ÿþShared User Data: 0xFFDF0000(248000) Product: NT Workstation Suite: NT Version: 5.0 System Time: 0x1c569e1d9e897b0 2005-06-05 15:18:39Z Time Zone ID: 2 Bias: 144000000000 Local Time: 0x1c569c052d6f7b0 2005-06-05 11:18:39Z Tick Count: 0x1038ba System Root: C:\WINNT Processor Architecture: StandardDesign Processor Features: FloatingPointPrecisionErrata: FloatingPointEmulated: CompareExchangeDouble: X MMXInstructionsAvailable: X PPCMovemem64BitOk: AlphaByteInstructions: XMMIInstructionsAvailable: X 3DNOWInstructionsAvailable: RDTSCInstructionAvailable: X PAEEnabled: XMMI64InstructionsAvailable: Large page minimum: 0 Debugger Enabled: No NxSupport: 0x0 Active Console ID: 0 Physical Pages: 0 Booted in safe mode: No TestReturnInstruction: 0 0 0 0 SystemCall: 0x0 SystemCallReturn: 0x0 Cookie: 0x0 Kernel Base : 0x80400000 Kernel Size : 0x19fb90 Page Tables: 0xC0000000 (0x1680000) Page Directory: 0xC0300000 (0x30000) KeNumberProcessors: 0x8046B4CC(46b4cc) 1 KeActiveProcessors: 0x8046B4D4(46b4d4) 1 KiProcessorBlock: 0x8046BDA0(46bda0) KeBootTime: 0x8046B318 (46b318) Value: 0x1c569df60590f40 2005-06-05 15:00:56Z KeBootTimeBias: 0x8046B328 Value: 0 Processor Control Regions: KPCR0: 0xFFDFF000(247000) KdVersionBlock: 0x00000000(1) GDT Base: 0x80036000(36000) IDT Base: 0x80036400(36400) IDTR: 0x8003f400 Limit: 0x7ff GDTR: 0x8003f000 Limit: 0x3ff LDTR: 0x8003f000 Limit: 0x3ff TSS: 0x80249000(249000) Processor Control Block: 0xFFDFF120 IdleThread: 0x8046D3F0 BuildType: 2 CpuType: 6 CpuStep: 0x806 SetMember: 1 CpuID: 1 VendorString: GenuineIntel MHZ: 285 PRCBNumber: 0 LogicalProcessorsPerPhysicalProcessor: 0 DebugActive: false Pagefile Information: MmNumberOfPagingFiles: 0x80480644(480644) Value: 1 MmPagingFile: 0x80480C40(480c40) Pagingfile0: 0xFCD61E28(137ee28) Size: 0xc000 MaximumSize: 0x18000 MinimumSize: 0xc000 FreeSpace: 0xb737 CurrentUsage: 0x8c8 PeakUsage: 0x925 HighestPage: 0x0 FileObject: 0xFCD61EA8 PagefileName: \??\C:\pagefile.sys Memory Information: MmPagesSize: 0x1000 MmLowestPhysicalPage: 0x8046B4D0(46b4d0) Value: 0x2 MmHighestPhysicalPage: 0x8046B4D8(46b4d8) Value: 0x7e7f MmNumberOfPhysicalPages: 0x8046B4DC(46b4dc) Value: 0x7dfb MmPfnDatabase: 0x8046B448(46b448) IDT Tables: IDT: 0x80036400(36400) No. Selector:Offset ParamCount Dpl Type Module 0. 8:80463c46 0 0 0xe \WINNT\System32\ntoskrnl.exe 1. 8:80463d96 0 0 0xe \WINNT\System32\ntoskrnl.exe 3. 8:8046406e 0 3 0xe \WINNT\System32\ntoskrnl.exe 4. 8:804641d2 0 3 0xe \WINNT\System32\ntoskrnl.exe 5. 8:80464316 0 0 0xe \WINNT\System32\ntoskrnl.exe 6. 8:8046447a 0 0 0xe \WINNT\System32\ntoskrnl.exe 7. 8:804649b0 0 0 0xe \WINNT\System32\ntoskrnl.exe 9. 8:80464d6c 0 0 0xe \WINNT\System32\ntoskrnl.exe a. 8:80464e74 0 0 0xe \WINNT\System32\ntoskrnl.exe b. 8:80464fa0 0 0 0xe \WINNT\System32\ntoskrnl.exe c. 8:804652a4 0 0 0xe \WINNT\System32\ntoskrnl.exe d. 8:804654b0 0 0 0xe \WINNT\System32\ntoskrnl.exe e. 8:80465f04 0 0 0xe \WINNT\System32\ntoskrnl.exe f. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 10. 8:804663a7 0 0 0xe \WINNT\System32\ntoskrnl.exe 11. 8:804664cb 0 0 0xe \WINNT\System32\ntoskrnl.exe 13. 8:8046661b 0 0 0xe \WINNT\System32\ntoskrnl.exe 14. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 15. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 16. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 17. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 18. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 19. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1a. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1b. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1c. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1d. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1e. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 1f. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 2a. 8:8046310c 0 3 0xe \WINNT\System32\ntoskrnl.exe 2b. 8:80463202 0 3 0xe \WINNT\System32\ntoskrnl.exe 2c. 8:80463322 0 3 0xe \WINNT\System32\ntoskrnl.exe 2d. 8:80463f5e 0 3 0xe \WINNT\System32\ntoskrnl.exe 2e. 8:80462c2d 0 3 0xe \WINNT\System32\ntoskrnl.exe 2f. 8:8046629f 0 0 0xe \WINNT\System32\ntoskrnl.exe 30. 8:8006807c 0 0 0xe \WINNT\System32\hal.dll 31. 8:fcd9ddc4 0 0 0xe 32. 8:80462284 0 0 0xe \WINNT\System32\ntoskrnl.exe 33. 8:8046228e 0 0 0xe \WINNT\System32\ntoskrnl.exe 34. 8:fcdb1324 0 0 0xe 35. 8:804622a2 0 0 0xe \WINNT\System32\ntoskrnl.exe 36. 8:804622ac 0 0 0xe \WINNT\System32\ntoskrnl.exe 37. 8:804622b6 0 0 0xe \WINNT\System32\ntoskrnl.exe 38. 8:80062db0 0 0 0xe \WINNT\System32\hal.dll 39. 8:fcd30044 0 0 0xe 3a. 8:804622d4 0 0 0xe \WINNT\System32\ntoskrnl.exe 3b. 8:fcdb1944 0 0 0xe 3c. 8:fcd9db44 0 0 0xe 3d. 8:804622f2 0 0 0xe \WINNT\System32\ntoskrnl.exe 3e. 8:fcd29ce4 0 0 0xe 3f. 8:80462306 0 0 0xe \WINNT\System32\ntoskrnl.exe 40. 8:80462310 0 0 0xe \WINNT\System32\ntoskrnl.exe 41. 8:8046231a 0 0 0xe \WINNT\System32\ntoskrnl.exe 42. 8:80462324 0 0 0xe \WINNT\System32\ntoskrnl.exe 43. 8:8046232e 0 0 0xe \WINNT\System32\ntoskrnl.exe 44. 8:80462338 0 0 0xe \WINNT\System32\ntoskrnl.exe 45. 8:80462342 0 0 0xe \WINNT\System32\ntoskrnl.exe 46. 8:8046234c 0 0 0xe \WINNT\System32\ntoskrnl.exe 47. 8:80462356 0 0 0xe \WINNT\System32\ntoskrnl.exe 48. 8:80462360 0 0 0xe \WINNT\System32\ntoskrnl.exe 49. 8:8046236a 0 0 0xe \WINNT\System32\ntoskrnl.exe 4a. 8:80462374 0 0 0xe \WINNT\System32\ntoskrnl.exe 4b. 8:8046237e 0 0 0xe \WINNT\System32\ntoskrnl.exe 4c. 8:80462388 0 0 0xe \WINNT\System32\ntoskrnl.exe 4d. 8:80462392 0 0 0xe \WINNT\System32\ntoskrnl.exe 4e. 8:8046239c 0 0 0xe \WINNT\System32\ntoskrnl.exe 4f. 8:804623a6 0 0 0xe \WINNT\System32\ntoskrnl.exe 50. 8:804623b0 0 0 0xe \WINNT\System32\ntoskrnl.exe 51. 8:804623ba 0 0 0xe \WINNT\System32\ntoskrnl.exe 52. 8:804623c4 0 0 0xe \WINNT\System32\ntoskrnl.exe 53. 8:804623ce 0 0 0xe \WINNT\System32\ntoskrnl.exe 54. 8:804623d8 0 0 0xe \WINNT\System32\ntoskrnl.exe 55. 8:804623e2 0 0 0xe \WINNT\System32\ntoskrnl.exe 56. 8:804623ec 0 0 0xe \WINNT\System32\ntoskrnl.exe 57. 8:804623f6 0 0 0xe \WINNT\System32\ntoskrnl.exe 58. 8:80462400 0 0 0xe \WINNT\System32\ntoskrnl.exe 59. 8:8046240a 0 0 0xe \WINNT\System32\ntoskrnl.exe 5a. 8:80462414 0 0 0xe \WINNT\System32\ntoskrnl.exe 5b. 8:8046241e 0 0 0xe \WINNT\System32\ntoskrnl.exe 5c. 8:80462428 0 0 0xe \WINNT\System32\ntoskrnl.exe 5d. 8:80462432 0 0 0xe \WINNT\System32\ntoskrnl.exe 5e. 8:8046243c 0 0 0xe \WINNT\System32\ntoskrnl.exe 5f. 8:80462446 0 0 0xe \WINNT\System32\ntoskrnl.exe 60. 8:80462450 0 0 0xe \WINNT\System32\ntoskrnl.exe 61. 8:8046245a 0 0 0xe \WINNT\System32\ntoskrnl.exe 62. 8:80462464 0 0 0xe \WINNT\System32\ntoskrnl.exe 63. 8:8046246e 0 0 0xe \WINNT\System32\ntoskrnl.exe 64. 8:80462478 0 0 0xe \WINNT\System32\ntoskrnl.exe 65. 8:80462482 0 0 0xe \WINNT\System32\ntoskrnl.exe 66. 8:8046248c 0 0 0xe \WINNT\System32\ntoskrnl.exe 67. 8:80462496 0 0 0xe \WINNT\System32\ntoskrnl.exe 68. 8:804624a0 0 0 0xe \WINNT\System32\ntoskrnl.exe 69. 8:804624aa 0 0 0xe \WINNT\System32\ntoskrnl.exe 6a. 8:804624b4 0 0 0xe \WINNT\System32\ntoskrnl.exe 6b. 8:804624be 0 0 0xe \WINNT\System32\ntoskrnl.exe 6c. 8:804624c8 0 0 0xe \WINNT\System32\ntoskrnl.exe 6d. 8:804624d2 0 0 0xe \WINNT\System32\ntoskrnl.exe 6e. 8:804624dc 0 0 0xe \WINNT\System32\ntoskrnl.exe 6f. 8:804624e6 0 0 0xe \WINNT\System32\ntoskrnl.exe 70. 8:804624f0 0 0 0xe \WINNT\System32\ntoskrnl.exe 71. 8:804624fa 0 0 0xe \WINNT\System32\ntoskrnl.exe 72. 8:80462504 0 0 0xe \WINNT\System32\ntoskrnl.exe 73. 8:8046250e 0 0 0xe \WINNT\System32\ntoskrnl.exe 74. 8:80462518 0 0 0xe \WINNT\System32\ntoskrnl.exe 75. 8:80462522 0 0 0xe \WINNT\System32\ntoskrnl.exe 76. 8:8046252c 0 0 0xe \WINNT\System32\ntoskrnl.exe 77. 8:80462536 0 0 0xe \WINNT\System32\ntoskrnl.exe 78. 8:80462540 0 0 0xe \WINNT\System32\ntoskrnl.exe 79. 8:8046254a 0 0 0xe \WINNT\System32\ntoskrnl.exe 7a. 8:80462554 0 0 0xe \WINNT\System32\ntoskrnl.exe 7b. 8:8046255e 0 0 0xe \WINNT\System32\ntoskrnl.exe 7c. 8:80462568 0 0 0xe \WINNT\System32\ntoskrnl.exe 7d. 8:80462572 0 0 0xe \WINNT\System32\ntoskrnl.exe 7e. 8:8046257c 0 0 0xe \WINNT\System32\ntoskrnl.exe 7f. 8:80462586 0 0 0xe \WINNT\System32\ntoskrnl.exe 80. 8:80462590 0 0 0xe \WINNT\System32\ntoskrnl.exe 81. 8:8046259a 0 0 0xe \WINNT\System32\ntoskrnl.exe 82. 8:804625a4 0 0 0xe \WINNT\System32\ntoskrnl.exe 83. 8:804625ae 0 0 0xe \WINNT\System32\ntoskrnl.exe 84. 8:804625b8 0 0 0xe \WINNT\System32\ntoskrnl.exe 85. 8:804625c2 0 0 0xe \WINNT\System32\ntoskrnl.exe 86. 8:804625cc 0 0 0xe \WINNT\System32\ntoskrnl.exe 87. 8:804625d6 0 0 0xe \WINNT\System32\ntoskrnl.exe 88. 8:804625e0 0 0 0xe \WINNT\System32\ntoskrnl.exe 89. 8:804625ea 0 0 0xe \WINNT\System32\ntoskrnl.exe 8a. 8:804625f4 0 0 0xe \WINNT\System32\ntoskrnl.exe 8b. 8:804625fe 0 0 0xe \WINNT\System32\ntoskrnl.exe 8c. 8:80462608 0 0 0xe \WINNT\System32\ntoskrnl.exe 8d. 8:80462612 0 0 0xe \WINNT\System32\ntoskrnl.exe 8e. 8:8046261c 0 0 0xe \WINNT\System32\ntoskrnl.exe 8f. 8:80462626 0 0 0xe \WINNT\System32\ntoskrnl.exe 90. 8:80462630 0 0 0xe \WINNT\System32\ntoskrnl.exe 91. 8:8046263a 0 0 0xe \WINNT\System32\ntoskrnl.exe 92. 8:80462644 0 0 0xe \WINNT\System32\ntoskrnl.exe 93. 8:8046264e 0 0 0xe \WINNT\System32\ntoskrnl.exe 94. 8:80462658 0 0 0xe \WINNT\System32\ntoskrnl.exe 95. 8:80462662 0 0 0xe \WINNT\System32\ntoskrnl.exe 96. 8:8046266c 0 0 0xe \WINNT\System32\ntoskrnl.exe 97. 8:80462676 0 0 0xe \WINNT\System32\ntoskrnl.exe 98. 8:80462680 0 0 0xe \WINNT\System32\ntoskrnl.exe 99. 8:8046268a 0 0 0xe \WINNT\System32\ntoskrnl.exe 9a. 8:80462694 0 0 0xe \WINNT\System32\ntoskrnl.exe 9b. 8:8046269e 0 0 0xe \WINNT\System32\ntoskrnl.exe 9c. 8:804626a8 0 0 0xe \WINNT\System32\ntoskrnl.exe 9d. 8:804626b2 0 0 0xe \WINNT\System32\ntoskrnl.exe 9e. 8:804626bc 0 0 0xe \WINNT\System32\ntoskrnl.exe 9f. 8:804626c6 0 0 0xe \WINNT\System32\ntoskrnl.exe a0. 8:804626d0 0 0 0xe \WINNT\System32\ntoskrnl.exe a1. 8:804626da 0 0 0xe \WINNT\System32\ntoskrnl.exe a2. 8:804626e4 0 0 0xe \WINNT\System32\ntoskrnl.exe a3. 8:804626ee 0 0 0xe \WINNT\System32\ntoskrnl.exe a4. 8:804626f8 0 0 0xe \WINNT\System32\ntoskrnl.exe a5. 8:80462702 0 0 0xe \WINNT\System32\ntoskrnl.exe a6. 8:8046270c 0 0 0xe \WINNT\System32\ntoskrnl.exe a7. 8:80462716 0 0 0xe \WINNT\System32\ntoskrnl.exe a8. 8:80462720 0 0 0xe \WINNT\System32\ntoskrnl.exe a9. 8:8046272a 0 0 0xe \WINNT\System32\ntoskrnl.exe aa. 8:80462734 0 0 0xe \WINNT\System32\ntoskrnl.exe ab. 8:8046273e 0 0 0xe \WINNT\System32\ntoskrnl.exe ac. 8:80462748 0 0 0xe \WINNT\System32\ntoskrnl.exe ad. 8:80462752 0 0 0xe \WINNT\System32\ntoskrnl.exe ae. 8:8046275c 0 0 0xe \WINNT\System32\ntoskrnl.exe af. 8:80462766 0 0 0xe \WINNT\System32\ntoskrnl.exe b0. 8:80462770 0 0 0xe \WINNT\System32\ntoskrnl.exe b1. 8:8046277a 0 0 0xe \WINNT\System32\ntoskrnl.exe b2. 8:80462784 0 0 0xe \WINNT\System32\ntoskrnl.exe b3. 8:8046278e 0 0 0xe \WINNT\System32\ntoskrnl.exe b4. 8:80462798 0 0 0xe \WINNT\System32\ntoskrnl.exe b5. 8:804627a2 0 0 0xe \WINNT\System32\ntoskrnl.exe b6. 8:804627ac 0 0 0xe \WINNT\System32\ntoskrnl.exe b7. 8:804627b6 0 0 0xe \WINNT\System32\ntoskrnl.exe b8. 8:804627c0 0 0 0xe \WINNT\System32\ntoskrnl.exe b9. 8:804627ca 0 0 0xe \WINNT\System32\ntoskrnl.exe ba. 8:804627d4 0 0 0xe \WINNT\System32\ntoskrnl.exe bb. 8:804627de 0 0 0xe \WINNT\System32\ntoskrnl.exe bc. 8:804627e8 0 0 0xe \WINNT\System32\ntoskrnl.exe bd. 8:804627f2 0 0 0xe \WINNT\System32\ntoskrnl.exe be. 8:804627fc 0 0 0xe \WINNT\System32\ntoskrnl.exe bf. 8:80462806 0 0 0xe \WINNT\System32\ntoskrnl.exe c0. 8:80462810 0 0 0xe \WINNT\System32\ntoskrnl.exe c1. 8:8046281a 0 0 0xe \WINNT\System32\ntoskrnl.exe c2. 8:80462824 0 0 0xe \WINNT\System32\ntoskrnl.exe c3. 8:8046282e 0 0 0xe \WINNT\System32\ntoskrnl.exe c4. 8:80462838 0 0 0xe \WINNT\System32\ntoskrnl.exe c5. 8:80462842 0 0 0xe \WINNT\System32\ntoskrnl.exe c6. 8:8046284c 0 0 0xe \WINNT\System32\ntoskrnl.exe c7. 8:80462856 0 0 0xe \WINNT\System32\ntoskrnl.exe c8. 8:80462860 0 0 0xe \WINNT\System32\ntoskrnl.exe c9. 8:8046286a 0 0 0xe \WINNT\System32\ntoskrnl.exe ca. 8:80462874 0 0 0xe \WINNT\System32\ntoskrnl.exe cb. 8:8046287e 0 0 0xe \WINNT\System32\ntoskrnl.exe cc. 8:80462888 0 0 0xe \WINNT\System32\ntoskrnl.exe cd. 8:80462892 0 0 0xe \WINNT\System32\ntoskrnl.exe ce. 8:8046289c 0 0 0xe \WINNT\System32\ntoskrnl.exe cf. 8:804628a6 0 0 0xe \WINNT\System32\ntoskrnl.exe d0. 8:804628b0 0 0 0xe \WINNT\System32\ntoskrnl.exe d1. 8:804628ba 0 0 0xe \WINNT\System32\ntoskrnl.exe d2. 8:804628c4 0 0 0xe \WINNT\System32\ntoskrnl.exe d3. 8:804628ce 0 0 0xe \WINNT\System32\ntoskrnl.exe d4. 8:804628d8 0 0 0xe \WINNT\System32\ntoskrnl.exe d5. 8:804628e2 0 0 0xe \WINNT\System32\ntoskrnl.exe d6. 8:804628ec 0 0 0xe \WINNT\System32\ntoskrnl.exe d7. 8:804628f6 0 0 0xe \WINNT\System32\ntoskrnl.exe d8. 8:80462900 0 0 0xe \WINNT\System32\ntoskrnl.exe d9. 