priority: 10 Base Priority: 10 Priority decrement: 0 Win32Thread: 0xE1EA9008 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF0EB45C Contents: FF0E7A5C:FF0BA69C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF0EB46C(6e7a46c) PostBlockList: 0xFF0EB5C4:FF0EB5C4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77575BB9 C:\WINNT\System32\WINMM.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7A4B000 Stack Limit: 0xF7A48000 Kernel Stack: 0xF7A4AC20(Paged< 0:17a8000> NA NA Paged< 0:17a8000> NA NA ) Resident: 0 User stack base: 0x01C40000(40e3000 5650000 ) User stack Limit: 0x01C3E000 THREAD: 0xFF0E7A00 (0x225da00) Cid: 144.364 CreateTime: 0x1c569d84ba4a1d0 2005-06-05 14:10:15Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD6000(6b5a000) ThreadsProcess: 0xFF144020 helix.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF0E7A5C Contents: FF0E3B9C:FF0EB45C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF0E7A6C(225da6c) PostBlockList: 0xFF0E7BC4:FF0E7BC4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x778321FE C:\WINNT\System32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7C5F000 Stack Limit: 0xF7C5C000 Kernel Stack: 0xF7C5E930(Paged< 0:17a7000> NA NA Paged< 0:17a7000> NA NA ) Resident: 0 User stack base: 0x034E0000(4123000 ) User stack Limit: 0x034DF000 THREAD: 0xFF0E3B40 (0x733ab40) Cid: 144.470 CreateTime: 0x1c569d84ba62900 2005-06-05 14:10:15Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD5000(2467000) ThreadsProcess: 0xFF144020 helix.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF0E3B9C Contents: FF1CF07C:FF0E7A5C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF0E3BAC(733abac) PostBlockList: 0xFF0E3D04:FF0E3D04 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x7517B646 C:\WINNT\System32\NETAPI32.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF79FF000 Stack Limit: 0xF79FC000 Kernel Stack: 0xF79FE930(Paged< 0:17a6000> NA NA Paged< 0:17a6000> NA NA ) Resident: 0 User stack base: 0x035E0000(227d000 ) User stack Limit: 0x035DF000 THREAD: 0xFF0F78C0 (0x24b58c0) Cid: 144.3d4 CreateTime: 0x1c569d97eb35f0 2005-06-05 14:15:31Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD4000(3bd5000) ThreadsProcess: 0xFF144020 helix.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE213B648 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF0F791C Contents: FF1BBA1C:FF1773BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF0F792C(24b592c) PostBlockList: 0xFF0F7A84:FF0F7A84 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL LPC Server thread working on message Id 0x10eb Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8624000 Stack Limit: 0xF8621000 Kernel Stack: 0xF8623C48(6f65000 NA NA 6f65000 NA NA ) Resident: 0 User stack base: 0x05AC0000(f7d000 ) User stack Limit: 0x05ABF000 + 46c cmd2k.exe Source: from_active_process_list Eprocess Block: 0xFF0E4D60 (0x6352d44) CreateTime: 0x1c569d86206eaf0 2005-06-05 14:10:52Z SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x58dd000 Process Environment Block: 0x7FFDF000 (1862000) Loader module block: 0x00131E90 (186200c) Command Line: "E:\Shells\cmd2k.exe" /D /T:80 /F:ON /K cmdenv.bat Section: 0xE21B8FD0 (0x5c55fd0) Section Base Address: 0x4AD00000 (539c000) SectionBasedAddress: 0x087FAC20 ) SizeOfSegment: 0x48000 SectionFileName: \Shells\cmd2k.exe 0xe138a328 (0x28e9328) Handle Table: 0xFF1EA688 (0x294e688) Count: 22 TableCode: 0xE2118000 Process exiting: 0 VAD Root: 0xFF103328(3e4a328) Private: 82 Modified: 0 Locked: 0 AccessToken: 0xE20A6550(5e6d550) SecurityDescriptor: 0xE1EB2778(9a4778) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,277363} ParentToken ID: {0,0} Modified ID: {0,11d67} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x4AD00000 0x4AD48000 (539c000) cmd2k.exe E:\Shells\cmd2k.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002056C BaseDllName address: 0x00131F10 FullDllName physical address: 412656c BaseDllName physical address: 3293f10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 3293f80 BaseDllName physical address: 3293fa4 0x77E80000 0x77F35000 (3234000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x001323F8 FullDllName physical address: 44b4420 BaseDllName physical address: 44b43f8 0x77E10000 0x77E74000 (3382000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324F0 BaseDllName address: 0x001324D0 FullDllName physical address: 44b44f0 BaseDllName physical address: 44b44d0 0x77F40000 0x77F7C000 (31f2000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001325A8 BaseDllName address: 0x00132588 FullDllName physical address: 44b45a8 BaseDllName physical address: 44b4588 0x77DB0000 0x77E0A000 (3210000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132660 BaseDllName address: 0x00132638 FullDllName physical address: 44b4660 BaseDllName physical address: 44b4638 0x77D40000 0x77DB0000 (32dd000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132718 BaseDllName address: 0x001326F8 FullDllName physical address: 44b4718 BaseDllName physical address: 44b46f8 0x78000000 0x78046000 (335c000) MSVCRT.dll C:\WINNT\system32\MSVCRT.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327D0 BaseDllName address: 0x001327B0 FullDllName physical address: 44b47d0 BaseDllName physical address: 44b47b0 Thread List Head: 0xFF0E4DB0 THREAD: 0xFF0E10E0 (0x40a70e0) Cid: 46c.444 CreateTime: 0x1c569d862087220 2005-06-05 14:10:52Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(7928000) ThreadsProcess: 0xFF0E4D60 cmd2k.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE135BCA8 Wait:(WrLpcReply) UserMode Non-Alertable WaitListHead: 0xFF0E113C Contents: FF26D07C:FCA297FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF0E114C(40a714c) PostBlockList: 0xFF0E12A4:FF0E12A4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x4AD1A420 E:\Shells\cmd2k.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF775F000 Stack Limit: 0xF775C000 Kernel Stack: 0xF775EC18(6c8f000 3a8d000 3a8c000 6c8f000 3a8d000 3a8c000 ) Resident: 0 User stack base: 0x00130000(6fee000 84a000 66d2000 3e00000 7a81000 17e6000 ) User stack Limit: 0x0012A000 + 458 cmd2k.exe Source: from_active_process_list Eprocess Block: 0xFF119020 (0xdcc004) CreateTime: 0x1c569d8e0cdba40 2005-06-05 14:14:25Z SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x39a2000 Process Environment Block: 0x7FFDF000 (37fc000) Loader module block: 0x00131E90 (37fc00c) Command Line: "E:\Shells\cmd2k.exe" /D /T:80 /F:ON /K cmdenv.bat Section: 0xE1E1F670 (0x540d670) Section Base Address: 0x4AD00000 (539c000) SectionBasedAddress: 0x087FAC20 ) SizeOfSegment: 0x48000 SectionFileName: \Shells\cmd2k.exe 0xe138a328 (0x28e9328) Handle Table: 0xFF251008 (0x65f2008) Count: 23 TableCode: 0xE1E53000 Process exiting: 0 VAD Root: 0xFF1D5A88(6a89a88) Private: 74 Modified: 0 Locked: 0 AccessToken: 0xE2023670(dfe670) SecurityDescriptor: 0xE1EB2778(9a4778) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,279dc0} ParentToken ID: {0,0} Modified ID: {0,11d67} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x4AD00000 0x4AD48000 (539c000) cmd2k.exe E:\Shells\cmd2k.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002056C BaseDllName address: 0x00131F10 FullDllName physical address: 1c4056c BaseDllName physical address: 394df10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 394df80 BaseDllName physical address: 394dfa4 0x77E80000 0x77F35000 (3234000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x001323F8 FullDllName physical address: 720e420 BaseDllName physical address: 720e3f8 0x77E10000 0x77E74000 (3382000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324F0 BaseDllName address: 0x001324D0 FullDllName physical address: 720e4f0 BaseDllName physical address: 720e4d0 0x77F40000 0x77F7C000 (31f2000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001325A8 BaseDllName address: 0x00132588 FullDllName physical address: 720e5a8 BaseDllName physical address: 720e588 0x77DB0000 0x77E0A000 (3210000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132660 BaseDllName address: 0x00132638 FullDllName physical address: 720e660 BaseDllName physical address: 720e638 0x77D40000 0x77DB0000 (32dd000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132718 BaseDllName address: 0x001326F8 FullDllName physical address: 720e718 BaseDllName physical address: 720e6f8 0x78000000 0x78046000 (335c000) MSVCRT.dll C:\WINNT\system32\MSVCRT.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327D0 BaseDllName address: 0x001327B0 FullDllName physical address: 720e7d0 BaseDllName physical address: 720e7b0 Thread List Head: 0xFF119070 THREAD: 0xFF114180 (0x21c1180) Cid: 458.24c CreateTime: 0x1c569d8e0cf4170 2005-06-05 14:14:25Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(1e62000) ThreadsProcess: 0xFF119020 cmd2k.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE21DB8C8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1141DC Contents: FCDFEDFC:FF0F23FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1141EC(21c11ec) PostBlockList: 0xFF114344:FF114344 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x4AD1A420 E:\Shells\cmd2k.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7A5B000 Stack Limit: 0xF7A58000 Kernel Stack: 0xF7A5ACA0(3947000 NA NA 3947000 NA NA ) Resident: 0 User stack base: 0x00130000(5ac8000 6395000 39c7000 ) User stack Limit: 0x0012D000 + 11c dd.exe Source: from_active_process_list Eprocess Block: 0xFF0DAD60 (0x414dd44) CreateTime: 0x1c569de5de1b0a0 2005-06-05 14:53:42Z SecurityDescriptor: 0xE1EB2D78(9a4d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x1d9e000 Process Environment Block: 0x7FFDF000 (2c2d000) Loader module block: 0x00131E90 (2c2d00c) Command Line: ..\Acquisition\FAU\dd.exe if=\\.\PhysicalMemory of=F:\intrusion2005\physicalmemory.dd conv=noerror --md5sum --verifymd5 --md5out=F:\intrusion2005\physicalmemory.dd.md5 --log=F:\intrusion2005\audit.log Section: 0xE12E19D0 (0x19719d0) Section Base Address: 0x00400000 (fee000) SectionBasedAddress: 0x0A3A8C20 ) SizeOfSegment: 0xe000 SectionFileName: \Acquisition\FAU\dd.exe 0xe21b5a08 (0x4664a08) Handle Table: 0xFF158708 (0xeb6708) Count: 27 TableCode: 0xE20F8000 Process exiting: 0 VAD Root: 0xFF0D9B28(2d8eb28) Private: 84 Modified: 16640 Locked: 0 AccessToken: 0xE22364B0(57764b0) SecurityDescriptor: 0xE1EB2778(9a4778) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,bf69} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,bf5e} TokenFlags: 0x9 Token ID: {0,284be7} ParentToken ID: {0,0} Modified ID: {0,11d67} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-48542 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x0040E000 (fee000) dd.exe E:\Acquisition\FAU\dd.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002074C BaseDllName address: 0x00131F10 FullDllName physical address: 3a1174c BaseDllName physical address: 3a1ef10 0x77F80000 0x77FFA000 (2198000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F78 BaseDllName address: 0x00131F9C FullDllName physical address: 3a1ef78 BaseDllName physical address: 3a1ef9c 0x10000000 0x10006000 (20a5000) getopt.dll E:\Acquisition\FAU\getopt.