8:8046290a 0 0 0xe \WINNT\System32\ntoskrnl.exe da. 8:80462914 0 0 0xe \WINNT\System32\ntoskrnl.exe db. 8:8046291e 0 0 0xe \WINNT\System32\ntoskrnl.exe dc. 8:80462928 0 0 0xe \WINNT\System32\ntoskrnl.exe dd. 8:80462932 0 0 0xe \WINNT\System32\ntoskrnl.exe de. 8:8046293c 0 0 0xe \WINNT\System32\ntoskrnl.exe df. 8:80462946 0 0 0xe \WINNT\System32\ntoskrnl.exe e0. 8:80462950 0 0 0xe \WINNT\System32\ntoskrnl.exe e1. 8:8046295a 0 0 0xe \WINNT\System32\ntoskrnl.exe e2. 8:80462964 0 0 0xe \WINNT\System32\ntoskrnl.exe e3. 8:8046296e 0 0 0xe \WINNT\System32\ntoskrnl.exe e4. 8:80462978 0 0 0xe \WINNT\System32\ntoskrnl.exe e5. 8:80462982 0 0 0xe \WINNT\System32\ntoskrnl.exe e6. 8:8046298c 0 0 0xe \WINNT\System32\ntoskrnl.exe e7. 8:80462996 0 0 0xe \WINNT\System32\ntoskrnl.exe e8. 8:804629a0 0 0 0xe \WINNT\System32\ntoskrnl.exe e9. 8:804629aa 0 0 0xe \WINNT\System32\ntoskrnl.exe ea. 8:804629b4 0 0 0xe \WINNT\System32\ntoskrnl.exe eb. 8:804629be 0 0 0xe \WINNT\System32\ntoskrnl.exe ec. 8:804629c8 0 0 0xe \WINNT\System32\ntoskrnl.exe ed. 8:804629d2 0 0 0xe \WINNT\System32\ntoskrnl.exe ee. 8:804629d9 0 0 0xe \WINNT\System32\ntoskrnl.exe ef. 8:804629e0 0 0 0xe \WINNT\System32\ntoskrnl.exe f0. 8:804629e7 0 0 0xe \WINNT\System32\ntoskrnl.exe f1. 8:804629ee 0 0 0xe \WINNT\System32\ntoskrnl.exe f2. 8:804629f5 0 0 0xe \WINNT\System32\ntoskrnl.exe f3. 8:804629fc 0 0 0xe \WINNT\System32\ntoskrnl.exe f4. 8:80462a03 0 0 0xe \WINNT\System32\ntoskrnl.exe f5. 8:80462a0a 0 0 0xe \WINNT\System32\ntoskrnl.exe f6. 8:80462a11 0 0 0xe \WINNT\System32\ntoskrnl.exe f7. 8:80462a18 0 0 0xe \WINNT\System32\ntoskrnl.exe f8. 8:80462a1f 0 0 0xe \WINNT\System32\ntoskrnl.exe f9. 8:80462a26 0 0 0xe \WINNT\System32\ntoskrnl.exe fa. 8:80462a2d 0 0 0xe \WINNT\System32\ntoskrnl.exe fb. 8:80462a34 0 0 0xe \WINNT\System32\ntoskrnl.exe fc. 8:80462a3b 0 0 0xe \WINNT\System32\ntoskrnl.exe fd. 8:80462a42 0 0 0xe \WINNT\System32\ntoskrnl.exe fe. 8:80462a49 0 0 0xe \WINNT\System32\ntoskrnl.exe ff. 8:80462a50 0 0 0xe \WINNT\System32\ntoskrnl.exe GDT Tables: GDT (callgates only): 0x80036000(36000) No. Selector:Offset ParamCount Dpl Type Module PsLoadedModuleList : 0x8046B618(46b618) Loaded System Modules: 1. ntoskrnl.exe<0xFCE28288(1445280)>: BaseAddress: 0x80400000 (400000) EntryPoint: 0x8040CF90 Size: 1702528 Flags: 0xc004000 Checksum: 0x1ac8b7 LoadCount: 1 Unknown1: 0 ImagePath: \WINNT\System32\ntoskrnl.exe 2. hal.dll<0xFCE281E8(14451e0)>: BaseAddress: 0x80062000 (62000) EntryPoint: 0x8006FE30 Size: 66528 Flags: 0xc004000 Checksum: 0x1a78e LoadCount: 1 Unknown1: 0 ImagePath: \WINNT\System32\hal.dll 3. BOOTVID.DLL<0xFCE28168(1445160)>: BaseAddress: 0xF0810000 (7d01000) EntryPoint: 0xF08118B0 Size: 12288 Flags: 0x9004000 Checksum: 0xd8a2 LoadCount: 2 Unknown1: 0 ImagePath: \WINNT\System32\BOOTVID.DLL 4. ACPI.sys<0xFCE280E8(14450e0)>: BaseAddress: 0xFC9F8000 (7d04000) EntryPoint: 0xFCA1C10B Size: 163840 Flags: 0x9004000 Checksum: 0x2d30f LoadCount: 1 Unknown1: 0 ImagePath: ACPI.sys 5. WMILIB.SYS<0xFCE28068(1445060)>: BaseAddress: 0xF09C8000 (7d2c000) EntryPoint: 0xF09C8AA0 Size: 4096 Flags: 0xd004000 Checksum: 0x8bfd LoadCount: 12 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\WMILIB.SYS 6. pci.sys<0xFCE26F88(1443f80)>: BaseAddress: 0xF0400000 (7d2d000) EntryPoint: 0xF040BA88 Size: 61440 Flags: 0x9004000 Checksum: 0x154e3 LoadCount: 1 Unknown1: 0 ImagePath: pci.sys 7. isapnp.sys<0xFCE26F08(1443f00)>: BaseAddress: 0xF0410000 (7d3c000) EntryPoint: 0xF0419A80 Size: 49152 Flags: 0x9004000 Checksum: 0x15782 LoadCount: 1 Unknown1: 0 ImagePath: isapnp.sys 8. ohci1394.sys<0xFCE26E88(1443e80)>: BaseAddress: 0xF0420000 (7d48000) EntryPoint: 0xF04273E0 Size: 40960 Flags: 0x9004000 Checksum: 0xd649 LoadCount: 1 Unknown1: 0 ImagePath: ohci1394.sys 9. 1394BUS.SYS<0xFCE26DE8(1443de0)>: BaseAddress: 0xF0430000 (7d52000) EntryPoint: 0xF0435360 Size: 45056 Flags: 0xd004000 Checksum: 0x111a7 LoadCount: 2 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\1394BUS.SYS 10. compbatt.sys<0xFCE26D68(1443d60)>: BaseAddress: 0xF0814000 (7d5d000) EntryPoint: 0xF0815900 Size: 12288 Flags: 0x9004000 Checksum: 0x63b9 LoadCount: 1 Unknown1: 0 ImagePath: compbatt.sys 11. BATTC.SYS<0xFCE27FA8(1444fa0)>: BaseAddress: 0xF0900000 (7da0000) EntryPoint: 0xF0900700 Size: 8192 Flags: 0xd004000 Checksum: 0xba7c LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\BATTC.SYS 12. PCIIde.sys<0xFCE27F48(1444f40)>: BaseAddress: 0xF09C9000 (7d62000) EntryPoint: 0xF09C92C0 Size: 4096 Flags: 0x9004000 Checksum: 0xfff0 LoadCount: 1 Unknown1: 0 ImagePath: PCIIde.sys 13. PCIIDEX.SYS<0xFCE27EC8(1444ec0)>: BaseAddress: 0xF0680000 (7d63000) EntryPoint: 0xF0683E70 Size: 24576 Flags: 0xd004000 Checksum: 0xbafb LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\Drivers\PCIIDEX.SYS 14. intelide.sys<0xFCE27E48(1444e40)>: BaseAddress: 0xF09CA000 (7d69000) EntryPoint: 0xF09CA2C0 Size: 4096 Flags: 0x9004000 Checksum: 0x3b0a LoadCount: 1 Unknown1: 0 ImagePath: intelide.sys 15. pcmcia.sys<0xFCE27DA8(1444da0)>: BaseAddress: 0xFC9DD000 (7d6a000) EntryPoint: 0xFC9F4A1C Size: 110592 Flags: 0x9004000 Checksum: 0x293f1 LoadCount: 1 Unknown1: 0 ImagePath: pcmcia.sys 16. ftdisk.sys<0xFCE27D28(1444d20)>: BaseAddress: 0xFC9C0000 (7d85000) EntryPoint: 0xFC9D91D8 Size: 118784 Flags: 0x9004000 Checksum: 0x2b963 LoadCount: 1 Unknown1: 0 ImagePath: ftdisk.sys 17. Diskperf.sys<0xFCE25008(1442000)>: BaseAddress: 0xF0902000 (7da2000) EntryPoint: 0xF09032C0 Size: 8192 Flags: 0x9004000 Checksum: 0xeef0 LoadCount: 1 Unknown1: 0 ImagePath: Diskperf.sys 18. dmio.sys<0xFCE25FA8(1442fa0)>: BaseAddress: 0xFC99E000 (7da4000) EntryPoint: 0xFC9A0824 Size: 139264 Flags: 0x9004000 Checksum: 0x30f8e LoadCount: 1 Unknown1: 0 ImagePath: dmio.sys 19. sbp2port.sys<0xFCE25F28(1442f20)>: BaseAddress: 0xF0440000 (7dc6000) EntryPoint: 0xF0446480 Size: 36864 Flags: 0x9004000 Checksum: 0xfd87 LoadCount: 1 Unknown1: 0 ImagePath: sbp2port.sys 20. ACPIEC.sys<0xFCE25E88(1442e80)>: BaseAddress: 0xF0818000 (7dcf000) EntryPoint: 0xF081A280 Size: 12288 Flags: 0x9004000 Checksum: 0x57c2 LoadCount: 1 Unknown1: 0 ImagePath: ACPIEC.sys 21. PartMgr.sys<0xFCE25E08(1442e00)>: BaseAddress: 0xF081C000 (7dd2000) EntryPoint: 0xF081E040 Size: 12288 Flags: 0x9004000 Checksum: 0x742c LoadCount: 1 Unknown1: 0 ImagePath: PartMgr.sys 22. MountMgr.sys<0xFCE25D88(1442d80)>: BaseAddress: 0xF0688000 (7dd5000) EntryPoint: 0xF068E160 Size: 32768 Flags: 0x9004000 Checksum: 0xe831 LoadCount: 1 Unknown1: 0 ImagePath: MountMgr.sys 23. atapi.sys<0xFCE25CE8(1442ce0)>: BaseAddress: 0xFC989000 (7ddd000) EntryPoint: 0xFC99B5BA Size: 86016 Flags: 0x9004000 Checksum: 0x1ad3f LoadCount: 1 Unknown1: 0 ImagePath: atapi.sys 24. va32w2.sys<0xFCE25C68(1442c60)>: BaseAddress: 0xF0690000 (7df2000) EntryPoint: 0xF0693FCE Size: 28672 Flags: 0x9004000 Checksum: 0x9158 LoadCount: 1 Unknown1: 0 ImagePath: va32w2.sys 25. SCSIPORT.SYS<0xFCE25BE8(1442be0)>: BaseAddress: 0xFC977000 (7df9000) EntryPoint: 0xFC9868BC Size: 73728 Flags: 0xd004000 Checksum: 0x162c6 LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\SCSIPORT.SYS 26. va16w2.sys<0xFCE25B48(1442b40)>: BaseAddress: 0xF0698000 (7e0b000) EntryPoint: 0xF069B246 Size: 20480 Flags: 0x9004000 Checksum: 0x10d4e LoadCount: 1 Unknown1: 0 ImagePath: va16w2.sys 27. disk.sys<0xFCE25AC8(1442ac0)>: BaseAddress: 0xF06A0000 (7e10000) EntryPoint: 0xF06A5120 Size: 28672 Flags: 0x9004000 Checksum: 0x11fe4 LoadCount: 1 Unknown1: 0 ImagePath: disk.sys 28. CLASSPNP.SYS<0xFCE25A48(1442a40)>: BaseAddress: 0xF0450000 (7e17000) EntryPoint: 0xF04570A0 Size: 36864 Flags: 0xd004000 Checksum: 0xa231 LoadCount: 3 Unknown1: 0 ImagePath: \WINNT\System32\DRIVERS\CLASSPNP.SYS 29. Fastfat.sys<0xFCE259A8(14429a0)>: BaseAddress: 0xFC954000 (7e60000) EntryPoint: 0xFC972806 Size: 143360 Flags: 0x9004000 Checksum: 0x2d073 LoadCount: 1 Unknown1: 0 ImagePath: Fastfat.sys 30. KSecDD.sys<0xFCE25928(1442920)>: BaseAddress: 0xFC943000 (7e43000) EntryPoint: 0xFC9528BE Size: 69632 Flags: 0x9004000 Checksum: 0x15d45 LoadCount: 4 Unknown1: 0 ImagePath: KSecDD.sys 31. NDIS.sys<0xFCE258A8(14428a0)>: BaseAddress: 0xFC91B000 (7e54000) EntryPoint: 0xFC93FF1E Size: 163840 Flags: 0x9004000 Checksum: 0x373fe LoadCount: 13 Unknown1: 0 ImagePath: NDIS.sys 32. NaiFsRec.sys<0xFCE25828(1442820)>: BaseAddress: 0xF0904000 (7e7c000) EntryPoint: 0xF090494E Size: 8192 Flags: 0x1004000 Checksum: 0xd391 LoadCount: 1 Unknown1: 0 ImagePath: NaiFsRec.sys 33. Mup.sys<0xFCE25788(1442780)>: BaseAddress: 0xFC905000 (7e7e000) EntryPoint: 0xFC90AB04 Size: 90112 Flags: 0x9004000 Checksum: 0x1f266 LoadCount: 1 Unknown1: 0 ImagePath: Mup.sys 34. VIDEOPRT.SYS<0xFCDC7E68(13e4e60)>: BaseAddress: 0xF0480000 (2234000) EntryPoint: 0xF048A800 Size: 53248 Flags: 0x9104000 Checksum: 0x1a5d2 LoadCount: 3 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS 35. i81xnt5.sys<0xFCDA42A8(13c12a0)>: BaseAddress: 0xFC8B2000 (2212000) EntryPoint: 0xFC8B22E0 Size: 139264 Flags: 0x9104000 Checksum: 0x26d86 LoadCount: 1 Unknown1: 86 ImagePath: \SystemRoot\System32\DRIVERS\i81xnt5.sys 36. PxHelper.sys<0xFCDC7928(13e4920)>: BaseAddress: 0xF087C000 (2283000) EntryPoint: 0xF087D3D8 Size: 12288 Flags: 0x1104000 Checksum: 0x95bd LoadCount: 1 Unknown1: 0 ImagePath: \??\C:\WINNT\System32\drivers\PxHelper.sys 37. cdrom.sys<0xFCDC7308(13e4300)>: BaseAddress: 0xF06D0000 (226b000) EntryPoint: 0xF06D5980 Size: 28672 Flags: 0x9104000 Checksum: 0x9f9f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\cdrom.sys 38. e100bnt5.sys<0xFCD284C8(13454c0)>: BaseAddress: 0xFC898000 (2293000) EntryPoint: 0xFC89B7B8 Size: 106496 Flags: 0x9104000 Checksum: 0x222a9 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\e100bnt5.sys 39. i8042prt.sys<0xFCDC6E68(13e3e60)>: BaseAddress: 0xF0490000 (22ad000) EntryPoint: 0xF0498000 Size: 49152 Flags: 0x9104000 Checksum: 0xc15a LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\i8042prt.sys 40. kbdclass.sys<0xFCDC69E8(13e39e0)>: BaseAddress: 0xF06E0000 (22be000) EntryPoint: 0xF06E3E64 Size: 24576 Flags: 0x9104000 Checksum: 0xe259 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\kbdclass.sys 41. Apfiltr.sys<0xFCDA3748(13c0740)>: BaseAddress: 0xF04A0000 (22e6000) EntryPoint: 0xF04A8F80 Size: 40960 Flags: 0x9104000 Checksum: 0xa904 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\Apfiltr.sys 42. mouclass.sys<0xFCDA3428(13c0420)>: BaseAddress: 0xF06F0000 (22f0000) EntryPoint: 0xF06F34E4 Size: 24576 Flags: 0x9104000 Checksum: 0x7e78 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\mouclass.sys 43. CmBatt.sys<0xFCD27D68(1344d60)>: BaseAddress: 0xF088C000 (22f9000) EntryPoint: 0xF088DBA0 Size: 12288 Flags: 0x9104000 Checksum: 0x2bdd LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\CmBatt.sys 44. SonyPI.sys<0xFCD4AF68(1367f60)>: BaseAddress: 0xF04B0000 (231c000) EntryPoint: 0xF04B785C Size: 36864 Flags: 0x1104000 Checksum: 0x14b69 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\SonyPI.sys 45. SonyNC.sys<0xFCD4A728(1367720)>: BaseAddress: 0xF06F8000 (2345000) EntryPoint: 0xF06FBE72 Size: 20480 Flags: 0x1104000 Checksum: 0x1ab68 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\SonyNC.sys 46. serial.sys<0xFCD4A0E8(13670e0)>: BaseAddress: 0xF04C0000 (234f000) EntryPoint: 0xF04CA300 Size: 65536 Flags: 0x9104000 Checksum: 0x11703 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\serial.sys 47. serenum.sys<0xFCD49D88(1366d80)>: BaseAddress: 0xF089C000 (2384000) EntryPoint: 0xF089E9C0 Size: 16384 Flags: 0x9104000 Checksum: 0x1105e LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\serenum.sys 48. parport.sys<0xFCD48EE8(1365ee0)>: BaseAddress: 0xF0710000 (238c000) EntryPoint: 0xF07104A2 Size: 28672 Flags: 0x9104000 Checksum: 0xeedd LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\parport.sys 49. fdc.sys<0xFCD48828(1365820)>: BaseAddress: 0xF0720000 (1) EntryPoint: 0xF0724F30 Size: 28672 Flags: 0x9104000 Checksum: 0x1553c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\fdc.sys 50. USBD.SYS<0xFCD47CE8(1364ce0)>: BaseAddress: 0xF0740000 (23b2000) EntryPoint: 0xF0740300 Size: 20480 Flags: 0x9104000 Checksum: 0x5465 LoadCount: 3 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\USBD.SYS 51. uhcd.sys<0xFCD47EE8(1364ee0)>: BaseAddress: 0xF0730000 (23aa000) EntryPoint: 0xF07302E0 Size: 32768 Flags: 0x9104000 Checksum: 0x11484 LoadCount: 1 Unknown1: 85 ImagePath: \SystemRoot\System32\DRIVERS\uhcd.sys 52. KS.SYS<0xFCDC2C48(13dfc40)>: BaseAddress: 0xFC80B000 (2526000) EntryPoint: 0xFC826060 Size: 122880 Flags: 0x9104000 Checksum: 0x2d626 LoadCount: 5 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\KS.SYS 53. portcls.sys<0xFCDC2EE8(13dfee0)>: BaseAddress: 0xFC829000 (2501000) EntryPoint: 0xFC83F87C Size: 151552 Flags: 0x9104000 Checksum: 0x30ed1 LoadCount: 1 Unknown1: 75 ImagePath: \SystemRoot\system32\drivers\portcls.sys 54. smwdm.sys<0xFCD471E8(13641e0)>: BaseAddress: 0xFC84E000 (2417000) EntryPoint: 0xFC88BE78 Size: 303104 Flags: 0x9104000 Checksum: 0x580c3 LoadCount: 1 Unknown1: 112 ImagePath: \SystemRoot\system32\drivers\smwdm.sys 55. rksample.sys<0xFCDC1D88(13ded80)>: BaseAddress: 0xF04D0000 (254f000) EntryPoint: 0xF04DBE18 Size: 57344 Flags: 0x9104000 Checksum: 0x2434c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rksample.sys 56. winachsf.sys<0xFCDC1948(13de940)>: BaseAddress: 0xFC715000 (2624000) EntryPoint: 0xFC77AFC0 Size: 450560 Flags: 0x9104000 Checksum: 0x9726c LoadCount: 1 Unknown1: 621 ImagePath: \SystemRoot\System32\DRIVERS\winachsf.sys 57. Modem.SYS<0xFCDC1548(13de540)>: BaseAddress: 0xF0768000 (26f2000) EntryPoint: 0xF076D6EA Size: 28672 Flags: 0x9104000 Checksum: 0x16f4a LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Modem.SYS 58. audstub.sys<0xFCDC08E8(13dd8e0)>: BaseAddress: 0xF0A45000 (2727000) EntryPoint: 0xF0A45500 Size: 4096 Flags: 0x9104000 Checksum: 0x8ef7 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\audstub.sys 59. rasl2tp.sys<0xFCD46908(1363900)>: BaseAddress: 0xF04E0000 (272c000) EntryPoint: 0xF04EB2A0 Size: 53248 Flags: 0x9104000 Checksum: 0x10dac LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rasl2tp.sys 60. ndistapi.sys<0xFCD46348(1363340)>: BaseAddress: 0xF08A8000 (2739000) EntryPoint: 0xF08A96E2 Size: 12288 Flags: 0x9104000 Checksum: 0xe062 LoadCount: 2 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ndistapi.sys 61. ndiswan.sys<0xFCDBFC48(13dcc40)>: BaseAddress: 0xFC6FE000 (273e000) EntryPoint: 0xFC711180 Size: 94208 Flags: 0x9104000 Checksum: 0x24edb LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ndiswan.sys 62. TDI.SYS<0xFCD45DA8(1362da0)>: BaseAddress: 0xF08B8000 (275b000) EntryPoint: 0xF08B87D0 Size: 16384 Flags: 0x9104000 Checksum: 0x1329d LoadCount: 10 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\TDI.SYS 63. raspptp.sys<0xFCD45FA8(1362fa0)>: BaseAddress: 0xF04F0000 (278f000) EntryPoint: 0xF04FA6C0 Size: 49152 Flags: 0x9104000 Checksum: 0xe275 LoadCount: 1 Unknown1: 84 ImagePath: \SystemRoot\System32\DRIVERS\raspptp.sys 64. ptilink.sys<0xFCD451E8(13621e0)>: BaseAddress: 0xF0788000 (27e1000) EntryPoint: 0xF07882E0 Size: 20480 Flags: 0x9104000 Checksum: 0xf2be LoadCount: 2 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ptilink.sys 65. raspti.sys<0xFCD25548(1342540)>: BaseAddress: 0xF0798000 (27c9000) EntryPoint: 0xF079B240 Size: 20480 Flags: 0x9104000 Checksum: 0xfed0 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\raspti.sys 66. SonyiNet.sys<0xFCDBEE88(13dbe80)>: BaseAddress: 0xF07A8000 (27d3000) EntryPoint: 0xF07A8414 Size: 28672 Flags: 0x9104000 Checksum: 0x10386 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\SonyiNet.sys 67. parallel.sys<0xFCDBE808(13db800)>: BaseAddress: 0xF0500000 (27ba000) EntryPoint: 0xF0502BBE Size: 61440 Flags: 0x9104000 Checksum: 0x16ad6 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\parallel.sys 68. swenum.sys<0xFCD448E8(13618e0)>: BaseAddress: 0xF0A48000 (280a000) EntryPoint: 0xF0A486A0 Size: 4096 Flags: 0x9104000 Checksum: 0x7716 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\swenum.sys 69. update.sys<0xFCD24D08(1341d00)>: BaseAddress: 0xFC6E4000 (2881000) EntryPoint: 0xFC6FCE60 Size: 106496 Flags: 0x9104000 Checksum: 0x209d8 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\update.sys 70. flpydisk.sys<0xFCDB03A8(13cd3a0)>: BaseAddress: 0xF07C8000 (2878000) EntryPoint: 0xF07CBBA0 Size: 20480 Flags: 0x9104000 Checksum: 0xf1a2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\flpydisk.sys 71. usbhub.sys<0xFCD3C4E8(13594e0)>: BaseAddress: 0xF0540000 (287f000) EntryPoint: 0xF0540372 Size: 40960 Flags: 0x9104000 Checksum: 0xaef8 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\usbhub.sys 72. NDProxy.SYS<0xFCD9A568(13b7560)>: BaseAddress: 0xF0550000 (292b000) EntryPoint: 0xF0558720 Size: 40960 Flags: 0x9104000 Checksum: 0x121c3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\NDProxy.SYS 73. USBSTOR.SYS<0xFCD97DA8(13b4da0)>: BaseAddress: 0xF07D8000 (2969000) EntryPoint: 0xF07D9CA0 Size: 20480 Flags: 0x9104000 Checksum: 0x10fba LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\USBSTOR.SYS 74. SonyUSBL.sys<0xFCD96A28(13b3a20)>: BaseAddress: 0xF0912000 (296e000) EntryPoint: 0xF09122C0 Size: 8192 Flags: 0x9104000 Checksum: 0xf068 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\SonyUSBL.sys 75. Fs_Rec.SYS<0xFCCC8608(12e5600)>: BaseAddress: 0xF0916000 (29c2000) EntryPoint: 0xF0917294 Size: 8192 Flags: 0x9104000 Checksum: 0xab4c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Fs_Rec.SYS 76. Null.SYS<0xFCCC8548(12e5540)>: BaseAddress: 0xF0A7F000 (29a4000) EntryPoint: 0xF0A7F47A Size: 4096 Flags: 0x9104000 Checksum: 0x23ce LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Null.SYS 77. Beep.SYS<0xFCD8E708(13ab700)>: BaseAddress: 0xF0A83000 (29a5000) EntryPoint: 0xF0A8329A Size: 4096 Flags: 0x9104000 Checksum: 0xc54f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Beep.SYS 78. biosview.sys<0xFCCC93C8(12e63c0)>: BaseAddress: 0xF091A000 (29a6000) EntryPoint: 0xF091A2E2 Size: 8192 Flags: 0x9104000 Checksum: 0x76f0 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\biosview.sys 79. vga.sys<0xFCCC8A88(12e5a80)>: BaseAddress: 0xF08D4000 (29a8000) EntryPoint: 0xF08D6C40 Size: 16384 Flags: 0x9104000 Checksum: 0x1047d LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\drivers\vga.sys 80. mnmdd.SYS<0xFCCC73A8(12e43a0)>: BaseAddress: 0xF0A8B000 (29b9000) EntryPoint: 0xF0A8B3A0 Size: 4096 Flags: 0x9104000 Checksum: 0xf6c2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\mnmdd.SYS 81. Msfs.SYS<0xFCCC72E8(12e42e0)>: BaseAddress: 0xF07F8000 (29ce000) EntryPoint: 0xF07FBEDA Size: 24576 Flags: 0x9104000 Checksum: 0xe5fa LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Msfs.SYS 82. Npfs.SYS<0xFCCC63E8(12e33e0)>: BaseAddress: 0xF0560000 (29d4000) EntryPoint: 0xF056790E Size: 36864 Flags: 0x9104000 Checksum: 0x17e60 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Npfs.SYS 83. UdfReadr.SYS<0xFCCC4208(12e1200)>: BaseAddress: 0xF8371000 (29fd000) EntryPoint: 0xF8372722 Size: 208896 Flags: 0x1004000 Checksum: 0x38b5d LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\UdfReadr.SYS 84. rasacd.sys<0xFCD8DD68(13aad60)>: BaseAddress: 0xF0922000 (2a85000) EntryPoint: 0xF0923493 Size: 8192 Flags: 0x9104000 Checksum: 0xf369 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rasacd.sys 85. tcpip.sys<0xFCCC5FA8(12e2fa0)>: BaseAddress: 0xF82E8000 (2aad000) EntryPoint: 0xF832E4CA Size: 323584 Flags: 0x9104000 Checksum: 0x56824 LoadCount: 3 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\tcpip.sys 86. msgpc.sys<0xFCC90C68(12adc60)>: BaseAddress: 0xF0570000 (2b33000) EntryPoint: 0xF05702E0 Size: 36864 Flags: 0x9104000 Checksum: 0x17874 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\msgpc.sys 87. netbt.sys<0xFCC8EFA8(12abfa0)>: BaseAddress: 0xF82C4000 (2be0000) EntryPoint: 0xF82E3F2E Size: 147456 Flags: 0x9104000 Checksum: 0x282d2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\netbt.sys 88. wanarp.sys<0xFCC8D848(12aa840)>: BaseAddress: 0xF06B0000 (2b8a000) EntryPoint: 0xF06B6266 Size: 32768 Flags: 0x9104000 Checksum: 0x9122 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\wanarp.sys 89. netbios.sys<0xFCD6C348(1389340)>: BaseAddress: 0xF0580000 (2bb6000) EntryPoint: 0xF0586E20 Size: 36864 Flags: 0x9104000 Checksum: 0xb5c1 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\netbios.sys 90. rdbss.sys<0xFCC864C8(12a34c0)>: BaseAddress: 0xF82A2000 (2c11000) EntryPoint: 0xF82BFF20 Size: 139264 Flags: 0x9104000 Checksum: 0x2c2a9 LoadCount: 2 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\rdbss.sys 91. mrxsmb.sys<0xFCD6D688(138a680)>: BaseAddress: 0xF8232000 (2c8d000) EntryPoint: 0xF8254DD6 Size: 385024 Flags: 0x9104000 Checksum: 0x69eb4 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\mrxsmb.sys 92. dump_WMILIB.SYS<0xFCD5ECA8(137bca0)>: BaseAddress: 0xF0AEE000 (5a83000) EntryPoint: 0xF0AEEAA0 Size: 4096 Flags: 0x9104000 Checksum: 0x8bfd LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\dump_WMILIB.SYS 93. dump_atapi.sys<0xFCD61068(137e060)>: BaseAddress: 0xF81F5000 (59ee000) EntryPoint: 0xF82075BA Size: 86016 Flags: 0x9104000 Checksum: 0x1ad3f LoadCount: 1 Unknown1: 87 ImagePath: \SystemRoot\System32\Drivers\dump_atapi.sys 94. win32k.sys<0xFCD5DCE8(137ace0)>: BaseAddress: 0xA0000000 (67ef000) EntryPoint: 0xA0194C37 Size: 1728512 Flags: 0x9104000 Checksum: 0x1b02d1 LoadCount: 1 Unknown1: 0 ImagePath: \??\C:\WINNT\system32\win32k.sys 95. Vchnt5.DLL<0xFCC5F408(127c400)>: BaseAddress: 0xFC793000 (6a4e000) EntryPoint: 0xFC793300 Size: 12288 Flags: 0x9104000 Checksum: 0xfa01 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\Vchnt5.DLL 96. Ch7xxNT5.DLL<0xFCC5F168(127c160)>: BaseAddress: 0xFC78B000 (1) EntryPoint: 0xFC78B300 Size: 16384 Flags: 0x9104000 Checksum: 0xb9b7 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\Ch7xxNT5.DLL 97. SiInt5.DLL<0xFCC5E9A8(127b9a0)>: BaseAddress: 0xF0AF3000 (6a56000) EntryPoint: 0xF0AF32E0 Size: 4096 Flags: 0x9104000 Checksum: 0x10943 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\SiInt5.DLL 98. atv01nt5.DLL<0xFCC5DE48(127ae40)>: BaseAddress: 0xF0778000 (1) EntryPoint: 0xF0778300 Size: 24576 Flags: 0x9104000 Checksum: 0x6ccb LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv01nt5.DLL 99. adv01nt5.DLL<0xFCC5D6C8(127a6c0)>: BaseAddress: 0xF0930000 (6a3e000) EntryPoint: 0xF09302E0 Size: 8192 Flags: 0x9104000 Checksum: 0xa1f2 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\adv01nt5.DLL 100. atv02nt5.DLL<0xFCC5CF68(1279f60)>: BaseAddress: 0xFC783000 (6b21000) EntryPoint: 0xFC783300 Size: 12288 Flags: 0x9104000 Checksum: 0x4caf LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv02nt5.DLL 101. adv02nt5.DLL<0xFCC5C868(1279860)>: BaseAddress: 0xF0AF6000 (6a64000) EntryPoint: 0xF0AF62E0 Size: 4096 Flags: 0x9104000 Checksum: 0xcef8 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\adv02nt5.DLL 102. atv04nt5.DLL<0xFCC5C128(1279120)>: BaseAddress: 0xF0790000 (1) EntryPoint: 0xF0790300 Size: 24576 Flags: 0x9104000 Checksum: 0xced3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv04nt5.DLL 103. adv05nt5.DLL<0xFCC5BDE8(1278de0)>: BaseAddress: 0xF0AF9000 (6a8d000) EntryPoint: 0xF0AF92E0 Size: 4096 Flags: 0x9104000 Checksum: 0x4c3f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\adv05nt5.DLL 104. atv06nt5.DLL<0xFCC5B668(1278660)>: BaseAddress: 0xF08A4000 (6a8f000) EntryPoint: 0xF08A4300 Size: 12288 Flags: 0x9104000 Checksum: 0x97ce LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\atv06nt5.DLL 105. i81xdnt5.dll<0xFCC5A9E8(12779e0)>: BaseAddress: 0xF8133000 (6b33000) EntryPoint: 0xF8133320 Size: 663552 Flags: 0x9104000 Checksum: 0xa775c LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\i81xdnt5.dll 106. afd.sys<0xFF282F68(9def60)>: BaseAddress: 0xF7FFD000 (bb1000) EntryPoint: 0xF801784A Size: 122880 Flags: 0x9104000 Checksum: 0x2ce34 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\drivers\afd.sys 107. ParVdm.SYS<0xFF26C9C8(fad9c0)>: BaseAddress: 0xF094A000 (15b6000) EntryPoint: 0xF094A900 Size: 8192 Flags: 0x9104000 Checksum: 0x770b LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\ParVdm.SYS 108. amosnt.sys<0xFF26B6E8(2506e0)>: BaseAddress: 0xF7F8A000 (f9d000) EntryPoint: 0xF7FAAD78 Size: 143360 Flags: 0x9104000 Checksum: 0x3dee3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\amosnt.sys 109. Aspi32.SYS<0xFF26B1C8(2501c0)>: BaseAddress: 0xF80EB000 (61000) EntryPoint: 0xF80EB48A Size: 16384 Flags: 0x1104000 Checksum: 0xc64f LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Aspi32.SYS 110. dfrwsdrv.sys<0xFF25C7E8(19827e0)>: BaseAddress: 0xF0A74000 (19a7000) EntryPoint: 0xF0A74718 Size: 4096 Flags: 0x9104000 Checksum: 0xb8ac LoadCount: 1 Unknown1: 0 ImagePath: \??