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132410 BaseDllName address: 0x001323F0 FullDllName physical address: 51f410 BaseDllName physical address: 51f3f0 0x77E80000 0x77F35000 (3234000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001329C8 BaseDllName address: 0x001329A0 FullDllName physical address: 51f9c8 BaseDllName physical address: 51f9a0 0x7C000000 0x7C054000 (6028000) MSVCR70.dll E:\Acquisition\FAU\MSVCR70.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132A80 BaseDllName address: 0x00132A60 FullDllName physical address: 51fa80 BaseDllName physical address: 51fa60 0x77820000 0x77827000 (3327000) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132B50 BaseDllName address: 0x00132B30 FullDllName physical address: 51fb50 BaseDllName physical address: 51fb30 0x759B0000 0x759B6000 (3218000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132C08 BaseDllName address: 0x00132BE8 FullDllName physical address: 51fc08 BaseDllName physical address: 51fbe8 0x77E10000 0x77E74000 (3382000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132CB8 BaseDllName address: 0x00132C98 FullDllName physical address: 51fcb8 BaseDllName physical address: 51fc98 0x77F40000 0x77F7C000 (31f2000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132D70 BaseDllName address: 0x00132D50 FullDllName physical address: 51fd70 BaseDllName physical address: 51fd50 0x77BE0000 0x77BEF000 (4fda000) Secur32.dll C:\WINNT\System32\Secur32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132E20 BaseDllName address: 0x00132E00 FullDllName physical address: 51fe20 BaseDllName physical address: 51fe00 0x77DB0000 0x77E0A000 (3210000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132EE0 BaseDllName address: 0x00132EB8 FullDllName physical address: 51fee0 BaseDllName physical address: 51feb8 0x77D40000 0x77DB0000 (32dd000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132F98 BaseDllName address: 0x00132F78 FullDllName physical address: 51ff98 BaseDllName physical address: 51ff78 0x77A50000 0x77B45000 (3269000) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133050 BaseDllName address: 0x00133030 FullDllName physical address: 3c0a050 BaseDllName physical address: 3c0a030 0x00790000 0x00797000 (3707000) md5lib.dll E:\Acquisition\FAU\md5lib.dll Flags: 0x2c4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00136470 BaseDllName address: 0x00136450 FullDllName physical address: a65470 BaseDllName physical address: a65450 Thread List Head: 0xFF0DADB0 THREAD: 0xFF240020 (0x6ad8020) Cid: 11c.3d0 CreateTime: 0x1c569de5de337d0 2005-06-05 14:53:42Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(3032000) ThreadsProcess: 0xFF0DAD60 dd.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EE07A8 Running WaitListHead: 0xFF24007C Contents: 8047F7C0:8047F7C0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF2400D4(6ad80d4) PostBlockList: 0xFF2401E4:FF2401E4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x00406BDA E:\Acquisition\FAU\dd.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF78A7000 Stack Limit: 0xF78A3000 Kernel Stack: 0xF78A6904(7958000 6337000 3c36000 3b99000 7958000 6337000 3c36000 3b99000 ) Resident: 1 User stack base: 0x00130000(3c59000 578e000 ) User stack Limit: 0x0012E000 + 314 metasploit.exe Source: from_kernel_object Cloaked: Yes Eprocess Block: 0xFF1B5CC0 (0x2686ca4) CreateTime: 0x1c56966e9b473b0 2005-06-05 00:38:37Z ExitTime: 0x1c56966e9c542c0 2005-06-05 00:38:37Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x7234000 Process Environment Block: 0x7FFDF000 (1) Loader module block: 0x00000000 Command Line: Section: 0x00000000 (0x0) Section Base Address: 0x03140000 () SectionBasedAddress: 0x00000000 ) SizeOfSegment: 0x0 SectionFileName: Handle Table: 0x00000000 Process exiting: 1 VAD Root: 0x00000000(1) Private: 0 Modified: 0 Locked: 0 AccessToken: 0xE1F939B0(2eb19b0) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,1d25b} ParentToken ID: {0,0} Modified ID: {0,8e53} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege Enabled 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled Thread List Head: 0xFF1B5D10 + 258 metasploit.exe Source: from_kernel_object Cloaked: Yes Eprocess Block: 0xFF129460 (0x6601444) CreateTime: 0x1c5696938454090 2005-06-05 00:55:08Z ExitTime: 0x1c56969385796d0 2005-06-05 00:55:08Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x1a6d000 Process Environment Block: 0x7FFDF000 (1) Loader module block: 0x00000000 Command Line: Section: 0x00000000 (0x0) Section Base Address: 0x03140000 () SectionBasedAddress: 0x00000000 ) SizeOfSegment: 0x0 SectionFileName: Handle Table: 0x00000000 Process exiting: 1 VAD Root: 0x00000000(1) Private: 0 Modified: 0 Locked: 0 AccessToken: 0xE1BF2BB0(7668bb0) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,1fe7b} ParentToken ID: {0,0} Modified ID: {0,8e53} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege Enabled 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled Thread List Head: 0xFF1294B0 + 310 dfrws2005.exe Source: from_kernel_object Cloaked: Yes Eprocess Block: 0xFF1CCB60 (0xe1fb44) CreateTime: 0x1c5696a58ed910 2005-06-05 01:00:53Z ExitTime: 0x1c5696a61b6e50 2005-06-05 01:00:53Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x6c98000 Process Environment Block: 0x7FFDF000 (1) Loader module block: 0x00000000 Command Line: Section: 0x00000000 (0x0) Section Base Address: 0x00400000 () SectionBasedAddress: 0x00000000 ) SizeOfSegment: 0x0 SectionFileName: Handle Table: 0x00000000 Process exiting: 1 VAD Root: 0x00000000(1) Private: 0 Modified: 1 Locked: 0 AccessToken: 0xE208B4F0(53364f0) SecurityDescriptor: 0xE13053F8(1a413f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,21d61} ParentToken ID: {0,0} Modified ID: {0,200c5} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege Enabled 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege Enabled 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege Enabled 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled Thread List Head: 0xFF1CCBB0 Total processes(including idle process): 36 Orphaned threads: THREAD: 0xFF29B6E0 (0x529e6e0) Cid: f0.ec CreateTime: 0x1c5696617f3daf0 2005-06-05 00:32:45Z ExitTime: 1c5696617f3daf0 2005-06-05 00:32:48Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF29BA80 lsass.exe Priority: 16 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF29B73C Contents: FF286DFC:FCE00A3C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF29B74C(529e74c) PostBlockList: 0xFF29B8A4:FF29B8A4 Queue: 0x00000000 Start Address: 0x77E99264 LPC Server thread working on message Id 0x21 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0x00000000 Stack Limit: 0xF05FC000 Kernel Stack: 0xF05FFC48() Resident: 1 Terminated: Yes THREAD: 0xFF28CDA0 (0x5795da0) Cid: f0.160 CreateTime: 0x1c5696619025320 2005-06-05 00:32:47Z ExitTime: 1c5696619025320 2005-06-05 00:32:52Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF29BA80 lsass.exe Priority: 16 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF28CDFC Contents: 8047F7D0:8047F7D0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28CE0C(5795e0c) PostBlockList: 0xFF28CF64:FF28CF64 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x5091CBA9 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0x00000000 Stack Limit: 0xF065C000 Kernel Stack: 0xF065FC48() Resident: 1 Terminated: Yes THREAD: 0xFF1B9BA0 (0x76f8ba0) Cid: 314.288 CreateTime: 0x1c56966e9b473b0 2005-06-05 00:38:37Z ExitTime: 1c56966e9b473b0 2005-06-05 00:38:37Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF1B5CC0 metasploit.exe Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF1B9BFC Contents: FF1B307C:8047F7C0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1B9C0C(76f8c0c) PostBlockList: 0xFF1B9D64:FF1B9D64 Queue: 0x00000000 Start Address: 0x77E99264 Win32 Start Address: 0x03145232 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0x00000000 Stack Limit: 0xF77DB000 Kernel Stack: 0xF77DEC54() Resident: 1 Terminated: Yes THREAD: 0xFF1B3020 (0xb56020) Cid: 258.130 CreateTime: 0x1c5696938454090 2005-06-05 00:55:08Z ExitTime: 1c5696938454090 2005-06-05 00:55:08Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF129460 metasploit.exe Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF1B307C Contents: FF12C07C:8047F7C0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1B308C(b5608c) PostBlockList: 0xFF1B31E4:FF1B31E4 Queue: 0x00000000 Start Address: 0x77E99264 Win32 Start Address: 0x03145232 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0x00000000 Stack Limit: 0xF7843000 Kernel Stack: 0xF7846C54() Resident: 1 Terminated: Yes THREAD: 0xFF1C54C0 (0x7b6c4c0) Cid: 1e0.354 CreateTime: 0x1c569662d4dc8a0 2005-06-05 00:33:21Z ExitTime: 1c569662d4dc8a0 2005-06-05 00:33:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF1C551C Contents: 8047F800:8047F800 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1C552C(7b6c52c) PostBlockList: 0xFF1C5684:FF1C5684 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x75675EC4 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0x00000000 Stack Limit: 0xF7D86000 Kernel Stack: 0xF7D8AC48() Resident: 1 Terminated: Yes THREAD: 0xFF1BC8A0 (0x1a8d8a0) Cid: 1e0.384 CreateTime: 0x1c569662d959a70 2005-06-05 00:33:22Z ExitTime: 1c569662d959a70 2005-06-05 00:33:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF1BC8FC Contents: FF1C7ADC:8047F7C0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1BC90C(1a8d90c) PostBlockList: 0xFF1BCA64:FF1BCA64 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x7591871D Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0x00000000 Stack Limit: 0xF7BC4000 Kernel Stack: 0xF7BC7C48() Resident: 1 Terminated: Yes THREAD: 0xFF1C7A80 (0x597a80) Cid: 1e0.34c CreateTime: 0x1c569662cea7570 2005-06-05 00:33:21Z ExitTime: 1c569662cea7570 2005-06-05 00:33:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF27D020 svchost.exe Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF1C7ADC Contents: FCDFEDFC:FCD1D8FC Queue List: 0xFF1C9F80:FF1C9F80 WaitBlockList: 0xFF1C7B34(597b34) PostBlockList: 0xFF1C7C44:FF1C7C44 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x77DC5AB7 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0x00000000 Stack Limit: 0xF05EC000 Kernel Stack: 0xF05EFC48() Resident: 1 Terminated: Yes THREAD: 0xFF13E980 (0x763d980) Cid: 428.47c CreateTime: 0x1c569664a1f55e0 2005-06-05 00:34:10Z ExitTime: 1c569664a1f55e0 2005-06-05 00:35:10Z SecurityDescriptor: 0xE1C0E438(7369438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x00000000(0) ThreadsProcess: 0xFF172C40 JogServ2.exe Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF13E9DC Contents: 8047F800:8047F800 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF13EA34(763da34) PostBlockList: 0xFF13EB44:FF13EB44 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x78002432 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF7C5C000 Kernel Stack: 0xF7C5EC48() Resident: 1 Terminated: Yes THREAD: 0xFF22D020 (0x7b03020) Cid: 310.440 CreateTime: 0x1c5696a58ed910 2005-06-05 01:00:53Z ExitTime: 1c5696a58ed910 2005-06-05 01:00:53Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF1CCB60 dfrws2005.exe Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF22D07C Contents: 8047F7C8:8047F7C8 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF22D08C(7b0308c) PostBlockList: 0xFF22D1E4:FF22D1E4 Queue: 0x00000000 Start Address: 0x77E99264 Win32 Start Address: 0x0040EAFC Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0x00000000 Stack Limit: 0xF7823000 Kernel Stack: 0xF7826C54() Resident: 1 Terminated: Yes THREAD: 0xFF2792E0 (0x5d1f2e0) Cid: 29c.2a4 CreateTime: 0x1c56969c89713f0 2005-06-05 00:59:10Z ExitTime: 1c56969c89713f0 2005-06-05 00:59:10Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF15B020 UMGR32.EXE Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF27933C Contents: 8047F7C0:8047F7C0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF279394(5d1f394) PostBlockList: 0xFF2794A4:FF2794A4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x00DE2803 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF80F0000 Kernel Stack: 0xF80F2C48() Resident: 1 Terminated: Yes THREAD: 0xFF1E8180 (0x5bd180) Cid: 29c.30c CreateTime: 0x1c56969ca0bedb0 2005-06-05 00:59:13Z ExitTime: 1c56969ca0bedb0 2005-06-05 00:59:13Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF15B020 UMGR32.EXE Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF1E81DC Contents: 8047F7C0:8047F7C0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1E8234(5bd234) PostBlockList: 0xFF1E8344:FF1E8344 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x00DE2803 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF80F0000 Kernel Stack: 0xF80F2C48() Resident: 1 Terminated: Yes THREAD: 0xFF16F660 (0x1d07660) Cid: 29c.380 CreateTime: 0x1c56969c7eefd50 2005-06-05 00:59:09Z ExitTime: 1c56969c7eefd50 2005-06-05 00:59:09Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF15B020 UMGR32.EXE Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF16F6BC Contents: 8047F800:8047F800 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF16F714(1d07714) PostBlockList: 0xFF16F824:FF16F824 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x00DE2803 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF80F0000 Kernel Stack: 0xF80F2C48() Resident: 1 Terminated: Yes THREAD: 0xFF1BEB40 (0x5dc2b40) Cid: 29c.464 CreateTime: 0x1c56969c93f2a90 2005-06-05 00:59:11Z ExitTime: 1c56969c93f2a90 2005-06-05 00:59:12Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF15B020 UMGR32.EXE Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF1BEB9C Contents: 8047F7C0:8047F7C0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1BEBF4(5dc2bf4) PostBlockList: 0xFF1BED04:FF1BED04 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x00DE2803 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF80F0000 Kernel Stack: 0xF80F2C48() Resident: 1 Terminated: Yes THREAD: 0xFF1B9020 (0x76f8020) Cid: 29c.408 CreateTime: 0x1c56969cac968f0 2005-06-05 00:59:14Z ExitTime: 1c56969cac968f0 2005-06-05 00:59:14Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF15B020 UMGR32.EXE Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF1B907C Contents: 8047F7C0:8047F7C0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1B90D4(76f80d4) PostBlockList: 0xFF1B91E4:FF1B91E4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x00DE2803 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF80F0000 Kernel Stack: 0xF80F2C48() Resident: 1 Terminated: Yes THREAD: 0xFF1B6020 (0x5425020) Cid: 29c.1ec CreateTime: 0x1c56969cb779c50 2005-06-05 00:59:15Z ExitTime: 1c56969cb779c50 2005-06-05 00:59:15Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF15B020 UMGR32.EXE Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF1B607C Contents: 8047F7C0:8047F7C0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1B60D4(54250d4) PostBlockList: 0xFF1B61E4:FF1B61E4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x00DE2803 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF80F0000 Kernel Stack: 0xF80F2C48() Resident: 1 Terminated: Yes THREAD: 0xFF265A20 (0x5f0ba20) Cid: 29c.3a8 CreateTime: 0x1c56969cc3825f0 2005-06-05 00:59:16Z ExitTime: 1c56969cc3825f0 2005-06-05 00:59:17Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF15B020 UMGR32.EXE Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF265A7C Contents: 8047F7C0:8047F7C0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF265AD4(5f0bad4) PostBlockList: 0xFF265BE4:FF265BE4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x00DE2803 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF80F0000 Kernel Stack: 0xF80F2C48() Resident: 1 Terminated: Yes THREAD: 0xFF16B740 (0x65d6740) Cid: 29c.80 CreateTime: 0x1c5696ad15c080 2005-06-05 01:01:05Z ExitTime: 1c5696ad15c080 2005-06-05 01:01:35Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF15B020 UMGR32.EXE Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF16B79C Contents: 8047F800:8047F800 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF16B7AC(65d67ac) PostBlockList: 0xFF16B904:FF16B904 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x77DF9642 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF08E9000 Kernel Stack: 0xF08EBC48() Resident: 1 Terminated: Yes THREAD: 0xFF1135C0 (0x7caf5c0) Cid: 29c.300 CreateTime: 0x1c5696a5358bc90 2005-06-05 01:03:03Z ExitTime: 1c5696a5358bc90 2005-06-05 01:03:04Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF15B020 UMGR32.EXE Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF11361C Contents: 8047F7D0:8047F7D0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF11362C(7caf62c) PostBlockList: 0xFF113784:FF113784 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x00DE3590 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF08E9000 Kernel Stack: 0xF08EBC48() Resident: 1 Terminated: Yes THREAD: 0xFF113340 (0x7caf340) Cid: 29c.484 CreateTime: 0x1c5696a54e917b0 2005-06-05 01:03:06Z ExitTime: 1c5696a54e917b0 2005-06-05 01:03:06Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF15B020 UMGR32.EXE Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF11339C Contents: 8047F7D0:8047F7D0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1133AC(7caf3ac) PostBlockList: 0xFF113504:FF113504 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x00DE3590 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF08E9000 Kernel Stack: 0xF08EBC48() Resident: 1 Terminated: Yes THREAD: 0xFF113DA0 (0x7cafda0) Cid: 29c.278 CreateTime: 0x1c5696a518e5050 2005-06-05 01:03:00Z ExitTime: 1c5696a518e5050 2005-06-05 01:03:01Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF15B020 UMGR32.EXE Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF113DFC Contents: 8047F800:8047F800 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF113E0C(7cafe0c) PostBlockList: 0xFF113F64:FF113F64 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x00DE3590 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF08E9000 Kernel Stack: 0xF08EBC48() Resident: 1 Terminated: Yes THREAD: 0xFF158CE0 (0xeb6ce0) Cid: 250.290 CreateTime: 0x1c5696a661b8f0 2005-06-05 01:00:54Z ExitTime: 1c5696a661b8f0 2005-06-05 01:00:54Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF191640 dfrws2005.exe Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF158D3C Contents: FF264DBC:8047F7C0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF158D4C(eb6d4c) PostBlockList: 0xFF158EA4:FF158EA4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x0040CBA8 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF7B11000 Kernel Stack: 0xF7B13C48() Resident: 1 Terminated: Yes Orphaned thread count: 21 Total threads: 229 Loaded user modules: 1. <0x014A95A8(3ec05a8)>: BaseAddress: 0x779B0000 (325a000) EntryPoint: 0x779BD03B Size: 610304 Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 391b7759 Fri May 12 03:15:37 2000 FullPath: C:\WINNT\system32\OLEAUT32.DLL 2. <0x001361B8(a801b8)>: BaseAddress: 0x77820000 (1) EntryPoint: 0x77821114 Size: 28672 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d037 Wed Dec 01 07:37:27 1999 FullPath: C:\WINNT\system32\VERSION.dll 3. <0x00135900(595d900)>: BaseAddress: 0x76C00000 (1) EntryPoint: 0x76C01378 Size: 475136 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb48 Wed Jun 14 20:30:00 2000 FullPath: 4. ACTILOG.dll<0x00132838(2f28838)>: BaseAddress: 0x10000000 (2f2f000) EntryPoint: 0x10004695 Size: 53248 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39de044a Fri Oct 06 16:56:42 2000 FullPath: C:\Program Files\McAfee\McAfee VirusScan\ACTILOG.dll 5. ACTIVEDS.DLL<0x000A0500(5a2d500)>: BaseAddress: 0x773B0000 (1) EntryPoint: 0x773B126F Size: 188416 Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\ACTIVEDS.DLL 6. ADSLDPC.DLL<0x000A05B8(5a2d5b8)>: BaseAddress: 0x77380000 (1) EntryPoint: 0x773812A8 Size: 139264 Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 Timestamp: 394193d4 Sat Jun 10 01:03:16 2000 FullPath: C:\WINNT\system32\ADSLDPC.DLL 7. ADVAPI32.DLL<0x00072600(4fbc600)>: BaseAddress: 0x77DB0000 (1) EntryPoint: 0x77DB7D63 Size: 368640 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 394193d2 Sat Jun 10 01:03:14 2000 FullPath: C:\WINNT\system32\ADVAPI32.DLL 8. alogserv.exe<0x00131EC0(2f04ec0)>: BaseAddress: 0x00400000 (2e3a000) EntryPoint: 0x00402560 Size: 32768 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39de0450 Fri Oct 06 16:56:48 2000 FullPath: C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe 9. Apntex.exe<0x00131EC0(5bcaec0)>: BaseAddress: 0x00400000 (567f000) EntryPoint: 0x004014E0 Size: 32768 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39b2f28e Mon Sep 04 00:53:34 2000 FullPath: C:\Program Files\Apoint\Apntex.exe 10. Apoint.DLL<0x0008F338(733b338)>: BaseAddress: 0x020F0000 (1) EntryPoint: 0x020FB4C1 Size: 106496 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a10da1e Tue Nov 14 06:22:22 2000 FullPath: C:\Program Files\Apoint\Apoint.DLL 11. Apoint.DLL<0x0014F530(aa9530)>: BaseAddress: 0x01E80000 (5807000) EntryPoint: 0x01E8B4C1 Size: 106496 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a10da1e Tue Nov 14 06:22:22 2000 FullPath: C:\Program Files\Apoint\Apoint.DLL 12. Apoint.DLL<0x001DC790(6c9b790)>: BaseAddress: 0x05860000 (5807000) EntryPoint: 0x0586B4C1 Size: 106496 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a10da1e Tue Nov 14 06:22:22 2000 FullPath: C:\Program Files\Apoint\Apoint.DLL 13. Apoint.exe<0x00131EC0(2d80ec0)>: BaseAddress: 0x00400000 (2c10000) EntryPoint: 0x004064A4 Size: 106496 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a10e12d Tue Nov 14 06:52:29 2000 FullPath: 14. ATL.DLL<0x000A1620(6ee3620)>: BaseAddress: 0x773E0000 (7a32000) EntryPoint: 0x773E2D3C Size: 73728 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\System32\ATL.DLL 15. basesrv.dll<0x00162E38(42e3e38)>: BaseAddress: 0x5FFA0000 (42b0000) EntryPoint: 0x00000000 Size: 49152 Flags: 0x4004 LoadCount: 0x3 TlsIndex: 0 Timestamp: 38448c4e Wed Dec 01 02:47:42 1999 FullPath: C:\WINNT\system32\basesrv.dll 16. BATMETER.DLL<0x000BC100(22d5100)>: BaseAddress: 0x76740000 (1) EntryPoint: 0x767410B4 Size: 32768 Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 