\c:\winnt\system32\dfrwsdrv.sys 111. fallback.sys<0xFF25E848(1d8840)>: BaseAddress: 0xF7E7C000 (2b46000) EntryPoint: 0xF7EBF958 Size: 286720 Flags: 0x9104000 Checksum: 0x74577 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\fallback.sys 112. fsksnt.sys<0xFF251A08(4793a00)>: BaseAddress: 0xF7E66000 (454d000) EntryPoint: 0xF7E7A938 Size: 90112 Flags: 0x9104000 Checksum: 0x32482 LoadCount: 1 Unknown1: 1112 ImagePath: \SystemRoot\System32\DRIVERS\fsksnt.sys 113. wdmaud.sys<0xFF250B88(7c7b80)>: BaseAddress: 0xF7E53000 (45d1000) EntryPoint: 0xF7E568B8 Size: 77824 Flags: 0x9104000 Checksum: 0x183eb LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\wdmaud.sys 114. Ich.sys<0xFF24ED08(7d47d00)>: BaseAddress: 0xF8063000 (460e000) EntryPoint: 0xF806F638 Size: 57344 Flags: 0x9104000 Checksum: 0x20e7f LoadCount: 1 Unknown1: 1128 ImagePath: \SystemRoot\System32\DRIVERS\Ich.sys 115. sysaudio.sys<0xFF24E528(7d47520)>: BaseAddress: 0xF8053000 (47c1000) EntryPoint: 0xF805D340 Size: 49152 Flags: 0x9104000 Checksum: 0xe409 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\sysaudio.sys 116. k56nt.sys<0xFF253708(651700)>: BaseAddress: 0xF7DF3000 (4a65000) EntryPoint: 0xF7E4F498 Size: 393216 Flags: 0x9104000 Checksum: 0xaf3ad LoadCount: 1 Unknown1: 1162 ImagePath: \SystemRoot\System32\DRIVERS\k56nt.sys 117. kmixer.sys<0xFF226168(778160)>: BaseAddress: 0xF7D07000 (7ef000) EntryPoint: 0xF7D181B3 Size: 147456 Flags: 0x9104000 Checksum: 0x2ef53 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\system32\drivers\kmixer.sys 118. faxnt.sys<0xFF225788(478b780)>: BaseAddress: 0xF7CD6000 (4e82000) EntryPoint: 0xF7D04B18 Size: 200704 Flags: 0x9104000 Checksum: 0x57808 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\faxnt.sys 119. srv.sys<0xFF24A828(3bd820)>: BaseAddress: 0xF7C73000 (1be0000) EntryPoint: 0xF7CA90A0 Size: 241664 Flags: 0x9104000 Checksum: 0x3abee LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\srv.sys 120. tonesnt.sys<0xFF24DAC8(766ac0)>: BaseAddress: 0xF80A3000 (516f000) EntryPoint: 0xF80ADEB8 Size: 53248 Flags: 0x9104000 Checksum: 0x18925 LoadCount: 1 Unknown1: 1271 ImagePath: \SystemRoot\System32\DRIVERS\tonesnt.sys 121. v124nt.sys<0xFF1FEF08(5486f00)>: BaseAddress: 0xF7B60000 (4a31000) EntryPoint: 0xF7BCE698 Size: 471040 Flags: 0x9104000 Checksum: 0xc7564 LoadCount: 1 Unknown1: 65535 ImagePath: \SystemRoot\System32\DRIVERS\v124nt.sys 122. Cdfs.SYS<0xFF1FDB08(4859b00)>: BaseAddress: 0xF7DB3000 (540e000) EntryPoint: 0xF7DC01A0 Size: 61440 Flags: 0x9104000 Checksum: 0x1296d LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\Drivers\Cdfs.SYS 123. ipsec.sys<0xFCDA5588(13c2580)>: BaseAddress: 0xF7AFB000 (1ed4000) EntryPoint: 0xF7B0DCE6 Size: 86016 Flags: 0x9104000 Checksum: 0x21cb3 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\DRIVERS\ipsec.sys 124. ATMFD.DLL<0xFF191B88(39b1b80)>: BaseAddress: 0xF7656000 (1) EntryPoint: 0xF7658E3A Size: 290816 Flags: 0x9104000 Checksum: 0x4f552 LoadCount: 1 Unknown1: 0 ImagePath: \SystemRoot\System32\ATMFD.DLL Unloaded System Modules: 0x80480418 (0x480418) 1. (0x0): BaseAddress: 0x00000000 ImageEnd: 0x00000000 Unknown1: 0x0 Unknown2: 0x0 2. DMusic.sys(0x55b3848): BaseAddress: 0xF8654000 ImageEnd: 0xF8661000 Unknown1: 0xca2635b0 Unknown2: 0x1c569df 3. swmidi.sys(0x3bd7c8): BaseAddress: 0xF0600000 ImageEnd: 0xF060D000 Unknown1: 0xc7580390 Unknown2: 0x1c569df 4. VGA.dll(0x12784c8): BaseAddress: 0xF81C0000 ImageEnd: 0xF81D5000 Unknown1: 0x91c40090 Unknown2: 0x1c569df 5. i81xdnt5.dll(0x1278728): BaseAddress: 0xF8133000 ImageEnd: 0xF81D5000 Unknown1: 0x91c0f230 Unknown2: 0x1c569df 6. redbook.sys(0x12a99a8): BaseAddress: 0xF0590000 ImageEnd: 0xF0599000 Unknown1: 0x68202490 Unknown2: 0x1c569df Drivers: \Driver\WMI<0xFCDF4A30(1411a30)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0xFCDF44D8 DriverInit: 0x80561536 \WINNT\System32\ntoskrnl.exe DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80512A98 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80512AD8 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x804B1C53 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80512B8C \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80512FB6 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: \Driver\WMI \Driver\KSecDD<0xFCD50650(136d650)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25928 KSecDD.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9528BE KSecDD.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC94BA3A KSecDD.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC94BA3A KSecDD.sys IRP_MJ_READ: 0xFC94BA3A KSecDD.sys IRP_MJ_WRITE: 0xFC94BA3A KSecDD.sys IRP_MJ_QUERY_INFORMATION: 0xFC94BA3A KSecDD.sys IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC94BA3A KSecDD.sys IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC94BA3A KSecDD.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: KSecDD \Driver\NDIS<0xFCD4E8F0(136b8f0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE258A8 NDIS.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC93FF1E NDIS.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC91F196 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC91F196 NDIS.sys IRP_MJ_CLOSE: 0xFC91F196 NDIS.sys IRP_MJ_READ: 0xFC91F196 NDIS.sys IRP_MJ_WRITE: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_EA: 0xFC91F196 NDIS.sys IRP_MJ_SET_EA: 0xFC91F196 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC91F196 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC91F196 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_CLEANUP: 0xFC91F196 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC91F196 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC91F196 NDIS.sys IRP_MJ_POWER: 0xFC91F196 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC91F196 NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC91F196 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC91F196 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC91F196 NDIS.sys IRP_MJ_PNP: 0xFC91F196 NDIS.sys AddDevice: 0x00000000 ServiceKeyName: NDIS \Driver\Beep<0xFCD8E5D0(13ab5d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD8E708 \SystemRoot\System32\Drivers\Beep.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0A8329A \SystemRoot\System32\Drivers\Beep.SYS DriverStartIo: 0xF0A83572 \SystemRoot\System32\Drivers\Beep.SYS DriverUnload: 0xF0A8367E \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_CREATE: 0xF0A834C0 \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A8350E \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0A83456 \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0A8339E \SystemRoot\System32\Drivers\Beep.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Beep \Driver\V124<0xFF217E50(53cae50)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF1FEF08 \SystemRoot\System32\DRIVERS\v124nt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7BCE698 \SystemRoot\System32\DRIVERS\v124nt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7B6BA60 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_CREATE: 0xF7B6BB00 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7B6BB00 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_READ: 0xF7B6BB00 \SystemRoot\System32\DRIVERS\v124nt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: V124 \Driver\Raspti<0xFCD253B0(13423b0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD25548 \SystemRoot\System32\DRIVERS\raspti.sys FastIoDispatch: 0x00000000 DriverInit: 0xF079B240 \SystemRoot\System32\DRIVERS\raspti.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: Raspti \Driver\Mouclass<0xFCD4BED0(1368ed0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA3428 \SystemRoot\System32\DRIVERS\mouclass.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06F34E4 \SystemRoot\System32\DRIVERS\mouclass.sys DriverStartIo: 0xF06F0C7C \SystemRoot\System32\DRIVERS\mouclass.sys DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF06F058C \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF06F0808 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_READ: 0xF06F0A38 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF06F04F2 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF06F2466 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06F2080 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF06F04B6 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF06F2F92 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_SYSTEM_CONTROL: 0xF06F3270 \SystemRoot\System32\DRIVERS\mouclass.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF06F1026 \SystemRoot\System32\DRIVERS\mouclass.sys AddDevice: 0xF06F2142 \SystemRoot\System32\DRIVERS\mouclass.sys ServiceKeyName: Mouclass \Driver\Diskperf<0xFCD59570(1376570)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25008 Diskperf.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09032C0 Diskperf.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0902EC2 Diskperf.sys IRP_MJ_CREATE: 0xF09023B6 Diskperf.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF09022F6 Diskperf.sys IRP_MJ_CLOSE: 0xF09022F6 Diskperf.sys IRP_MJ_READ: 0xF09023CC Diskperf.sys IRP_MJ_WRITE: 0xF09023CC Diskperf.sys IRP_MJ_QUERY_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_SET_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_QUERY_EA: 0xF09022F6 Diskperf.sys IRP_MJ_SET_EA: 0xF09022F6 Diskperf.sys IRP_MJ_FLUSH_BUFFERS: 0xF090268A Diskperf.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF09022F6 Diskperf.sys IRP_MJ_DIRECTORY_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_DEVICE_CONTROL: 0xF090256E Diskperf.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_SHUTDOWN: 0xF090268A Diskperf.sys IRP_MJ_LOCK_CONTROL: 0xF09022F6 Diskperf.sys IRP_MJ_CLEANUP: 0xF09022F6 Diskperf.sys IRP_MJ_CREATE_MAILSLOT: 0xF09022F6 Diskperf.sys IRP_MJ_QUERY_SECURITY: 0xF09022F6 Diskperf.sys IRP_MJ_SET_SECURITY: 0xF09022F6 Diskperf.sys IRP_MJ_POWER: 0xF0902314 Diskperf.sys IRP_MJ_SYSTEM_CONTROL: 0xF0902DCA Diskperf.sys IRP_MJ_DEVICE_CHANGE: 0xF09022F6 Diskperf.sys IRP_MJ_QUERY_QUOTA: 0xF09022F6 Diskperf.sys IRP_MJ_SET_QUOTA: 0xF09022F6 Diskperf.sys IRP_MJ_PNP: 0xF0902C26 Diskperf.sys AddDevice: 0xF0902AFA Diskperf.sys ServiceKeyName: Diskperf \Driver\Kbdclass<0xFCDC6810(13e3810)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC69E8 \SystemRoot\System32\DRIVERS\kbdclass.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06E3E64 \SystemRoot\System32\DRIVERS\kbdclass.sys DriverStartIo: 0xF06E0D58 \SystemRoot\System32\DRIVERS\kbdclass.sys DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF06E066E \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF06E08EC \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_READ: 0xF06E0B1C \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF06E05D4 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF06E28EC \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06E2380 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF06E04B6 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF06E35E2 \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_SYSTEM_CONTROL: 0xF06E3BFE \SystemRoot\System32\DRIVERS\kbdclass.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF06E1168 \SystemRoot\System32\DRIVERS\kbdclass.sys AddDevice: 0xF06E2494 \SystemRoot\System32\DRIVERS\kbdclass.sys ServiceKeyName: Kbdclass \Driver\Compbatt<0xFCD2B670(1348670)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26D68 compbatt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0815900 compbatt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0814DC0 compbatt.sys IRP_MJ_CREATE: 0xF081445C compbatt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF081445C compbatt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0814DC8 compbatt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0814930 compbatt.sys IRP_MJ_SYSTEM_CONTROL: 0xF0814476 compbatt.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0814872 compbatt.sys AddDevice: 0xF081432E compbatt.sys ServiceKeyName: Compbatt \Driver\NDProxy<0xFCD9A3D0(13b73d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD9A568 \SystemRoot\System32\Drivers\NDProxy.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0558720 \SystemRoot\System32\Drivers\NDProxy.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF0550506 \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_CREATE: 0xF0550604 \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0550604 \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF055061E \SystemRoot\System32\Drivers\NDProxy.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: NDProxy \Driver\VgaSave<0xFCCC87D0(12e57d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC8A88 \SystemRoot\System32\drivers\vga.sys FastIoDispatch: 0x00000000 DriverInit: 0xF08D6C40 \SystemRoot\System32\drivers\vga.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04886C4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: VgaSave \Driver\MountMgr<0xFCDAEA30(13cba30)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25D88 MountMgr.sys FastIoDispatch: 0x00000000 DriverInit: 0xF068E160 MountMgr.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF068C622 MountMgr.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF068C622 MountMgr.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF068DEB6 MountMgr.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0688658 MountMgr.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: MountMgr \Driver\Ptilink<0xFCD25030(1342030)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD451E8 \SystemRoot\System32\DRIVERS\ptilink.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07882E0 \SystemRoot\System32\DRIVERS\ptilink.sys DriverStartIo: 0x00000000 DriverUnload: 0xF07894AC \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_CREATE: 0xF0788E1A \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07890B8 \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_READ: 0xF078930A \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_WRITE: 0xF0789298 \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0789404 \SystemRoot\System32\DRIVERS\ptilink.