Timestamp: 38d8477c Wed Mar 22 04:09:32 2000 FullPath: C:\WINNT\System32\BATMETER.DLL 17. browser.dll<0x000D1738(7009738)>: BaseAddress: 0x768F0000 (2afd000) EntryPoint: 0x00000000 Size: 61440 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03e Wed Dec 01 07:37:34 1999 FullPath: C:\WINNT\system32\browser.dll 18. browseui.dll<0x0008D280(2b7f280)>: BaseAddress: 0x76E10000 (1) EntryPoint: 0x76E1E4A3 Size: 815104 Flags: 0xc4004 LoadCount: 0x7 TlsIndex: 0 Timestamp: 3947eb48 Wed Jun 14 20:30:00 2000 FullPath: C:\WINNT\System32\browseui.dll 19. BSACPICM.DLL<0x00171880(1937880)>: BaseAddress: 0x01AD0000 (708000) EntryPoint: 0x01AD3200 Size: 126976 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a24c394 Wed Nov 29 08:51:32 2000 FullPath: C:\Program Files\PowerPanel\Program\BSACPICM.DLL 20. BSNTSBS.DLL<0x00175118(8b1118)>: BaseAddress: 0x01C00000 (6c1c000) EntryPoint: 0x01C03AB4 Size: 147456 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a24c248 Wed Nov 29 08:46:00 2000 FullPath: C:\Program Files\PowerPanel\Program\BSNTSBS.DLL 21. CFGMGR32.DLL<0x000B8F48(5ef3f48)>: BaseAddress: 0x770B0000 (1) EntryPoint: 0x00000000 Size: 28672 Flags: 0x4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03b Wed Dec 01 07:37:31 1999 FullPath: C:\WINNT\system32\CFGMGR32.DLL 22. CLBCATQ.DLL<0x014AA220(3101220)>: BaseAddress: 0x691D0000 (5bc0000) EntryPoint: 0x6923E9A0 Size: 544768 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3918811e Tue May 09 21:20:30 2000 FullPath: C:\WINNT\system32\CLBCATQ.DLL 23. CLBCATQ.DLL<0x00136658(2673658)>: BaseAddress: 0x691D0000 (1) EntryPoint: 0x6923E9A0 Size: 544768 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3918811e Tue May 09 21:20:30 2000 FullPath: 24. Clipboard.lmd<0x00196C98(54fac98)>: BaseAddress: 0x01FB0000 (5963000) EntryPoint: 0x01FB7BD6 Size: 184320 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3fe06efb Wed Dec 17 14:58:03 2003 FullPath: E:\AutoPlay\Plugins\Clipboard\Clipboard.lmd 25. CLUSAPI.DLL<0x000C0C38(3230c38)>: BaseAddress: 0x73930000 (55cb000) EntryPoint: 0x00000000 Size: 65536 Flags: 0x4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 39518ec2 Thu Jun 22 03:57:54 2000 FullPath: C:\WINNT\System32\CLUSAPI.DLL 26. cmd.exe<0x00131EC0(4468ec0)>: BaseAddress: 0x4AD00000 (629d000) EntryPoint: 0x4AD1A420 Size: 294912 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3918ae95 Wed May 10 00:34:29 2000 FullPath: C:\WINNT\System32\cmd.exe 27. cmd2k.exe<0x00131EC0(3293ec0)>: BaseAddress: 0x4AD00000 (539c000) EntryPoint: 0x4AD1A420 Size: 294912 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39aa202b Mon Aug 28 08:17:47 2000 FullPath: E:\Shells\cmd2k.exe 28. ComboBox.apo<0x001CF390(26ec390)>: BaseAddress: 0x05160000 (40c0000) EntryPoint: 0x0517527E Size: 360448 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 4146177b Mon Sep 13 21:56:11 2004 FullPath: E:\AutoPlay\Plugins\ComboBox\ComboBox.apo 29. COMCTL32.DLL<0x0007C6D8(53226d8)>: BaseAddress: 0x77B50000 (1) EntryPoint: 0x77B68BCC Size: 561152 Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 Timestamp: 3947eb46 Wed Jun 14 20:29:58 2000 FullPath: C:\WINNT\system32\COMCTL32.DLL 30. comdlg32.dll<0x000B53F8(20913f8)>: BaseAddress: 0x76B30000 (1) EntryPoint: 0x76B31CE2 Size: 253952 Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3947eb48 Wed Jun 14 20:30:00 2000 FullPath: C:\WINNT\system32\comdlg32.dll 31. comsvcs.dll<0x000C0B98(3230b98)>: BaseAddress: 0x694F0000 (50e2000) EntryPoint: 0x695ADEF0 Size: 1310720 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 391880fe Tue May 09 21:19:58 2000 FullPath: C:\WINNT\System32\comsvcs.dll 32. CRYPT32.dll<0x000EB6F8(6e936f8)>: BaseAddress: 0x77440000 (5434000) EntryPoint: 0x774425F7 Size: 491520 Flags: 0x84006 LoadCount: 0x3b TlsIndex: 0 Timestamp: 3919b95e Wed May 10 19:32:46 2000 FullPath: C:\WINNT\system32\CRYPT32.dll 33. CRYPTDLL.DLL<0x000C3B10(6802b10)>: BaseAddress: 0x76670000 (1) EntryPoint: 0x76674054 Size: 57344 Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d040 Wed Dec 01 07:37:36 1999 FullPath: C:\WINNT\system32\CRYPTDLL.DLL 34. Crypto.lmd<0x00198018(2dd4018)>: BaseAddress: 0x01FF0000 (50ee000) EntryPoint: 0x01FFC7DC Size: 278528 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 413e3527 Tue Sep 07 22:24:39 2004 FullPath: E:\AutoPlay\Plugins\Crypto\Crypto.lmd 35. cryptsvc.dll<0x000C3AC0(6802ac0)>: BaseAddress: 0x768D0000 (1) EntryPoint: 0x768D1250 Size: 73728 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\cryptsvc.dll 36. cscdll.dll<0x014A2D40(3e3d40)>: BaseAddress: 0x770C0000 (1) EntryPoint: 0x770C6B31 Size: 143360 Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3924a0aa Fri May 19 02:02:18 2000 FullPath: C:\WINNT\system32\cscdll.dll 37. cscui.dll<0x014A7230(b88230)>: BaseAddress: 0x77840000 (1) EntryPoint: 0x7784285F Size: 245760 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb47 Wed Jun 14 20:29:59 2000 FullPath: C:\WINNT\system32\cscui.dll 38. CSRSRV.dll<0x00162728(42e3728)>: BaseAddress: 0x5FF90000 (42a4000) EntryPoint: 0x00000000 Size: 49152 Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 37f2d3d3 Thu Sep 30 03:06:59 1999 FullPath: C:\WINNT\system32\CSRSRV.dll 39. csrss.exe<0x00161EC0(4342ec0)>: BaseAddress: 0x5FFF0000 (1) EntryPoint: 0x5FFF1130 Size: 16384 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 37f2d3d3 Thu Sep 30 03:06:59 1999 FullPath: \??\C:\WINNT\system32\csrss.exe 40. dd.exe<0x00131EC0(3a1eec0)>: BaseAddress: 0x00400000 (fee000) EntryPoint: 0x00406BDA Size: 57344 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 4122aa24 Wed Aug 18 01:00:20 2004 FullPath: E:\Acquisition\FAU\dd.exe 41. DDCDRES.DLL<0x001378F0(6f068f0)>: BaseAddress: 0x01780000 (22c3000) EntryPoint: 0x01781180 Size: 434176 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a8198de Wed Feb 07 18:50:06 2001 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DDCDRES.DLL 42. DGMP3RD.DLL<0x00166270(d74270)>: BaseAddress: 0x01AC0000 (396000) EntryPoint: 0x01ACB977 Size: 139264 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39b8ddd2 Fri Sep 08 12:38:42 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DGMP3RD.DLL 43. DGMP3WT.DLL<0x00166690(d74690)>: BaseAddress: 0x01F90000 (3e9e000) EntryPoint: 0x01FC942C Size: 462848 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a4b4742 Thu Dec 28 13:59:30 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DGMP3WT.DLL 44. DGSSTRM.DLL<0x001338F0(2d558f0)>: BaseAddress: 0x00340000 (1) EntryPoint: 0x00354E86 Size: 184320 Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39b8dddf Fri Sep 08 12:38:55 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DGSSTRM.DLL 45. DGWAVOT.DLL<0x00166358(d74358)>: BaseAddress: 0x01C00000 (e26000) EntryPoint: 0x01C042EC Size: 77824 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39b8dde1 Fri Sep 08 12:38:57 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DGWAVOT.DLL 46. DGWAVRD.DLL<0x00166440(d74440)>: BaseAddress: 0x01D30000 (335000) EntryPoint: 0x01D337BF Size: 77824 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39b8dde2 Fri Sep 08 12:38:58 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DGWAVRD.DLL 47. DGWAVWT.DLL<0x001665B0(d745b0)>: BaseAddress: 0x01E60000 (1915000) EntryPoint: 0x01E6632C Size: 90112 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39b8dde3 Fri Sep 08 12:38:59 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DGWAVWT.DLL 48. dhcpcsvc.dll<0x0009FC48(5af7c48)>: BaseAddress: 0x77360000 (1) EntryPoint: 0x77361270 Size: 102400 Flags: 0xc4004 LoadCount: 0x9 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\dhcpcsvc.dll 49. dmserver.dll<0x000B8FC0(5ef3fc0)>: BaseAddress: 0x768C0000 (1) EntryPoint: 0x768C1854 Size: 24576 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb49 Wed Jun 14 20:30:01 2000 FullPath: C:\WINNT\system32\dmserver.dll 50. DNSAPI.DLL<0x000734F0(4ffe4f0)>: BaseAddress: 0x77980000 (505b000) EntryPoint: 0x77981E43 Size: 147456 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 394193d3 Sat Jun 10 01:03:15 2000 FullPath: C:\WINNT\system32\DNSAPI.DLL 51. dnsrslvr.dll<0x000A7780(5b6b780)>: BaseAddress: 0x768A0000 (1) EntryPoint: 0x00000000 Size: 102400 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 394193d6 Sat Jun 10 01:03:18 2000 FullPath: C:\WINNT\system32\dnsrslvr.dll 52. DragDrop.exe<0x00131EC0(2e22ec0)>: BaseAddress: 0x00400000 (1) EntryPoint: 0x0044ACB1 Size: 692224 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a854244 Sat Feb 10 13:29:40 2001 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe 53. dsound.dll<0x0016EC98(2f57c98)>: BaseAddress: 0x51080000 (31fc000) EntryPoint: 0x510CB1D9 Size: 364544 Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3a024e6b Fri Nov 03 05:34:35 2000 FullPath: C:\WINNT\System32\dsound.dll 54. dssenh.dll<0x000A8120(6def120)>: BaseAddress: 0x67400000 (1) EntryPoint: 0x67405829 Size: 159744 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38e25cb5 Wed Mar 29 19:42:45 2000 FullPath: C:\WINNT\system32\dssenh.dll 55. EngDM.DLL<0x00176F50(9dbf50)>: BaseAddress: 0x01180000 (9cb000) EntryPoint: 0x00000000 Size: 24576 Flags: 0x204004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a246608 Wed Nov 29 02:12:24 2000 FullPath: C:\Program Files\PowerPanel\Program\EngDM.DLL 56. EngPM.dll<0x0016B038(7ae0038)>: BaseAddress: 0x01100000 (7ac1000) EntryPoint: 0x00000000 Size: 327680 Flags: 0x204004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a246607 Wed Nov 29 02:12:23 2000 FullPath: C:\Program Files\PowerPanel\Program\EngPM.dll 57. es.dll<0x0007BDB8(6256db8)>: BaseAddress: 0x76290000 (1) EntryPoint: 0x7629399C Size: 249856 Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 Timestamp: 3843994a Tue Nov 30 09:30:50 1999 FullPath: c:\winnt\system32\es.dll 58. ESENT.dll<0x000E4FD8(3da1fd8)>: BaseAddress: 0x70170000 (3d17000) EntryPoint: 0x70171A1C Size: 1155072 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3919b975 Wed May 10 19:33:09 2000 FullPath: C:\WINNT\system32\ESENT.dll 59. eventlog.dll<0x00091978(586e978)>: BaseAddress: 0x76890000 (1) EntryPoint: 0x00000000 Size: 57344 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\eventlog.dll 60. Explorer.Exe<0x00071EC0(74b5ec0)>: BaseAddress: 0x00400000 (67a0000) EntryPoint: 0x004015A8 Size: 253952 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3947dd13 Wed Jun 14 19:29:23 2000 FullPath: C:\WINNT\Explorer.Exe 61. EzAuto.dll<0x000C8618(29e6618)>: BaseAddress: 0x01DD0000 (1) EntryPoint: 0x01DD2758 Size: 49152 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39852221 Mon Jul 31 06:52:17 2000 FullPath: C:\Program Files\Apoint\EzAuto.dll 62. EzAuto.dll<0x0014F210(aa9210)>: BaseAddress: 0x01D60000 (659d000) EntryPoint: 0x01D62758 Size: 49152 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39852221 Mon Jul 31 06:52:17 2000 FullPath: C:\Program Files\Apoint\EzAuto.dll 63. EzAuto.dll<0x0019EC28(68dcc28)>: BaseAddress: 0x023B0000 (659d000) EntryPoint: 0x023B2758 Size: 49152 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39852221 Mon Jul 31 06:52:17 2000 FullPath: C:\Program Files\Apoint\EzAuto.dll 64. ezCDmker.dll<0x00133020(2d55020)>: BaseAddress: 0x00270000 (1) EntryPoint: 0x00288AE8 Size: 753664 Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a80bf1e Wed Feb 07 03:21:02 2001 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\ezCDmker.dll 65. ezLICEN.dll<0x00133A90(2d55a90)>: BaseAddress: 0x00370000 (1) EntryPoint: 0x00374BE2 Size: 167936 Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a777560 Wed Jan 31 02:16:00 2001 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\ezLICEN.dll 66. GDI32.DLL<0x001631B0(42fd1b0)>: BaseAddress: 0x77F40000 (31f2000) EntryPoint: 0x00000000 Size: 245760 Flags: 0x4006 LoadCount: 0x4 TlsIndex: 0 Timestamp: 3947eb46 Wed Jun 14 20:29:58 2000 FullPath: C:\WINNT\system32\GDI32.DLL 67. getopt.dll<0x00132950(51f950)>: BaseAddress: 0x10000000 (20a5000) EntryPoint: 0x10001CEE Size: 24576 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 4122aa14 Wed Aug 18 01:00:04 2004 FullPath: E:\Acquisition\FAU\getopt.dll 68. gold.dll<0x00164C40(7029c40)>: BaseAddress: 0x00F30000 (7302000) EntryPoint: 0x00F310F9 Size: 552960 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 382245b0 Fri Nov 05 02:49:20 1999 FullPath: C:\Program Files\Common Files\Sony Shared\UILibrary\Tastes\gold.dll 69. gold.dll<0x00144660(3069660)>: BaseAddress: 0x012E0000 (7302000) EntryPoint: 0x012E10F9 Size: 552960 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 382245b0 Fri Nov 05 02:49:20 1999 FullPath: C:\Program Files\Common Files\Sony Shared\UILibrary\Tastes\gold.dll 70. GUIPlugInCJ.dll<0x00157F58(1b8ef58)>: BaseAddress: 0x019D0000 (5f23000) EntryPoint: 0x019D6169 Size: 245760 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a62be42 Mon Jan 15 09:09:22 2001 FullPath: C:\Program Files\Sony\Jog GUI PlugIn CJ\GUIPlugInCJ.dll 71. helix.exe<0x00131EC0(6e4cec0)>: BaseAddress: 0x00400000 (7a52000) EntryPoint: 0x006627E0 Size: 2535424 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 41b4a0ed Mon Dec 06 18:11:57 2004 FullPath: E:\helix.exe 72. ICFGNT5.DLL<0x000BADE0(20c1de0)>: BaseAddress: 0x6EA10000 (1) EntryPoint: 0x00000000 Size: 20480 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 384399b8 Tue Nov 30 09:32:40 1999 FullPath: C:\WINNT\System32\ICFGNT5.DLL 73. ICMP.DLL<0x000A0308(5a2d308)>: BaseAddress: 0x77520000 (1) EntryPoint: 0x775218B2 Size: 20480 Flags: 0x84006 LoadCount: 0xd TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\ICMP.DLL 74. IMAGEHLP.dll<0x000EE688(6a1c688)>: BaseAddress: 0x77920000 (1) EntryPoint: 0x7792127C Size: 139264 Flags: 0xc4006 LoadCount: 0x38 TlsIndex: 0 Timestamp: 384da964 Wed Dec 08 00:42:12 1999 FullPath: C:\WINNT\system32\IMAGEHLP.dll 75. imgutil.dll<0x000C72F0(2a022f0)>: BaseAddress: 0x6E490000 (1) EntryPoint: 0x6E4920B7 Size: 40960 Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 39386415 Sat Jun 03 01:49:09 2000 FullPath: C:\WINNT\System32\imgutil.dll 76. IMM32.DLL<0x0009CCE0(1bf5ce0)>: BaseAddress: 0x75E60000 (1) EntryPoint: 0x75E61264 Size: 106496 Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3843994e Tue Nov 30 09:30:54 1999 FullPath: C:\WINNT\System32\IMM32.DLL 77. INETCFG.DLL<0x000AFCC0(31b1cc0)>: BaseAddress: 0x6E3D0000 (1) EntryPoint: 0x6E3DFD23 Size: 274432 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 384399be Tue Nov 30 09:32:46 1999 FullPath: C:\WINNT\System32\INETCFG.DLL 78. IPHLPAPI.DLL<0x0009FFD8(5af7fd8)>: BaseAddress: 0x77340000 (1) EntryPoint: 0x77342C35 Size: 77824 Flags: 0xc4006 LoadCount: 0x9 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\IPHLPAPI.DLL 79. JogLocale.dll<0x00144610(3069610)>: BaseAddress: 0x01490000 (25e7000) EntryPoint: 0x014914D1 Size: 856064 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a3bd26f Sat Dec 16 20:37:03 2000 FullPath: C:\PROGRA~1\Sony\JOGDIA~1\JogLocale.dll 80. JogServ2.exe<0x00131EC0(5b73ec0)>: BaseAddress: 0x00400000 (2d41000) EntryPoint: 0x0043F6C8 Size: 1380352 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a66bdf3 Thu Jan 18 09:57:07 2001 FullPath: C:\PROGRA~1\Sony\JOGDIA~1\JogServ2.exe 81. jscript.dll<0x000BBDE8(22f3de8)>: BaseAddress: 0x75DE0000 (1) EntryPoint: 0x75E0575B Size: 487424 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38d84781 Wed Mar 22 04:09:37 2000 FullPath: C:\WINNT\System32\jscript.dll 82. kerberos.dll<0x0007A3D8(548e3d8)>: BaseAddress: 0x45A00000 (1) EntryPoint: 0x45A13ED3 Size: 208896 Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3918f963 Wed May 10 05:53:39 2000 FullPath: C:\WINNT\system32\kerberos.dll 83. KERNEL32.DLL<0x00163140(42fd140)>: BaseAddress: 0x77E80000 (3234000) EntryPoint: 0x77E83709 Size: 741376 Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 Timestamp: 394193d2 Sat Jun 10 01:03:14 2000 FullPath: C:\WINNT\system32\KERNEL32.DLL 84. KsUser.dll<0x0016EE98(2f57e98)>: BaseAddress: 0x5EF80000 (7200000) EntryPoint: 0x5EF81350 Size: 16384 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39f1678d Sat Oct 21 09:53:17 2000 FullPath: C:\WINNT\System32\KsUser.dll 85. LIBEAY32.dll<0x00133490(1ce5490)>: BaseAddress: 0x60F60000 (1) EntryPoint: 0x60FBEF26 Size: 602112 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3861b23c Thu Dec 23 05:25:16 1999 FullPath: C:\Program Files\Support.com\Client\bin\LIBEAY32.dll 86. LINKINFO.DLL<0x000BA3B0(20c13b0)>: BaseAddress: 0x76710000 (1) EntryPoint: 0x76711840 Size: 36864 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d040 Wed Dec 01 07:37:36 1999 FullPath: C:\WINNT\System32\LINKINFO.DLL 87. lmhsvc.dll<0x000A77F0(5b6b7f0)>: BaseAddress: 0x76880000 (1) EntryPoint: 0x00000000 Size: 24576 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\lmhsvc.dll 88. LSASRV.dll<0x00072848(52b6848)>: BaseAddress: 0x50900000 (1) EntryPoint: 0x00000000 Size: 516096 Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39763f7d Wed Jul 19 23:53:33 2000 FullPath: C:\WINNT\system32\LSASRV.dll 89. lsass.exe<0x00071EC0(5255ec0)>: BaseAddress: 0x01000000 (1) EntryPoint: 0x01001258 Size: 40960 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39763f79 Wed Jul 19 23:53:29 2000 FullPath: 90. LZ32.DLL<0x001413D8(7ccb3d8)>: BaseAddress: 0x759B0000 (1) EntryPoint: 0x759B1A3F Size: 24576 Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38439952 Tue Nov 30 09:30:58 1999 FullPath: C:\WINNT\system32\LZ32.DLL 91. LZ32.DLL<0x00138258(28f5258)>: BaseAddress: 0x759B0000 (1) EntryPoint: 0x759B1A3F Size: 24576 Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38439952 Tue Nov 30 09:30:58 1999 FullPath: 92. md5lib.dll<0x00136370(a65370)>: BaseAddress: 0x00790000 (3707000) EntryPoint: 0x00792BBB Size: 28672 Flags: 0x2c4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 4122aa16 Wed Aug 18 01:00:06 2004 FullPath: E:\Acquisition\FAU\md5lib.dll 93. MFC42.DLL<0x00133808(2d55808)>: BaseAddress: 0x6C370000 (1) EntryPoint: 0x6C375D23 Size: 991232 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 384399dc Tue Nov 30 09:33:16 1999 FullPath: C:\WINNT\System32\MFC42.DLL 94. MFC42LOC.DLL<0x000A1F38(6b3df38)>: BaseAddress: 0x5FD00000 (1) EntryPoint: 0x00000000 Size: 53248 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3588769f Thu Jun 18 02:08:31 1998 FullPath: C:\WINNT\System32\MFC42LOC.DLL 95. MFC42U.DLL<0x0009C638(68a0638)>: BaseAddress: 0x76FB0000 (1) EntryPoint: 0x76FB5E9A Size: 991232 Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03b Wed Dec 01 07:37:31 1999 FullPath: C:\WINNT\system32\MFC42U.DLL 96. mlang.dll<0x00099958(15b8958)>: BaseAddress: 0x75D50000 (1) EntryPoint: 0x75D54868 Size: 532480 Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3947eb4b Wed Jun 14 20:30:03 2000 FullPath: C:\WINNT\System32\mlang.dll 97. mpr.dll<0x000927A8(57ee7a8)>: BaseAddress: 0x75090000 (1) EntryPoint: 0x750915EB Size: 65536 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb72 Wed Jun 14 20:30:42 2000 FullPath: C:\WINNT\system32\mpr.dll 98. MPRAPI.DLL<0x000A0028(5a2d028)>: BaseAddress: 0x77320000 (1) EntryPoint: 0x77321290 Size: 94208 Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\MPRAPI.DLL 99. MSACM32.dll<0x0152A9F8(772f9f8)>: BaseAddress: 0x77410000 (1) EntryPoint: 0x7741DA10 Size: 77824 Flags: 0x84006 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\MSACM32.dll 100. msacm32.drv<0x014AA4B8(31014b8)>: BaseAddress: 0x77400000 (91c000) EntryPoint: 0x77402638 Size: 32768 Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\msacm32.drv 101. msafd.dll<0x000AB388(5bdc388)>: BaseAddress: 0x74FD0000 (1) EntryPoint: 0x74FD13EC Size: 118784 Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3976325b Wed Jul 19 22:57:31 2000 FullPath: C:\WINNT\system32\msafd.dll 102. MSASN1.DLL<0x000EE5F0(6a1c5f0)>: BaseAddress: 0x77430000 (532c000) EntryPoint: 0x774333F0 Size: 65536 Flags: 0xc4006 LoadCount: 0x73 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\MSASN1.DLL 103. mscat32.dll<0x000F2998(6ed4998)>: BaseAddress: 0x76A00000 (1) EntryPoint: 0x76A01380 Size: 20480 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03e Wed Dec 01 07:37:34 1999 FullPath: C:\WINNT\system32\mscat32.dll 104. MSDTCPRX.dll<0x000C0D10(3230d10)>: BaseAddress: 0x015D0000 (5238000) EntryPoint: 0x016277A0 Size: 671744 Flags: 0x2c4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39188103 Tue May 09 21:20:03 2000 FullPath: C:\WINNT\System32\MSDTCPRX.dll 105. msgina.dll<0x0007C4A8(53224a8)>: BaseAddress: 0x67D80000 (1) EntryPoint: 0x67D82218 Size: 344064 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 394147f2 Fri Jun 09 19:39:30 2000 FullPath: C:\WINNT\system32\msgina.dll 106. msgsvc.dll<0x000D03B0(67383b0)>: BaseAddress: 0x76870000 (72a000) EntryPoint: 0x00000000 Size: 45056 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\msgsvc.dll 107. mshtml.dll<0x000A1ED0(1c61ed0)>: BaseAddress: 0x75AF0000 (1) EntryPoint: 0x75AF1A53 Size: 2359296 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb4b Wed Jun 14 20:30:03 2000 FullPath: C:\WINNT\System32\mshtml.dll 108. MSI.DLL<0x000BC310(22d5310)>: BaseAddress: 0x770F0000 (1) EntryPoint: 0x770F1000 Size: 1826816 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 393863f3 Sat Jun 03 01:48:35 2000 FullPath: C:\WINNT\System32\MSI.DLL 109. MSLS31.DLL<0x0009CF90(1bf5f90)>: BaseAddress: 0x75AC0000 (1) EntryPoint: 0x00000000 Size: 163840 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38439951 Tue Nov 30 09:30:57 1999 FullPath: C:\WINNT\System32\MSLS31.DLL 110. msprivs.dll<0x0007A2E8(548e2e8)>: BaseAddress: 0x765E0000 (1) EntryPoint: 0x00000000 Size: 53248 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d041 Wed Dec 01 07:37:37 1999 FullPath: C:\WINNT\system32\msprivs.dll 111. msv1_0.dll<0x0152C8C8(6e128c8)>: BaseAddress: 0x4D100000 (55bc000) EntryPoint: 0x00000000 Size: 106496 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 397605bb Wed Jul 19 19:47:07 2000 FullPath: C:\WINNT\system32\msv1_0.dll 112. MSVCR70.dll<0x00132AC8(51fac8)>: BaseAddress: 0x7C000000 (6028000) EntryPoint: 0x7C001624 Size: 344064 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3c36e574 Sat Jan 05 11:37:24 2002 FullPath: E:\Acquisition\FAU\MSVCR70.dll 113. MSVCRT.DLL<0x00072468(4fbc468)>: BaseAddress: 0x78000000 (1) EntryPoint: 0x78001C48 Size: 286720 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 37f2c227 Thu Sep 30 01:51:35 1999 FullPath: C:\WINNT\system32\MSVCRT.DLL 114. mswsock.dll<0x000F5360(7dc3360)>: BaseAddress: 0x74FF0000 (5ceb000) EntryPoint: 0x74FF122C Size: 73728 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3919b98e Wed May 10 19:33:34 2000 FullPath: C:\WINNT\system32\mswsock.dll 115. MTXCLU.DLL<0x000C5340(5b59340)>: BaseAddress: 0x6A7A0000 (6b33000) EntryPoint: 0x6A7A11B8 Size: 61440 Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 Timestamp: 384399f3 Tue Nov 30 09:33:39 1999 FullPath: C:\WINNT\System32\MTXCLU.DLL 116. mydocs.dll<0x00093A48(bfba48)>: BaseAddress: 0x76DF0000 (1) EntryPoint: 0x76DF1A8C Size: 69632 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03c Wed Dec 01 07:37:32 1999 FullPath: C:\WINNT\System32\mydocs.dll 117. nc.exe<0x00131EC0(3c19ec0)>: BaseAddress: 0x00400000 (1a4b000) EntryPoint: 0x00404C00 Size: 77824 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 34ae8eb9 Sat Jan 03 19:17:13 1998 FullPath: c:\winnt\system32\nc.exe 118. NDDEAPI.DLL<0x00072C60(4fbcc60)>: BaseAddress: 0x769A0000 (1) EntryPoint: 0x769A1084 Size: 28672 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3844d03e Wed Dec 01 07:37:34 1999 FullPath: C:\WINNT\system32\NDDEAPI.DLL 119. NETAPI32.dll<0x000730A0(4ffe0a0)>: BaseAddress: 0x75170000 (5046000) EntryPoint: 0x7517348C Size: 323584 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3947eb77 Wed Jun 14 20:30:47 2000 FullPath: C:\WINNT\system32\NETAPI32.dll 120. netcfgx.dll<0x00090CC0(6cfcc0)>: BaseAddress: 0x6A4B0000 (1) EntryPoint: 0x6A4E5640 Size: 561152 Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 Timestamp: 395d347d Fri Jun 30 23:59:57 2000 FullPath: c:\winnt\system32\netcfgx.dll 121. netlogon.dll<0x00084DB8(564bdb8)>: BaseAddress: 0x76580000 (1) EntryPoint: 0x7658189D Size: 368640 Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 Timestamp: 3947eb4a Wed Jun 14 20:30:02 2000 FullPath: C:\WINNT\system32\netlogon.dll 122. netman.dll<0x0009BD60(1abdd60)>: BaseAddress: 0x76270000 (2fa8000) EntryPoint: 0x76274CF0 Size: 102400 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 394193d7 Sat Jun 10 01:03:19 2000 FullPath: c:\winnt\system32\netman.dll 123. NETRAP.DLL<0x00073158(4ffe158)>: BaseAddress: 0x751C0000 (5028000) EntryPoint: 0x00000000 Size: 24576 Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3843995b Tue Nov 30 09:31:07 1999 FullPath: C:\WINNT\system32\NETRAP.DLL 124. NETSHELL.dll<0x000B4FE0(5e7fe0)>: BaseAddress: 0x76F20000 (2787000) EntryPoint: 0x76F24A22 Size: 479232 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 394193d5 Sat Jun 10 01:03:17 2000 FullPath: C:\WINNT\system32\NETSHELL.dll 125. NETUI0.DLL<0x000ADF70(206df70)>: BaseAddress: 0x75210000 (1) EntryPoint: 0x75211323 Size: 86016 Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3843995b Tue Nov 30 09:31:07 1999 FullPath: C:\WINNT\System32\NETUI0.DLL 126. NETUI1.DLL<0x000BC800(22d5800)>: BaseAddress: 0x751D0000 (1) EntryPoint: 0x751D15F4 Size: 229376 Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3843995b Tue Nov 30 09:31:07 1999 FullPath: C:\WINNT\System32\NETUI1.DLL 127. ntdll.dll<0x00161F30(3111f30)>: BaseAddress: 0x77F80000 (2198000) EntryPoint: 0x00000000 Size: 499712 Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 Timestamp: 394193d2 Sat Jun 10 01:03:14 2000 FullPath: C:\WINNT\System32\ntdll.dll 128. NTDSAPI.DLL<0x000734B0(52e94b0)>: BaseAddress: 0x77BF0000 (1) EntryPoint: 0x77BF22CD Size: 69632 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3844d035 Wed Dec 01 07:37:25 1999 FullPath: C:\WINNT\system32\NTDSAPI.DLL 129. ntlanman.dll<0x000AFC70(31b1c70)>: BaseAddress: 0x75160000 (1) EntryPoint: 0x75161358 Size: 49152 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3843995c Tue Nov 30 09:31:08 1999 FullPath: C:\WINNT\System32\ntlanman.dll 130. NTMARTA.DLL<0x00099220(7d8220)>: BaseAddress: 0x69BF0000 (3fe1000) EntryPoint: 0x69C04B30 Size: 118784 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 384399fe Tue Nov 30 09:33:50 1999 FullPath: C:\WINNT\System32\NTMARTA.DLL 131. NTMSDBA.dll<0x000B4B60(5e7b60)>: BaseAddress: 0x76240000 (8c0000) EntryPoint: 0x762460F8 Size: 180224 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 394193d7 Sat Jun 10 01:03:19 2000 FullPath: C:\WINNT\System32\NTMSDBA.dll 132. ntmssvc.dll<0x00081F38(6436f38)>: BaseAddress: 0x761D0000 (668a000) EntryPoint: 0x761D9AAC Size: 409600 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3843994a Tue Nov 30 09:30:50 1999 FullPath: c:\winnt\system32\ntmssvc.dll 133. ntshrui.dll<0x000BD0C0(22f40c0)>: BaseAddress: 0x76FA0000 (1) EntryPoint: 0x76FA1936 Size: 61440 Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3844d03b Wed Dec 01 07:37:31 1999 FullPath: C:\WINNT\System32\ntshrui.dll 134. OAKLEY.DLL<0x0009CBF8(68a0bf8)>: BaseAddress: 0x76500000 (1) EntryPoint: 0x76503A84 Size: 487424 Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb4a Wed Jun 14 20:30:02 2000 FullPath: C:\WINNT\system32\OAKLEY.DLL 135. ole32.dll<0x000EE738(6a1c738)>: BaseAddress: 0x77A50000 (3269000) EntryPoint: 0x77A521CE Size: 1003520 Flags: 0x84006 LoadCount: 0x3d TlsIndex: 0 Timestamp: 39654811 Fri Jul 07 03:01:37 2000 FullPath: C:\WINNT\system32\ole32.dll 136. oledlg.dll<0x00133BB8(2d55bb8)>: BaseAddress: 0x752F0000 (1) EntryPoint: 0x752F1388 Size: 126976 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 384da96b Wed Dec 08 00:42:19 1999 FullPath: C:\WINNT\System32\oledlg.dll 137. OLEPRO32.DLL<0x00133D28(2d55d28)>: BaseAddress: 0x695E0000 (1) EntryPoint: 0x695F2AA0 Size: 167936 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 391b7794 Fri May 12 03:16:36 2000 FullPath: C:\WINNT\System32\OLEPRO32.DLL 138. PcfMgr.exe<0x00131EC0(44ddec0)>: BaseAddress: 0x00400000 (1) EntryPoint: 0x00437C03 Size: 806912 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a24c45d Wed Nov 29 08:54:53 2000 FullPath: 139. PMDM.dll<0x00176F00(9dbf00)>: BaseAddress: 0x01150000 (4022000) EntryPoint: 0x01152E76 Size: 81920 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a246566 Wed Nov 29 02:09:42 2000 FullPath: C:\Program Files\PowerPanel\PROGRAM\PMDM.dll 140. pngfilt.dll<0x000BAA80(20c1a80)>: BaseAddress: 0x69190000 (1) EntryPoint: 0x69194922 Size: 57344 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38439a0a Tue Nov 30 09:34:02 1999 FullPath: C:\WINNT\System32\pngfilt.dll 141. PnPEvent.dll<0x00133560(5a1e560)>: BaseAddress: 0x00250000 (2fb9000) EntryPoint: 0x0025B92F Size: 94208 Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a1898cd Mon Nov 20 03:21:49 2000 FullPath: C:\PROGRA~1\Sony\JOGDIA~1\PnPEvent.dll 142. polagent.dll<0x00099230(5b53230)>: BaseAddress: 0x764E0000 (1) EntryPoint: 0x764E12B8 Size: 122880 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d041 Wed Dec 01 07:37:37 1999 FullPath: C:\WINNT\system32\polagent.dll 143. POWRPROF.DLL<0x000BC1C0(22d51c0)>: BaseAddress: 0x766F0000 (1) EntryPoint: 0x766F1B5C Size: 28672 Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 Timestamp: 3947eb49 Wed Jun 14 20:30:01 2000 FullPath: C:\WINNT\System32\POWRPROF.DLL 144. PRIMOSDK.dll<0x00132840(2e23840)>: BaseAddress: 0x10000000 (1) EntryPoint: 0x1000892E Size: 102400 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a7a30ac Fri Feb 02 03:59:40 2001 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\PRIMOSDK.dll 145. PROFMAP.DLL<0x00072FC8(4fbcfc8)>: BaseAddress: 0x690F0000 (1) EntryPoint: 0x690F5D00 Size: 45056 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 38439a0a Tue Nov 30 09:34:02 1999 FullPath: C:\WINNT\system32\PROFMAP.DLL 146. psbase.dll<0x000C74C0(67754c0)>: BaseAddress: 0x76850000 (1) EntryPoint: 0x768512D4 Size: 126976 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 394193d6 Sat Jun 10 01:03:18 2000 FullPath: C:\WINNT\system32\psbase.dll 147. PTLACPI.DLL<0x00176FA0(9dbfa0)>: BaseAddress: 0x01190000 (ce0000) EntryPoint: 0x01195CB0 Size: 172032 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a24641a Wed Nov 29 02:04:10 2000 FullPath: C:\Program Files\PowerPanel\Program\PTLACPI.DLL 148. PX.dll<0x00132D58(2e23d58)>: BaseAddress: 0x00230000 (1) EntryPoint: 0x0024FA7B Size: 258048 Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a7a2bf5 Fri Feb 02 03:39:33 2001 FullPath: C:\WINNT\System32\PX.dll 149. PXMAS.DLL<0x00164FF0(79d6ff0)>: BaseAddress: 0x01800000 (7c02000) EntryPoint: 0x0180EE58 Size: 118784 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a7a2c0c Fri Feb 02 03:39:56 2001 FullPath: C:\WINNT\System32\PXMAS.DLL 150. PXWAVE.DLL<0x001650A0(79860a0)>: BaseAddress: 0x01930000 (925000) EntryPoint: 0x0195FBF8 Size: 425984 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a7a2bfb Fri Feb 02 03:39:39 2001 FullPath: C:\WINNT\System32\PXWAVE.DLL 151. rasadhlp.dll<0x000DCD20(3f36d20)>: BaseAddress: 0x777F0000 (1) EntryPoint: 0x777F1380 Size: 20480 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d037 Wed Dec 01 07:37:27 1999 FullPath: C:\WINNT\system32\rasadhlp.dll 152. RASAPI32.DLL<0x000A07F0(5a2d7f0)>: BaseAddress: 0x774E0000 (1) EntryPoint: 0x774E266A Size: 204800 Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\RASAPI32.DLL 153. RASDLG.dll<0x000911A8(3c301a8)>: BaseAddress: 0x75870000 (761000) EntryPoint: 0x7588FF81 Size: 536576 Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 Timestamp: 38498caf Sat Dec 04 21:50:39 1999 FullPath: c:\winnt\system32\RASDLG.dll 154. RASMAN.DLL<0x000A08A8(5a2d8a8)>: BaseAddress: 0x774C0000 (1) EntryPoint: 0x774C2168 Size: 69632 Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\RASMAN.DLL 155. rasmans.dll<0x00090A00(6cfa00)>: BaseAddress: 0x75710000 (2c9b000) EntryPoint: 0x7571B7C8 Size: 167936 Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 Timestamp: 38d84783 Wed Mar 22 04:09:39 2000 FullPath: c:\winnt\system32\rasmans.dll 156. regsvc.exe<0x00071EC0(6894ec0)>: BaseAddress: 0x01000000 (6a53000) EntryPoint: 0x01002E80 Size: 81920 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 38acaff3 Fri Feb 18 02:35:31 2000 FullPath: C:\WINNT\system32\regsvc.exe 157. RESUTILS.DLL<0x000C4E78(71fae78)>: BaseAddress: 0x689D0000 (7015000) EntryPoint: 0x689D2420 Size: 53248 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39518ef3 Thu Jun 22 03:58:43 2000 FullPath: C:\WINNT\System32\RESUTILS.DLL 158. rnr20.dll<0x000DC9E0(3f369e0)>: BaseAddress: 0x78280000 (5e1f000) EntryPoint: 0x782811E9 Size: 49152 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb47 Wed Jun 14 20:29:59 2000 FullPath: C:\WINNT\System32\rnr20.dll 159. RPCRT4.DLL<0x000726B8(4fbc6b8)>: BaseAddress: 0x77D40000 (1) EntryPoint: 0x77D43926 Size: 458752 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39654811 Fri Jul 07 03:01:37 2000 FullPath: C:\WINNT\system32\RPCRT4.DLL 160. rpcss.dll<0x00077400(5d60400)>: BaseAddress: 0x76190000 (5ced000) EntryPoint: 0x761914D4 Size: 245760 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb4a Wed Jun 14 20:30:02 2000 FullPath: c:\winnt\system32\rpcss.dll 