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Ptilink \Driver\SonyUSBL<0xFCD963F0(13b33f0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD96A28 \SystemRoot\System32\DRIVERS\SonyUSBL.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09122C0 \SystemRoot\System32\DRIVERS\SonyUSBL.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0912308 \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CREATE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CLOSE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_READ: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_WRITE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_EA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_EA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_FLUSH_BUFFERS: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_DIRECTORY_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_DEVICE_CONTROL: 0xF091267A \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF091267A \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SHUTDOWN: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_LOCK_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CLEANUP: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_CREATE_MAILSLOT: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_SECURITY: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_SECURITY: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_POWER: 0xF0912598 \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SYSTEM_CONTROL: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_DEVICE_CHANGE: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_QUERY_QUOTA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_SET_QUOTA: 0xF091260C \SystemRoot\System32\DRIVERS\SonyUSBL.sys IRP_MJ_PNP: 0xF0912442 \SystemRoot\System32\DRIVERS\SonyUSBL.sys AddDevice: 0xF0912322 \SystemRoot\System32\DRIVERS\SonyUSBL.sys ServiceKeyName: SonyUSBL \Driver\wdmaud<0xFF2507D0(7c77d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF250B88 \SystemRoot\system32\drivers\wdmaud.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7E568B8 \SystemRoot\system32\drivers\wdmaud.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7E5F56B \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_CREATE: 0xF7E5939D \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7E5883C \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF7E571A1 \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF7E58666 \SystemRoot\system32\drivers\wdmaud.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC80CA6A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC81682C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF7E5E18E \SystemRoot\system32\drivers\wdmaud.sys AddDevice: 0xF7E56920 \SystemRoot\system32\drivers\wdmaud.sys ServiceKeyName: wdmaud \Driver\ohci1394<0xFCD57590(1374590)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26E88 ohci1394.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04273E0 ohci1394.sys DriverStartIo: 0xF04215AA ohci1394.sys DriverUnload: 0xF04202C0 ohci1394.sys IRP_MJ_CREATE: 0xF0430300 \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0430300 \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0420D1A ohci1394.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF043031A \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0432EEA \WINNT\System32\DRIVERS\1394BUS.SYS IRP_MJ_SYSTEM_CONTROL: 0xF04276EA ohci1394.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04364C1 \WINNT\System32\DRIVERS\1394BUS.SYS AddDevice: 0xF0427426 ohci1394.sys ServiceKeyName: ohci1394 \Driver\Aspi32<0xFF26A030(f99030)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF26B1C8 \SystemRoot\System32\Drivers\Aspi32.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF80EB48A \SystemRoot\System32\Drivers\Aspi32.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF80ED8BC \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_CREATE: 0xF80EBF98 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF80EC3E4 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF80EBFB2 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF80EC3B2 \SystemRoot\System32\Drivers\Aspi32.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Aspi32 \Driver\SoftFax<0xFF2253F0(478b3f0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF225788 \SystemRoot\System32\DRIVERS\faxnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7D04B18 \SystemRoot\System32\DRIVERS\faxnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7CD8B10 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_CREATE: 0xF7CD8BB0 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7CD8BB0 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_READ: 0xF7CD8BB0 \SystemRoot\System32\DRIVERS\faxnt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: SoftFax \Driver\isapnp<0xFCD2EB70(134bb70)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F08 isapnp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0419A80 isapnp.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04140E0 isapnp.sys IRP_MJ_CREATE: 0xF0414322 isapnp.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0414322 isapnp.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04142E8 isapnp.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF041337F isapnp.sys IRP_MJ_SYSTEM_CONTROL: 0xF04142E8 isapnp.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0414262 isapnp.sys AddDevice: 0xF04140E4 isapnp.sys ServiceKeyName: isapnp \Driver\atapi<0xFCDAE730(13cb730)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25CE8 atapi.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC99B5BA atapi.sys DriverStartIo: 0xFC98EC44 atapi.sys DriverUnload: 0xFC998A00 atapi.sys IRP_MJ_CREATE: 0xFC992BFA atapi.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC992BFA atapi.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC992C10 atapi.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC98E6BE atapi.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC992C30 atapi.sys IRP_MJ_SYSTEM_CONTROL: 0xFC998984 atapi.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC998956 atapi.sys AddDevice: 0xFC996D76 atapi.sys ServiceKeyName: atapi \Driver\E100B<0xFCD28390(1345390)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD284C8 \SystemRoot\System32\DRIVERS\e100bnt5.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC89B7B8 \SystemRoot\System32\DRIVERS\e100bnt5.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: E100B \Driver\K56<0xFF250D50(7c7d50)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF253708 \SystemRoot\System32\DRIVERS\k56nt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7E4F498 \SystemRoot\System32\DRIVERS\k56nt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7DFB560 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_CREATE: 0xF7DFB600 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7DFB600 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_READ: 0xF7DFB600 \SystemRoot\System32\DRIVERS\k56nt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: K56 \Driver\dmio<0xFCD59470(1376470)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25FA8 dmio.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9A0824 dmio.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC9A0D18 dmio.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC9A0DCC dmio.sys IRP_MJ_READ: 0xFC9A0E4C dmio.sys IRP_MJ_WRITE: 0xFC9A0EA6 dmio.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC9A14C6 dmio.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC9A0F90 dmio.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9A1F3E dmio.sys IRP_MJ_SHUTDOWN: 0xFC9A14C6 dmio.sys IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC9A1ED0 dmio.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC9A18FC dmio.sys AddDevice: 0xFC9A1814 dmio.sys ServiceKeyName: dmio \Driver\USBSTOR<0xFCD31910(134e910)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD97DA8 \SystemRoot\System32\DRIVERS\USBSTOR.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF07D9CA0 \SystemRoot\System32\DRIVERS\USBSTOR.SYS DriverStartIo: 0xF07D86AE \SystemRoot\System32\DRIVERS\USBSTOR.SYS DriverUnload: 0xF07D9D06 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_CREATE: 0xF07DBF08 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07DBF08 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_READ: 0xF07DBF22 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_WRITE: 0xF07DBF22 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF07DB486 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF07D8422 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF07D9E40 \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_SYSTEM_CONTROL: 0xF07D9F2C \SystemRoot\System32\DRIVERS\USBSTOR.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF07D9F70 \SystemRoot\System32\DRIVERS\USBSTOR.SYS AddDevice: 0xF07D9D0A \SystemRoot\System32\DRIVERS\USBSTOR.SYS ServiceKeyName: USBSTOR \Driver\RasAcd<0xFCD8DBD0(13aabd0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD8DD68 \SystemRoot\System32\DRIVERS\rasacd.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0923493 \SystemRoot\System32\DRIVERS\rasacd.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CLOSE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_READ: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_WRITE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_EA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_EA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_FLUSH_BUFFERS: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_DIRECTORY_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_DEVICE_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SHUTDOWN: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_LOCK_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CLEANUP: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_CREATE_MAILSLOT: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_SECURITY: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_SECURITY: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_POWER: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SYSTEM_CONTROL: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_DEVICE_CHANGE: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_QUERY_QUOTA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_SET_QUOTA: 0xF09222E0 \SystemRoot\System32\DRIVERS\rasacd.sys IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: RasAcd \Driver\DFRWSDRV2005<0xFF25C490(1982490)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25C7E8 \??\c:\winnt\system32\dfrwsdrv.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0A74718 \??\c:\winnt\system32\dfrwsdrv.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0A74692 \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_CREATE: 0xF0A7440A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A7440A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_READ: 0xF0A7440A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_WRITE: 0xF0A7440A \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0A74424 \??\c:\winnt\system32\dfrwsdrv.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: DFRWSDRV2005 \Driver\uhcd<0xFCD47B10(1364b10)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD47EE8 \SystemRoot\System32\DRIVERS\uhcd.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07302E0 \SystemRoot\System32\DRIVERS\uhcd.sys DriverStartIo: 0xF0731A22 \SystemRoot\System32\DRIVERS\uhcd.sys DriverUnload: 0xF07306FE \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_CREATE: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_SYSTEM_CONTROL: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF07303E6 \SystemRoot\System32\DRIVERS\uhcd.sys AddDevice: 0xF0730702 \SystemRoot\System32\DRIVERS\uhcd.sys ServiceKeyName: uhcd \Driver\audstub<0xFCDC0750(13dd750)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC08E8 \SystemRoot\System32\DRIVERS\audstub.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0A45500 \SystemRoot\System32\DRIVERS\audstub.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0A454C8 \SystemRoot\System32\DRIVERS\audstub.sys IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0A4542E \SystemRoot\System32\DRIVERS\audstub.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0A453B4 \SystemRoot\System32\DRIVERS\audstub.sys AddDevice: 0xF0A45360 \SystemRoot\System32\DRIVERS\audstub.sys ServiceKeyName: audstub \Driver\Win32k<0xFCA2E430(104b430)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0xA000A8ED \??\C:\WINNT\system32\win32k.