161. rsabase.dll<0x0008BD58(57e1d58)>: BaseAddress: 0x00790000 (1) EntryPoint: 0x0079CBF5 Size: 143360 Flags: 0x2c4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 38e25c6d Wed Mar 29 19:41:33 2000 FullPath: C:\WINNT\system32\rsabase.dll 162. rsaenh.dll<0x000F2D60(6ed4d60)>: BaseAddress: 0x7CA00000 (1) EntryPoint: 0x7CA0D4F4 Size: 143360 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38e25c83 Wed Mar 29 19:41:55 2000 FullPath: C:\WINNT\system32\rsaenh.dll 163. RTUTILS.DLL<0x000A0670(5a2d670)>: BaseAddress: 0x77830000 (1) EntryPoint: 0x77831D22 Size: 57344 Flags: 0xc4006 LoadCount: 0x9 TlsIndex: 0 Timestamp: 3844d037 Wed Dec 01 07:37:27 1999 FullPath: C:\WINNT\system32\RTUTILS.DLL 164. SAMLIB.DLL<0x00073210(4ffe210)>: BaseAddress: 0x75150000 (503b000) EntryPoint: 0x7515332C Size: 61440 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3843995c Tue Nov 30 09:31:08 1999 FullPath: C:\WINNT\system32\SAMLIB.DLL 165. SAMSRV.dll<0x00072E28(52b6e28)>: BaseAddress: 0x76450000 (1) EntryPoint: 0x00000000 Size: 372736 Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39513380 Wed Jun 21 21:28:32 2000 FullPath: C:\WINNT\system32\SAMSRV.dll 166. scecli.dll<0x00096928(5a24928)>: BaseAddress: 0x76430000 (1) EntryPoint: 0x764316BC Size: 114688 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d042 Wed Dec 01 07:37:38 1999 FullPath: C:\WINNT\system32\scecli.dll 167. SCESRV.DLL<0x000733F8(52e93f8)>: BaseAddress: 0x76810000 (5384000) EntryPoint: 0x76812A40 Size: 241664 Flags: 0x84006 LoadCount: 0xffff TlsIndex: -1 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\SCESRV.DLL 168. schannel.dll<0x00087A38(5809a38)>: BaseAddress: 0x58800000 (1) EntryPoint: 0x588026E3 Size: 151552 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38d2cb8b Sat Mar 18 00:19:23 2000 FullPath: C:\WINNT\system32\schannel.dll 169. sdcidle.dll<0x00152740(3b70740)>: BaseAddress: 0x5FFE0000 (1) EntryPoint: 0x5FFE12E9 Size: 36864 Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 394eb9b2 Tue Jun 20 00:24:18 2000 FullPath: C:\Program Files\Support.com\Client\bin\sdcidle.dll 170. seclogon.dll<0x000C71C8(67751c8)>: BaseAddress: 0x76800000 (6d63000) EntryPoint: 0x00000000 Size: 28672 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\seclogon.dll 171. SeCommon.dll<0x001331B0(5a1e1b0)>: BaseAddress: 0x00230000 (2efa000) EntryPoint: 0x0023EE6C Size: 110592 Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a669908 Thu Jan 18 07:19:36 2001 FullPath: C:\PROGRA~1\Sony\JOGDIA~1\SeCommon.dll 172. SECUR32.DLL<0x00072F10(4fbcf10)>: BaseAddress: 0x77BE0000 (4fda000) EntryPoint: 0x77BE1D94 Size: 61440 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3919b95d Wed May 10 19:32:45 2000 FullPath: C:\WINNT\system32\SECUR32.DLL 173. SeLocale.DLL<0x00137BB8(581dbb8)>: BaseAddress: 0x00980000 (4339000) EntryPoint: 0x00981159 Size: 1642496 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a1898fa Mon Nov 20 03:22:34 2000 FullPath: C:\PROGRA~1\Sony\JOGDIA~1\SeLocale.DLL 174. sens.dll<0x00083CF8(621ecf8)>: BaseAddress: 0x76180000 (1) EntryPoint: 0x7618401A Size: 49152 Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 Timestamp: 3843994b Tue Nov 30 09:30:51 1999 FullPath: c:\winnt\system32\sens.dll 175. sensapi.dll<0x000AD548(206d548)>: BaseAddress: 0x75AB0000 (1) EntryPoint: 0x75AB1641 Size: 20480 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38439951 Tue Nov 30 09:30:57 1999 FullPath: C:\WINNT\System32\sensapi.dll 176. services.exe<0x00071EC0(5274ec0)>: BaseAddress: 0x01000000 (52e3000) EntryPoint: 0x0100142C Size: 98304 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3814ad6e Mon Oct 25 19:20:14 1999 FullPath: C:\WINNT\system32\services.exe 177. SeTimer.dll<0x00132F78(5a54f78)>: BaseAddress: 0x10000000 (2e83000) EntryPoint: 0x100035C9 Size: 36864 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a1898b6 Mon Nov 20 03:21:26 2000 FullPath: C:\PROGRA~1\Sony\JOGDIA~1\SeTimer.dll 178. setupapi.dll<0x0007DCE0(56e2ce0)>: BaseAddress: 0x77880000 (56e6000) EntryPoint: 0x77882B18 Size: 577536 Flags: 0x84004 LoadCount: 0x3 TlsIndex: 0 Timestamp: 3947eb47 Wed Jun 14 20:29:59 2000 FullPath: C:\WINNT\system32\setupapi.dll 179. SFC.DLL<0x00072D98(4fbcd98)>: BaseAddress: 0x76980000 (1) EntryPoint: 0x76986617 Size: 110592 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 395d23ae Fri Jun 30 22:48:14 2000 FullPath: C:\WINNT\system32\SFC.DLL 180. sfcfiles.dll<0x00162790(3112790)>: BaseAddress: 0x68010000 (31d9000) EntryPoint: 0x68011080 Size: 1007616 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 384da999 Wed Dec 08 00:43:05 1999 FullPath: C:\WINNT\System32\sfcfiles.dll 181. shdoclc.dll<0x000BD110(22f4110)>: BaseAddress: 0x76D90000 (1) EntryPoint: 0x00000000 Size: 339968 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38e3fd11 Fri Mar 31 01:19:13 2000 FullPath: C:\WINNT\System32\shdoclc.dll 182. SHDOCVW.DLL<0x000858B0(3c788b0)>: BaseAddress: 0x76C80000 (1) EntryPoint: 0x76C866D0 Size: 1114112 Flags: 0xc4004 LoadCount: 0xc TlsIndex: 0 Timestamp: 3947eb48 Wed Jun 14 20:30:00 2000 FullPath: C:\WINNT\System32\SHDOCVW.DLL 183. SHELL32.DLL<0x0007C560(5322560)>: BaseAddress: 0x69800000 (1) EntryPoint: 0x69807DDC Size: 2367488 Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 Timestamp: 3947dfef Wed Jun 14 19:41:35 2000 FullPath: C:\WINNT\system32\SHELL32.DLL 184. SHLWAPI.DLL<0x0007C618(5322618)>: BaseAddress: 0x77C70000 (1) EntryPoint: 0x77C78190 Size: 303104 Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 Timestamp: 3947eb46 Wed Jun 14 20:29:58 2000 FullPath: C:\WINNT\system32\SHLWAPI.DLL 185. smss.exe<0x00161EC0(3111ec0)>: BaseAddress: 0x48580000 (3123000) EntryPoint: 0x48589586 Size: 57344 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 38acc774 Fri Feb 18 04:15:48 2000 FullPath: \SystemRoot\System32\smss.exe 186. SnyUtils.dll<0x0016D278(b74278)>: BaseAddress: 0x015D0000 (316000) EntryPoint: 0x015D6589 Size: 57344 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a480170 Tue Dec 26 02:24:48 2000 FullPath: C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll 187. SnyUtils.dll<0x0014AA28(21dfa28)>: BaseAddress: 0x01670000 (316000) EntryPoint: 0x01676589 Size: 57344 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a480170 Tue Dec 26 02:24:48 2000 FullPath: C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll 188. Srvsvc.dll<0x000C10A8(63da0a8)>: BaseAddress: 0x767E0000 (1) EntryPoint: 0x00000000 Size: 90112 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\Srvsvc.dll 189. SSLEAY32.dll<0x001333A0(1ce53a0)>: BaseAddress: 0x60F30000 (1) EntryPoint: 0x60F48AF1 Size: 184320 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3861b23c Thu Dec 23 05:25:16 1999 FullPath: C:\Program Files\Support.com\Client\bin\SSLEAY32.dll 190. stobject.dll<0x000BC040(22d5040)>: BaseAddress: 0x766D0000 (1) EntryPoint: 0x766D1300 Size: 98304 Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3947eb49 Wed Jun 14 20:30:01 2000 FullPath: C:\WINNT\System32\stobject.dll 191. svchost.exe<0x00071EC0(5cb1ec0)>: BaseAddress: 0x01000000 (5c91000) EntryPoint: 0x010010B8 Size: 20480 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3814ad86 Mon Oct 25 19:20:38 1999 FullPath: C:\WINNT\system32\svchost.exe 192. sxbios.dll<0x00176680(9db680)>: BaseAddress: 0x015E0000 (e85000) EntryPoint: 0x015E2D87 Size: 122880 Flags: 0x284004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 399bbff7 Thu Aug 17 10:35:35 2000 FullPath: C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll 193. sxbios.dll<0x0014AF90(21dff90)>: BaseAddress: 0x01680000 (e85000) EntryPoint: 0x01682D87 Size: 122880 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 399bbff7 Thu Aug 17 10:35:35 2000 FullPath: C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll 194. TAPI32.DLL<0x000A0960(5a2d960)>: BaseAddress: 0x77530000 (1) EntryPoint: 0x77532E60 Size: 139264 Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 Timestamp: 3844d038 Wed Dec 01 07:37:28 1999 FullPath: C:\WINNT\system32\TAPI32.DLL 195. tapisrv.dll<0x0008D0D8(6f570d8)>: BaseAddress: 0x66DF0000 (125000) EntryPoint: 0x66E10E20 Size: 180224 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38439a28 Tue Nov 30 09:34:32 1999 FullPath: 196. tgcmd.exe<0x00131EC0(62eec0)>: BaseAddress: 0x00400000 (1) EntryPoint: 0x0040FB59 Size: 675840 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a6f2967 Wed Jan 24 19:13:43 2001 FullPath: 祫祬祭祮祯祰祱祲祳祴祵祶祷祸祹祺祻祼祽祾祿禀禁禂禃 197. TRANS.DLL<0x00165110(7986110)>: BaseAddress: 0x01AB0000 (b9f000) EntryPoint: 0x01AB1771 Size: 28672 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 399d2ab4 Fri Aug 18 12:23:16 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\TRANS.DLL 198. TRANSWIN.dll<0x00133758(2d55758)>: BaseAddress: 0x00330000 (1) EntryPoint: 0x00331C79 Size: 28672 Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 399d2ac0 Fri Aug 18 12:23:28 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\TRANSWIN.dll 199. trkwks.dll<0x000D1470(7009470)>: BaseAddress: 0x767C0000 (d31000) EntryPoint: 0x767C4B9C Size: 102400 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\trkwks.dll 200. TXFAUX.DLL<0x0007BF58(6256f58)>: BaseAddress: 0x76120000 (1) EntryPoint: 0x761246CB Size: 360448 Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 Timestamp: 3843994b Tue Nov 30 09:30:51 1999 FullPath: c:\winnt\system32\TXFAUX.DLL 201. UILib.dll<0x00162560(70c0560)>: BaseAddress: 0x10000000 (1) EntryPoint: 0x1005777A Size: 1626112 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39acf4d1 Wed Aug 30 11:49:37 2000 FullPath: C:\PROGRA~1\COMMON~1\SONYSH~1\UILIBR~1\UILib.dll 202. UILib.dll<0x00144370(3069370)>: BaseAddress: 0x01140000 (2d32000) EntryPoint: 0x0119777A Size: 1626112 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39acf4d1 Wed Aug 30 11:49:37 2000 FullPath: C:\PROGRA~1\COMMON~1\SONYSH~1\UILIBR~1\UILib.dll 203. UMPNPMGR.DLL<0x00073288(52e9288)>: BaseAddress: 0x767A0000 (1) EntryPoint: 0x767A3C6C Size: 98304 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\UMPNPMGR.DLL 204. URLMON.DLL<0x00097FF8(74edff8)>: BaseAddress: 0x1A400000 (1) EntryPoint: 0x1A401450 Size: 462848 Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 39414999 Fri Jun 09 19:46:33 2000 FullPath: C:\WINNT\system32\URLMON.DLL 205. USER32.DLL<0x00163080(42fd080)>: BaseAddress: 0x77E10000 (3382000) EntryPoint: 0x77E249C5 Size: 409600 Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 Timestamp: 394193d2 Sat Jun 10 01:03:14 2000 FullPath: C:\WINNT\system32\USER32.DLL 206. USERENV.DLL<0x00072BA8(4fbcba8)>: BaseAddress: 0x77C10000 (5006000) EntryPoint: 0x77C16C8A Size: 380928 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 394193d3 Sat Jun 10 01:03:15 2000 FullPath: C:\WINNT\system32\USERENV.DLL 207. Vxdif.dll<0x0008F3A8(733b3a8)>: BaseAddress: 0x02110000 (1) EntryPoint: 0x02111000 Size: 40960 Flags: 0x284006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3854970f Mon Dec 13 06:49:51 1999 FullPath: C:\WINNT\System32\Vxdif.dll 208. Vxdif.dll<0x0014F5D0(aa95d0)>: BaseAddress: 0x01EA0000 (642000) EntryPoint: 0x01EA1000 Size: 