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: \Driver\Win32k \Driver\winachsf<0xFCDC17D0(13de7d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC1948 \SystemRoot\System32\DRIVERS\winachsf.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC77AFC0 \SystemRoot\System32\DRIVERS\winachsf.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC776EFC \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_CREATE: 0xFC775890 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC775DBA \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_READ: 0xFC77608A \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_WRITE: 0xFC77611A \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_QUERY_INFORMATION: 0xFC775FF6 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_SET_INFORMATION: 0xFC77605C \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC776174 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC7761B4 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC77A636 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xFC775F42 \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC77988E \SystemRoot\System32\DRIVERS\winachsf.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC77914A \SystemRoot\System32\DRIVERS\winachsf.sys AddDevice: 0xFC7787D4 \SystemRoot\System32\DRIVERS\winachsf.sys ServiceKeyName: winachsf \Driver\swenum<0xFCD44750(1361750)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD448E8 \SystemRoot\System32\DRIVERS\swenum.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0A486A0 \SystemRoot\System32\DRIVERS\swenum.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0A482C0 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_CREATE: 0xF0A485A2 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A4865C \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0A48606 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0A482E0 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_SYSTEM_CONTROL: 0xF0A482C4 \SystemRoot\System32\DRIVERS\swenum.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0A484E2 \SystemRoot\System32\DRIVERS\swenum.sys AddDevice: 0xF0A48476 \SystemRoot\System32\DRIVERS\swenum.sys ServiceKeyName: swenum \Driver\usbhub<0xFCDB0110(13cd110)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD3C4E8 \SystemRoot\System32\DRIVERS\usbhub.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0540372 \SystemRoot\System32\DRIVERS\usbhub.sys DriverStartIo: 0x00000000 DriverUnload: 0xF05406B4 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_CREATE: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_SYSTEM_CONTROL: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0540654 \SystemRoot\System32\DRIVERS\usbhub.sys AddDevice: 0xF0541168 \SystemRoot\System32\DRIVERS\usbhub.sys ServiceKeyName: usbhub \Driver\Update<0xFCD24B70(1341b70)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD24D08 \SystemRoot\System32\DRIVERS\update.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC6FCE60 \SystemRoot\System32\DRIVERS\update.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC6E4D36 \SystemRoot\System32\DRIVERS\update.sys IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC6E4C3A \SystemRoot\System32\DRIVERS\update.sys IRP_MJ_SYSTEM_CONTROL: 0xFC6E4D0A \SystemRoot\System32\DRIVERS\update.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC6E45E0 \SystemRoot\System32\DRIVERS\update.sys AddDevice: 0xFC6E4677 \SystemRoot\System32\DRIVERS\update.sys ServiceKeyName: Update \Driver\Ftdisk<0xFCD59C90(1376c90)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27D28 ftdisk.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9D91D8 ftdisk.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9CB450 ftdisk.sys IRP_MJ_CREATE: 0xFC9C04D4 ftdisk.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0xFC9C0A2E ftdisk.sys IRP_MJ_WRITE: 0xFC9C0A2E ftdisk.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC9C0D7A ftdisk.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC9C9FB2 ftdisk.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9C86B4 ftdisk.sys IRP_MJ_SHUTDOWN: 0xFC9C0D7A ftdisk.sys IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xFC9C105A ftdisk.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC9C0784 ftdisk.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC9CB45E ftdisk.sys AddDevice: 0x00000000 ServiceKeyName: Ftdisk \Driver\smwdm<0xFCDC2AF0(13dfaf0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD471E8 \SystemRoot\system32\drivers\smwdm.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC88BE78 \SystemRoot\system32\drivers\smwdm.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC83908D \SystemRoot\system32\drivers\portcls.sys IRP_MJ_CREATE: 0xFC88B5C4 \SystemRoot\system32\drivers\smwdm.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC88B5C4 \SystemRoot\system32\drivers\smwdm.sys IRP_MJ_READ: 0xFC8172F6 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_WRITE: 0xFC81733C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xFC817382 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC88B538 \SystemRoot\system32\drivers\smwdm.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0xFC81829A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SET_SECURITY: 0xFC8182C4 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_POWER: 0xFC8421F6 \SystemRoot\system32\drivers\portcls.sys IRP_MJ_SYSTEM_CONTROL: 0xFC83FA6A \SystemRoot\system32\drivers\portcls.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC83CC7C \SystemRoot\system32\drivers\portcls.sys AddDevice: 0xFC88C000 \SystemRoot\system32\drivers\smwdm.sys ServiceKeyName: smwdm \Driver\Modem<0xFCDC1410(13de410)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC1548 \SystemRoot\System32\Drivers\Modem.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF076D6EA \SystemRoot\System32\Drivers\Modem.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF0769320 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_CREATE: 0xF076A0D6 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF076A15C \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_READ: 0xF076C106 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_WRITE: 0xF076C070 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_QUERY_INFORMATION: 0xF076AC20 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_SET_INFORMATION: 0xF076AC20 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF076AC20 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF076AE08 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF076BF6A \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF076925E \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_SYSTEM_CONTROL: 0xF076A996 \SystemRoot\System32\Drivers\Modem.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0769563 \SystemRoot\System32\Drivers\Modem.SYS AddDevice: 0xF0769336 \SystemRoot\System32\Drivers\Modem.SYS ServiceKeyName: Modem \Driver\sysaudio<0xFF24AE50(3bde50)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24E528 \SystemRoot\system32\drivers\sysaudio.sys FastIoDispatch: 0x00000000 DriverInit: 0xF805D340 \SystemRoot\system32\drivers\sysaudio.sys DriverStartIo: 0x00000000 DriverUnload: 0xF805B084 \SystemRoot\system32\drivers\sysaudio.sys IRP_MJ_CREATE: 0xFC817186 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC81739E \SystemRoot\system32\drivers\KS.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0xFC81733C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC818272 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC80CA6A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC81682C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF805A2A8 \SystemRoot\system32\drivers\sysaudio.sys AddDevice: 0xF8056C45 \SystemRoot\system32\drivers\sysaudio.sys ServiceKeyName: sysaudio \Driver\Fdc<0xFCD48690(1365690)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD48828 \SystemRoot\System32\DRIVERS\fdc.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0724F30 \SystemRoot\System32\DRIVERS\fdc.sys DriverStartIo: 0xF0722C6E \SystemRoot\System32\DRIVERS\fdc.sys DriverUnload: 0xF07202E0 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_CREATE: 0xF0722518 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0722518 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0722534 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0722572 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0720BA2 \SystemRoot\System32\DRIVERS\fdc.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0720408 \SystemRoot\System32\DRIVERS\fdc.sys AddDevice: 0xF07202F8 \SystemRoot\System32\DRIVERS\fdc.sys ServiceKeyName: Fdc \Driver\Rasl2tp<0xFCD46770(1363770)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD46908 \SystemRoot\System32\DRIVERS\rasl2tp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04EB2A0 \SystemRoot\System32\DRIVERS\rasl2tp.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: Rasl2tp \Driver\AmosNT<0xFF26B510(250510)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF26B6E8 \SystemRoot\System32\DRIVERS\amosnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7FAAD78 \SystemRoot\System32\DRIVERS\amosnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7F8C010 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_CREATE: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_READ: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_WRITE: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF7F8C0B0 \SystemRoot\System32\DRIVERS\amosnt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: AmosNT \Driver\Ich<0xFF24E930(7d47930)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24ED08 \SystemRoot\System32\DRIVERS\Ich.sys FastIoDispatch: 0x00000000 DriverInit: 0xF806F638 \SystemRoot\System32\DRIVERS\Ich.sys DriverStartIo: 0x00000000 DriverUnload: 0xF8063420 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_CREATE: 0xF80634C0 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF80634C0 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_READ: 0xF80634C0 \SystemRoot\System32\DRIVERS\Ich.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Ich \Driver\ACPIEC<0xFCDA77D0(13c47d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25E88 ACPIEC.sys FastIoDispatch: 0x00000000 DriverInit: 0xF081A280 ACPIEC.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0819B97 ACPIEC.sys IRP_MJ_CREATE: 0xF0819C78 ACPIEC.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0819C78 ACPIEC.sys IRP_MJ_READ: 0xF08182E0 ACPIEC.sys IRP_MJ_WRITE: 0xF08182E0 ACPIEC.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF08183FE ACPIEC.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0819CBE ACPIEC.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF08183BA ACPIEC.sys IRP_MJ_SYSTEM_CONTROL: 0xF08183FE ACPIEC.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF081899A ACPIEC.sys AddDevice: 0xF0818633 ACPIEC.sys ServiceKeyName: ACPIEC \Driver\ParVdm<0xFF275030(dbd030)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF26C9C8 \SystemRoot\System32\Drivers\ParVdm.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF094A900 \SystemRoot\System32\Drivers\ParVdm.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF094A712 \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_CREATE: 0xF094A4E8 \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF094A58A \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF094A63E \SystemRoot\System32\Drivers\ParVdm.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: ParVdm \Driver\Fallback<0xFF2527B0(7c87b0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25E848 \SystemRoot\System32\DRIVERS\fallback.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7EBF958 \SystemRoot\System32\DRIVERS\fallback.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7E81070 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_CREATE: 0xF7E81110 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7E81110 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_READ: 0xF7E81110 \SystemRoot\System32\DRIVERS\fallback.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Fallback \Driver\ACPI_HAL<0xFCDF4B30(1411b30)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0x8006CEFE \WINNT\System32\hal.dll DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x8006A876 \WINNT\System32\hal.dll IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x8006D016 \WINNT\System32\hal.dll AddDevice: 0x8006CF5A \WINNT\System32\hal.dll ServiceKeyName: \Driver\ACPI_HAL \Driver\serenum<0xFCD49B50(1366b50)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD49D88 \SystemRoot\System32\DRIVERS\serenum.sys FastIoDispatch: 0x00000000 DriverInit: 0xF089E9C0 \SystemRoot\System32\DRIVERS\serenum.sys DriverStartIo: 0x00000000 DriverUnload: 0xF089D606 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CREATE: 0xF089C4EA \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CLOSE: 0xF089C4EA \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_READ: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_WRITE: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_EA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_EA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_FLUSH_BUFFERS: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_DIRECTORY_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_DEVICE_CONTROL: 0xF089C608 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF089C75C \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SHUTDOWN: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_LOCK_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CLEANUP: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_CREATE_MAILSLOT: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_SECURITY: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_SECURITY: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_POWER: 0xF089C8D8 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SYSTEM_CONTROL: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_DEVICE_CHANGE: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_QUERY_QUOTA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_SET_QUOTA: 0xF089C834 \SystemRoot\System32\DRIVERS\serenum.sys IRP_MJ_PNP: 0xF089CDF4 \SystemRoot\System32\DRIVERS\serenum.sys AddDevice: 0xF089CC80 \SystemRoot\System32\DRIVERS\serenum.sys ServiceKeyName: serenum \Driver\PptpMiniport<0xFCD45C10(1362c10)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD45FA8 \SystemRoot\System32\DRIVERS\raspptp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04FA6C0 \SystemRoot\System32\DRIVERS\raspptp.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: PptpMiniport \Driver\NetBT<0xFCD8B470(13a8470)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC8EFA8 \SystemRoot\System32\DRIVERS\netbt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF82E3F2E \SystemRoot\System32\DRIVERS\netbt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF82DFF34 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_CREATE: 0xF82DCE74 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF82DD552 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF82DD5DB \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82C58FD \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF82DD298 \SystemRoot\System32\DRIVERS\netbt.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF82CBE01 \SystemRoot\System32\DRIVERS\netbt.sys AddDevice: 0x00000000 ServiceKeyName: NetBT \Driver\PCIIde<0xFCDABDD0(13c8dd0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27F48 PCIIde.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09C92C0 PCIIde.sys DriverStartIo: 0x00000000 DriverUnload: 0xF06841A4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06840D4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0680886 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0684088 \WINNT\System32\Drivers\PCIIDEX.SYS AddDevice: 0xF0681BB2 \WINNT\System32\Drivers\PCIIDEX.SYS ServiceKeyName: PCIIde \Driver\va16w2<0xFCD29210(1346210)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25B48 va16w2.sys FastIoDispatch: 0x00000000 DriverInit: 0xF069B246 va16w2.sys DriverStartIo: 0xFC9785E0 \WINNT\System32\DRIVERS\SCSIPORT.SYS DriverUnload: 0xFC982396 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS AddDevice: 0xFC98232C \WINNT\System32\DRIVERS\SCSIPORT.SYS ServiceKeyName: va16w2 \Driver\Cdrom<0xFCD28030(1345030)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC7308 \SystemRoot\System32\DRIVERS\cdrom.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06D5980 \SystemRoot\System32\DRIVERS\cdrom.sys DriverStartIo: 0xF0452BAF \WINNT\System32\DRIVERS\CLASSPNP.SYS DriverUnload: 0xF0454A1C \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_READ: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_WRITE: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04520DB \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0452A77 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SHUTDOWN: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF045331D \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SYSTEM_CONTROL: 0xF0456152 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0454AA3 \WINNT\System32\DRIVERS\CLASSPNP.SYS AddDevice: 0xF0454A52 \WINNT\System32\DRIVERS\CLASSPNP.SYS ServiceKeyName: Cdrom \Driver\Tones<0xFF24D170(766170)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24DAC8 \SystemRoot\System32\DRIVERS\tonesnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF80ADEB8 \SystemRoot\System32\DRIVERS\tonesnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF80A3E00 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_CREATE: 0xF80A3EA0 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF80A3EA0 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_READ: 0xF80A3EA0 \SystemRoot\System32\DRIVERS\tonesnt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Tones \Driver\Pcmcia<0xFCD59D90(1376d90)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27DA8 pcmcia.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC9F4A1C pcmcia.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9F12B6 pcmcia.sys IRP_MJ_CREATE: 0xFC9DD946 pcmcia.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC9DD946 pcmcia.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC9DD946 pcmcia.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0xFC9DD946 pcmcia.sys IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xFC9DD946 pcmcia.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC9DD946 pcmcia.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9DD946 pcmcia.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC9DD946 pcmcia.sys AddDevice: 0xFC9F0D32 pcmcia.sys ServiceKeyName: Pcmcia \Driver\va32w2<0xFCD29450(1346450)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25C68 va32w2.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0693FCE va32w2.sys DriverStartIo: 0xFC9785E0 \WINNT\System32\DRIVERS\SCSIPORT.SYS DriverUnload: 0xFC982396 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC977376 \WINNT\System32\DRIVERS\SCSIPORT.SYS AddDevice: 0xFC98232C \WINNT\System32\DRIVERS\SCSIPORT.SYS ServiceKeyName: va32w2 \Driver\SNC<0xFCD4A590(1367590)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD4A728 \SystemRoot\System32\Drivers\SonyNC.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06FBE72 \SystemRoot\System32\Drivers\SonyNC.sys DriverStartIo: 0xF06F8CF5 \SystemRoot\System32\Drivers\SonyNC.sys DriverUnload: 0xF06F8CAE \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_CREATE: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_READ: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_WRITE: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF06F8D1A \SystemRoot\System32\Drivers\SonyNC.sys AddDevice: 0xF06F8D08 \SystemRoot\System32\Drivers\SonyNC.sys ServiceKeyName: SNC \Driver\kmixer<0xFF227030(4ff5030)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF226168 \SystemRoot\system32\drivers\kmixer.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7D181B3 \SystemRoot\system32\drivers\kmixer.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7D1A049 \SystemRoot\system32\drivers\kmixer.sys IRP_MJ_CREATE: 0xFC817186 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC81739E \SystemRoot\system32\drivers\KS.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0xFC81733C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xFC818272 \SystemRoot\system32\drivers\KS.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xFC80CA6A \SystemRoot\system32\drivers\KS.SYS IRP_MJ_SYSTEM_CONTROL: 0xFC81682C \SystemRoot\system32\drivers\KS.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF7D1475A \SystemRoot\system32\drivers\kmixer.sys AddDevice: 0xF7D18531 \SystemRoot\system32\drivers\kmixer.sys ServiceKeyName: kmixer \Driver\mnmdd<0xFCCC7210(12e4210)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC73A8 \SystemRoot\System32\Drivers\mnmdd.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0A8B3A0 \SystemRoot\System32\Drivers\mnmdd.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF04886C4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: mnmdd \Driver\Tcpip<0xFCCC5E10(12e2e10)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC5FA8 \SystemRoot\System32\DRIVERS\tcpip.sys FastIoDispatch: 0x00000000 DriverInit: 0xF832E4CA \SystemRoot\System32\DRIVERS\tcpip.sys DriverStartIo: 0x00000000 DriverUnload: 0xF831B604 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CREATE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CLOSE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_READ: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_WRITE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_EA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_EA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_FLUSH_BUFFERS: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_DIRECTORY_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_DEVICE_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82E997F \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SHUTDOWN: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_LOCK_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CLEANUP: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_CREATE_MAILSLOT: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_SECURITY: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_SECURITY: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_POWER: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SYSTEM_CONTROL: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_DEVICE_CHANGE: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_QUERY_QUOTA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_SET_QUOTA: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys IRP_MJ_PNP: 0xF82EA854 \SystemRoot\System32\DRIVERS\tcpip.sys AddDevice: 0x00000000 ServiceKeyName: Tcpip \Driver\Wanarp<0xFCC8D6F0(12aa6f0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC8D848 \SystemRoot\System32\DRIVERS\wanarp.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06B6266 \SystemRoot\System32\DRIVERS\wanarp.sys DriverStartIo: 0x00000000 DriverUnload: 0xF06B5C96 \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CREATE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CLOSE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_READ: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_WRITE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_EA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_EA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_FLUSH_BUFFERS: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_DIRECTORY_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_DEVICE_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SHUTDOWN: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_LOCK_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CLEANUP: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_CREATE_MAILSLOT: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_SECURITY: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_SECURITY: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_POWER: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SYSTEM_CONTROL: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_DEVICE_CHANGE: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_QUERY_QUOTA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_SET_QUOTA: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys IRP_MJ_PNP: 0xF06B5AFA \SystemRoot\System32\DRIVERS\wanarp.sys AddDevice: 0x00000000 ServiceKeyName: Wanarp \Driver\PxHelper<0xFCDC7710(13e4710)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC7928 \??\C:\WINNT\System32\drivers\PxHelper.sys FastIoDispatch: 0x00000000 DriverInit: 0xF087D3D8 \??\C:\WINNT\System32\drivers\PxHelper.sys DriverStartIo: 0x00000000 DriverUnload: 0xF087CA2C \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CREATE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CLOSE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_READ: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_WRITE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_EA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_EA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_FLUSH_BUFFERS: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_DIRECTORY_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_DEVICE_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SHUTDOWN: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_LOCK_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CLEANUP: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_CREATE_MAILSLOT: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_SECURITY: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_SECURITY: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_POWER: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SYSTEM_CONTROL: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_DEVICE_CHANGE: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_QUERY_QUOTA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_SET_QUOTA: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys IRP_MJ_PNP: 0xF087CD54 \??