40960 Flags: 0x284006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3854970f Mon Dec 13 06:49:51 1999 FullPath: C:\WINNT\system32\Vxdif.dll 209. VXDIF.DLL<0x001335A8(5b6e5a8)>: BaseAddress: 0x10000000 (642000) EntryPoint: 0x10001000 Size: 40960 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3854970f Mon Dec 13 06:49:51 1999 FullPath: C:\WINNT\System32\VXDIF.DLL 210. Vxdif.dll<0x001D9610(4f8610)>: BaseAddress: 0x05880000 (642000) EntryPoint: 0x05881000 Size: 40960 Flags: 0x284006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3854970f Mon Dec 13 06:49:51 1999 FullPath: C:\WINNT\System32\Vxdif.dll 211. wdmaud.drv<0x0007E060(5752060)>: BaseAddress: 0x77560000 (1) EntryPoint: 0x7756378E Size: 36864 Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 Timestamp: 3844d038 Wed Dec 01 07:37:28 1999 FullPath: C:\WINNT\system32\wdmaud.drv 212. webcheck.dll<0x000BB1D0(22f31d0)>: BaseAddress: 0x76680000 (1abf000) EntryPoint: 0x76681384 Size: 266240 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb49 Wed Jun 14 20:30:01 2000 FullPath: C:\WINNT\System32\webcheck.dll 213. WinButton.apo<0x001C88D0(efe8d0)>: BaseAddress: 0x03DF0000 (6ca000) EntryPoint: 0x03E01EEE Size: 319488 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 4147614e Tue Sep 14 21:23:26 2004 FullPath: E:\AutoPlay\Plugins\WinButton\WinButton.apo 214. WININET.DLL<0x000ACC00(1e6bc00)>: BaseAddress: 0x76C00000 (1) EntryPoint: 0x76C01378 Size: 475136 Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3947eb48 Wed Jun 14 20:30:00 2000 FullPath: C:\WINNT\system32\WININET.DLL 215. winlogon.exe<0x00071EC0(4fbbec0)>: BaseAddress: 0x01000000 (4560000) EntryPoint: 0x01001674 Size: 184320 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3947e26f Wed Jun 14 19:52:15 2000 FullPath: \??\C:\WINNT\system32\winlogon.exe 216. WINMM.dll<0x0007DBF0(56e2bf0)>: BaseAddress: 0x77570000 (5654000) EntryPoint: 0x77574164 Size: 196608 Flags: 0xc4004 LoadCount: 0xa TlsIndex: 0 Timestamp: 3844d038 Wed Dec 01 07:37:28 1999 FullPath: C:\WINNT\system32\WINMM.dll 217. winrnr.dll<0x000DCB40(3f36b40)>: BaseAddress: 0x777E0000 (5eaf000) EntryPoint: 0x777E10C5 Size: 32768 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d037 Wed Dec 01 07:37:27 1999 FullPath: C:\WINNT\System32\winrnr.dll 218. WINSCARD.DLL<0x014A56B8(3d9a6b8)>: BaseAddress: 0x76960000 (1) EntryPoint: 0x769611DD Size: 94208 Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03e Wed Dec 01 07:37:34 1999 FullPath: C:\WINNT\system32\WINSCARD.DLL 219. WINSPOOL.DRV<0x014A5708(3d9a708)>: BaseAddress: 0x77800000 (1) EntryPoint: 0x77801AFA Size: 118784 Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb47 Wed Jun 14 20:29:59 2000 FullPath: C:\WINNT\system32\WINSPOOL.DRV 220. winsrv.dll<0x00162FC8(42e3fc8)>: BaseAddress: 0x5FFB0000 (42de000) EntryPoint: 0x00000000 Size: 262144 Flags: 0x4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 39419421 Sat Jun 10 01:04:33 2000 FullPath: C:\WINNT\system32\winsrv.dll 221. WINSTA.DLL<0x000B5638(5caa638)>: BaseAddress: 0x65780000 (1) EntryPoint: 0x65782411 Size: 49152 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38d84808 Wed Mar 22 04:11:52 2000 FullPath: C:\WINNT\system32\WINSTA.DLL 222. wintrust.dll<0x000EB640(6e93640)>: BaseAddress: 0x76930000 (1) EntryPoint: 0x76952F60 Size: 176128 Flags: 0xc4004 LoadCount: 0x38 TlsIndex: 0 Timestamp: 3844d03e Wed Dec 01 07:37:34 1999 FullPath: C:\WINNT\system32\wintrust.dll 223. wkssvc.dll<0x000B5BA8(5caaba8)>: BaseAddress: 0x76770000 (1) EntryPoint: 0x00000000 Size: 106496 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb49 Wed Jun 14 20:30:01 2000 FullPath: C:\WINNT\system32\wkssvc.dll 224. WLDAP32.DLL<0x00073438(4ffe438)>: BaseAddress: 0x77950000 (3349000) EntryPoint: 0x7795194E Size: 167936 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3919b95d Wed May 10 19:32:45 2000 FullPath: C:\WINNT\system32\WLDAP32.DLL 225. WlNotify.dll<0x014A45A0(6f25a0)>: BaseAddress: 0x76920000 (1) EntryPoint: 0x76921FD2 Size: 61440 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb49 Wed Jun 14 20:30:01 2000 FullPath: C:\WINNT\system32\WlNotify.dll 226. WMHook.dll<0x000D3FB8(237dfb8)>: BaseAddress: 0x10000000 (1) EntryPoint: 0x10001659 Size: 40960 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: C:\PROGRA~1\Sony\JOGDIA~1\WMHook.dll 227. WMHook.dll<0x00165368(7986368)>: BaseAddress: 0x02020000 (230000) EntryPoint: 0x02021659 Size: 40960 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: C:\PROGRA~1\Sony\JOGDIA~1\WMHook.dll 228. WMHook.dll<0x00134EF8(2feaef8)>: BaseAddress: 0x00B40000 (230000) EntryPoint: 0x00B41659 Size: 40960 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: C:\PROGRA~1\Sony\JOGDIA~1\WMHook.dll 229. WMHook.dll<0x001524F8(3b704f8)>: BaseAddress: 0x10000000 (1) EntryPoint: 0x10001659 Size: 40960 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: 230. WMHook.dll<0x0016E9A0(db19a0)>: BaseAddress: 0x01860000 (230000) EntryPoint: 0x01861659 Size: 40960 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: C:\PROGRA~1\Sony\JOGDIA~1\WMHook.dll 231. WMHook.dll<0x00157F08(1b8ef08)>: BaseAddress: 0x018B0000 (230000) EntryPoint: 0x018B1659 Size: 40960 Flags: 0x284004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: C:\PROGRA~1\Sony\JOGDIA~1\WMHook.dll 232. WMHook.dll<0x00134CB8(5c12cb8)>: BaseAddress: 0x009C0000 (230000) EntryPoint: 0x009C1659 Size: 40960 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: C:\PROGRA~1\Sony\JOGDIA~1\WMHook.dll 233. WMHook.dll<0x0015ABE0(1cd7be0)>: BaseAddress: 0x10000000 (1) EntryPoint: 0x10001659 Size: 40960 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: 234. WMI.dll<0x000D0F28(6bbef28)>: BaseAddress: 0x76110000 (2bb5000) EntryPoint: 0x00000000 Size: 16384 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38448c09 Wed Dec 01 02:46:33 1999 FullPath: C:\WINNT\System32\WMI.dll 235. wmicore.dll<0x000D9098(ed0098)>: BaseAddress: 0x76750000 (3d4c000) EntryPoint: 0x76751134 Size: 86016 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d040 Wed Dec 01 07:37:36 1999 FullPath: C:\WINNT\system32\wmicore.dll 236. WS2_32.DLL<0x000732C8(4ffe2c8)>: BaseAddress: 0x75030000 (5085000) EntryPoint: 0x7503134C Size: 81920 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3919b9a8 Wed May 10 19:34:00 2000 FullPath: C:\WINNT\system32\WS2_32.DLL 237. WS2HELP.DLL<0x00073380(4ffe380)>: BaseAddress: 0x75020000 (5066000) EntryPoint: 0x750211AE Size: 32768 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3843995d Tue Nov 30 09:31:09 1999 FullPath: C:\WINNT\system32\WS2HELP.DLL 238. wshtcpip.dll<0x000B5C58(5caac58)>: BaseAddress: 0x75010000 (1) EntryPoint: 0x750111A4 Size: 28672 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3843995d Tue Nov 30 09:31:09 1999 FullPath: C:\WINNT\System32\wshtcpip.dll 239. WSOCK32.DLL<0x000735A8(4ffe5a8)>: BaseAddress: 0x75050000 (503c000) EntryPoint: 0x00000000 Size: 32768 Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3947eb91 Wed Jun 14 20:31:13 2000 FullPath: C:\WINNT\system32\WSOCK32.DLL User modules loaded: 238 Tcpip IFList: 0xF83273E4(2ab63e4) IPInterface: 0xF8325FE0 (2ad4fe0) ArpEntry: 0xFCD63108 (1380108) NumGateways: 0 Gateways: GatewayMetrics: InterfaceMetric: 0 IFNumber: 0x1 Ttl: 0 State: 0 Speed: 0x989680 PhysicalAddressSize: 0x0 EnableSniffer: 0 IPInterface: 0xFCCA83C8 (12c53c8) ArpEntry: 0xFCCB14A8 (12ce4a8) NumGateways: 0 Gateways: GatewayMetrics: InterfaceMetric: 1 IFNumber: 0x2 Ttl: 1 State: 0 Speed: 0x17d78400 PhysicalAddressSize: 0x6 PhysicalAddress: 0xFCCB151C (12ce51c) 08-00-46-02-22-f0 RegistryKey: Tcpip\Parameters\Interfaces\{E41F8207-9EAD-4C09-8BC4-06F8E425196E} Name: \DEVICE\TCPIP_{E41F8207-9EAD-4C09-8BC4-06F8E425196E} EnableSniffer: 0 IPInterface: 0xFCC9C328 (12b9328) ArpEntry: 0xFCCA5688 (12c2688) NumGateways: 0 Gateways: GatewayMetrics: InterfaceMetric: 1 IFNumber: 0x1000004 Ttl: 1 State: 0 Speed: 0x5f5e100 PhysicalAddressSize: 0x6 PhysicalAddress: 0xFCCA56FC (12c26fc) 08-00-46-18-65-ad RegistryKey: Tcpip\Parameters\Interfaces\{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} Name: \DEVICE\TCPIP_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} EnableSniffer: 0 Interface Count: 3 ArpInterfaceList: 0xF8326190(2a95190) ArpInterface: 0xFCCB14A8 (12ce4a8) NetTableEntry: 0xFCCAA748 (12c7748) PhysicalAddress: 08-00-46-02-22-f0 TickCount: 0x0 DeviceDescription: 1 RootDeviceName: \DEVICE\{E41F8207-9EAD-4C09-8BC4-06F8E425196E} ArpTable: 0xFCCB1408 (12ce408) Presumed ArpTable size: 0x26 (Warning: Verify table size manually.) ArpCacheEntry: 0xFCCA5828 (12c2828) CreateTime: 0x4 InetAddress: 92.0.94.0 PhysicalAddress: 00-00-00-00-00-00 CacheLife: 0x201800e Type: dynamic ArpInterface: 0xFCCA5688 (12c2688) NetTableEntry: 0xFCC9C248 (12b9248) PhysicalAddress: 08-00-46-18-65-ad TickCount: 0x0 DeviceDescription: 1 RootDeviceName: \DEVICE\{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} ArpTable: 0xFCCA6208 (12c3208) Presumed ArpTable size: 0x26 (Warning: Verify table size manually.) ArpCacheEntry: 0xFCCA62D0 (12c32d0) CreateTime: 0xfcc9ae30 InetAddress: 18.0.0.0 PhysicalAddress: 20-6e-58-f0-00-00 CacheLife: 0xfcca6378 Type: dynamic AddrObjTable: 0xF8321EC0 (2ad0ec0) AddrObjTableSize: 18 Table: 0xF8321EC0 (2ad0ec0) Address Object: 0xFF2330C8 (6c6d0c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} Address Object: 0xFF277668 (5dc0668) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF275E88:FF27F8E8} Address Object: 0xFCCA7328 (12c4328) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1FA0C8:FF1FB888} Address Object: 0xFCCA75C8 (12c45c8) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} Address Object: 0xFF162E48 (7b35e48) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF162548:FF1635A8} Address Object: 0xFF163E48 (836e48) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF163608:FF164C28} Address Object: 0xFF12B128 (5aff128) Local Address: 0x0:904 0.0.0.0:1033 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF164828:FF164828} Address Object: 0xFF12CCA8 (5abeca8) Local Address: 0x0:1f04 0.0.0.0:1055 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF272D88:FF272D88} Address Object: 0xFF1C0D08 (e6ed08) Local Address: 0x0:304 0.0.0.0:1027 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} Address Object: 0xFF1E1268 (7e42268) Local Address: 0x0:204 0.0.0.0:1026 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} Address Object: 0xFF2384A8 (6de04a8) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF237948:FF23C9C8} Address Object: 0xFF16B008 (65d6008) Local Address: 0x0:b80b 0.0.0.0:3000 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1C4128:FF1C4128} Address Object: 0xFF17DE48 (3082e48) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF15A488:FF2518A8} Address Object Count: 13 NumTcbTablePartitions: 0xF8320868(2aaf868) Value: 4 PerPartitionSize: 0xF832086C(2aaf86c) Value: 128 TcbTable: 0xF8321B6C (2ad0b6c) Value: 0xFCCC3040 (12e0040) SynAttackProtect: 0xF8321CF0 Value: False MaxHashTableSize: 0xF8320864(2aaf864) Value: 512 TWTcbTable: 0xF8321C20 (2ad0c20) Value: 0xFCCC4040 (12e1040)