\C:\WINNT\System32\drivers\PxHelper.sys AddDevice: 0xF087CA30 \??\C:\WINNT\System32\drivers\PxHelper.sys ServiceKeyName: PxHelper \Driver\biosview<0xFCCC94B0(12e64b0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC93C8 \SystemRoot\system32\drivers\biosview.sys FastIoDispatch: 0x00000000 DriverInit: 0xF091A2E2 \SystemRoot\system32\drivers\biosview.sys DriverStartIo: 0x00000000 DriverUnload: 0xF091A458 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_CREATE: 0xF091A3E6 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF091A3E6 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF091A3E6 \SystemRoot\system32\drivers\biosview.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: biosview \Driver\Rksample<0xFCDC1C10(13dec10)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC1D88 \SystemRoot\System32\DRIVERS\rksample.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04DBE18 \SystemRoot\System32\DRIVERS\rksample.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04D0E50 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_CREATE: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_READ: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04D0F10 \SystemRoot\System32\DRIVERS\rksample.sys AddDevice: 0xF04D0EF0 \SystemRoot\System32\DRIVERS\rksample.sys ServiceKeyName: Rksample \Driver\Null<0xFCD8E9D0(13ab9d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC8548 \SystemRoot\System32\Drivers\Null.SYS FastIoDispatch: 0xFCCC9928 DriverInit: 0xF0A7F47A \SystemRoot\System32\Drivers\Null.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF0A7F360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0A7F360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_READ: 0xF0A7F360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_WRITE: 0xF0A7F360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_QUERY_INFORMATION: 0xF0A7F360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0xF0A7F360 \SystemRoot\System32\Drivers\Null.SYS IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Null \Driver\PCI<0xFCE03950(1420950)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys FastIoDispatch: 0x00000000 DriverInit: 0xF040BA88 pci.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04073A6 pci.sys IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0400D84 pci.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0400D84 pci.sys IRP_MJ_SYSTEM_CONTROL: 0xF0400D84 pci.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0400D84 pci.sys AddDevice: 0xF0406B90 pci.sys ServiceKeyName: PCI \Driver\sbp2port<0xFCD2D470(134a470)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25F28 sbp2port.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0446480 sbp2port.sys DriverStartIo: 0xF0444B4E sbp2port.sys DriverUnload: 0xF0440AB6 sbp2port.sys IRP_MJ_CREATE: 0xF0446DB6 sbp2port.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0446DB6 sbp2port.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0446D32 sbp2port.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04448A8 sbp2port.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0441758 sbp2port.sys IRP_MJ_SYSTEM_CONTROL: 0xF044753C sbp2port.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0440F20 sbp2port.sys AddDevice: 0xF04464D8 sbp2port.sys ServiceKeyName: sbp2port \Driver\Disk<0xFCDA6030(13c3030)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys FastIoDispatch: 0x00000000 DriverInit: 0xF06A5120 disk.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0454A1C \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0456548 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_READ: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_WRITE: 0xF0450A7F \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04520DB \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0452A77 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SHUTDOWN: 0xF04529E3 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF045331D \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_SYSTEM_CONTROL: 0xF0456152 \WINNT\System32\DRIVERS\CLASSPNP.SYS IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0454AA3 \WINNT\System32\DRIVERS\CLASSPNP.SYS AddDevice: 0xF0454A52 \WINNT\System32\DRIVERS\CLASSPNP.SYS ServiceKeyName: Disk \Driver\IPSEC<0xFF1E7D70(1c86d70)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA5588 \SystemRoot\System32\DRIVERS\ipsec.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7B0DCE6 \SystemRoot\System32\DRIVERS\ipsec.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7AFB30A \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_CREATE: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF7B0C56E \SystemRoot\System32\DRIVERS\ipsec.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: IPSEC \Driver\NdisWan<0xFCDBFAB0(13dcab0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBFC48 \SystemRoot\System32\DRIVERS\ndiswan.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC711180 \SystemRoot\System32\DRIVERS\ndiswan.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: NdisWan \Driver\NdisTapi<0xFCD461B0(13631b0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD46348 \SystemRoot\System32\DRIVERS\ndistapi.sys FastIoDispatch: 0x00000000 DriverInit: 0xF08A96E2 \SystemRoot\System32\DRIVERS\ndistapi.sys DriverStartIo: 0x00000000 DriverUnload: 0xF08A8BD8 \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_CREATE: 0xF08A84DA \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF08A84DA \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF08A84DA \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF08A8376 \SystemRoot\System32\DRIVERS\ndistapi.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: NdisTapi \Driver\PartMgr<0xFCDAEB30(13cbb30)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25E08 PartMgr.sys FastIoDispatch: 0x00000000 DriverInit: 0xF081E040 PartMgr.sys DriverStartIo: 0x00000000 DriverUnload: 0xF081C3BE PartMgr.sys IRP_MJ_CREATE: 0xF081CC80 PartMgr.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF081C2C0 PartMgr.sys IRP_MJ_CLOSE: 0xF081CC80 PartMgr.sys IRP_MJ_READ: 0xF081C2C0 PartMgr.sys IRP_MJ_WRITE: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_EA: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_EA: 0xF081C2C0 PartMgr.sys IRP_MJ_FLUSH_BUFFERS: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF081C2C0 PartMgr.sys IRP_MJ_DIRECTORY_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_DEVICE_CONTROL: 0xF081DB90 PartMgr.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_SHUTDOWN: 0xF081C2C0 PartMgr.sys IRP_MJ_LOCK_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_CLEANUP: 0xF081C2C0 PartMgr.sys IRP_MJ_CREATE_MAILSLOT: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_SECURITY: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_SECURITY: 0xF081C2C0 PartMgr.sys IRP_MJ_POWER: 0xF081C396 PartMgr.sys IRP_MJ_SYSTEM_CONTROL: 0xF081C2C0 PartMgr.sys IRP_MJ_DEVICE_CHANGE: 0xF081C2C0 PartMgr.sys IRP_MJ_QUERY_QUOTA: 0xF081C2C0 PartMgr.sys IRP_MJ_SET_QUOTA: 0xF081C2C0 PartMgr.sys IRP_MJ_PNP: 0xF081CD20 PartMgr.sys AddDevice: 0xF081CEFA PartMgr.sys ServiceKeyName: PartMgr \Driver\Serial<0xFCD49E70(1366e70)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD4A0E8 \SystemRoot\System32\DRIVERS\serial.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04CA300 \SystemRoot\System32\DRIVERS\serial.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04C5257 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_CREATE: 0xF04C4983 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04C7A49 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_READ: 0xF04C754A \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_WRITE: 0xF04C9D1B \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_QUERY_INFORMATION: 0xF04C4748 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_SET_INFORMATION: 0xF04C573A \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04C4BDB \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04C6F30 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04C6BF5 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF04C7C41 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF04C48DD \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_SYSTEM_CONTROL: 0xF04C2800 \SystemRoot\System32\DRIVERS\serial.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04C2872 \SystemRoot\System32\DRIVERS\serial.sys AddDevice: 0xF04C435C \SystemRoot\System32\DRIVERS\serial.sys ServiceKeyName: Serial \Driver\Gpc<0xFCD6EF30(138bf30)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC90C68 \SystemRoot\System32\DRIVERS\msgpc.sys FastIoDispatch: 0x00000000 DriverInit: 0xF05702E0 \SystemRoot\System32\DRIVERS\msgpc.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CLOSE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_READ: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_WRITE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_EA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_EA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_FLUSH_BUFFERS: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_DIRECTORY_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_DEVICE_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SHUTDOWN: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_LOCK_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CLEANUP: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_CREATE_MAILSLOT: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_SECURITY: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_SECURITY: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_POWER: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SYSTEM_CONTROL: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_DEVICE_CHANGE: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_QUERY_QUOTA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_SET_QUOTA: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys IRP_MJ_PNP: 0xF05776E0 \SystemRoot\System32\DRIVERS\msgpc.sys AddDevice: 0x00000000 ServiceKeyName: Gpc \Driver\ACPI<0xFCDF3030(1410030)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys FastIoDispatch: 0xFCA11560 ACPI.sys DriverInit: 0xFCA1C10B ACPI.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9FE758 ACPI.sys IRP_MJ_CREATE: 0xFC9FE52C ACPI.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC9FE52C ACPI.sys IRP_MJ_CLOSE: 0xFC9FE52C ACPI.sys IRP_MJ_READ: 0xFC9FE52C ACPI.sys IRP_MJ_WRITE: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_SET_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_EA: 0xFC9FE52C ACPI.sys IRP_MJ_SET_EA: 0xFC9FE52C ACPI.sys IRP_MJ_FLUSH_BUFFERS: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC9FE52C ACPI.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_DEVICE_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_SHUTDOWN: 0xFC9FE52C ACPI.sys IRP_MJ_LOCK_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_CLEANUP: 0xFC9FE52C ACPI.sys IRP_MJ_CREATE_MAILSLOT: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_SECURITY: 0xFC9FE52C ACPI.sys IRP_MJ_SET_SECURITY: 0xFC9FE52C ACPI.sys IRP_MJ_POWER: 0xFC9FE52C ACPI.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9FE52C ACPI.sys IRP_MJ_DEVICE_CHANGE: 0xFC9FE52C ACPI.sys IRP_MJ_QUERY_QUOTA: 0xFC9FE52C ACPI.sys IRP_MJ_SET_QUOTA: 0xFC9FE52C ACPI.sys IRP_MJ_PNP: 0xFC9FE52C ACPI.sys AddDevice: 0xFC9FE1FB ACPI.sys ServiceKeyName: ACPI \Driver\PnpManager<0xFCE18EF0(1435ef0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0x80551D98 \WINNT\System32\ntoskrnl.exe DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x8042890A \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x804E210C \WINNT\System32\ntoskrnl.exe AddDevice: 0x8051DE5C \WINNT\System32\ntoskrnl.exe ServiceKeyName: \Driver\PnpManager \Driver\Parallel<0xFCDBE630(13db630)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBE808 \SystemRoot\System32\DRIVERS\parallel.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0502BBE \SystemRoot\System32\DRIVERS\parallel.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0502CFA \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_CREATE: 0xF0503B08 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0503CB4 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_READ: 0xF05093EC \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_WRITE: 0xF05093EC \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_QUERY_INFORMATION: 0xF0504B48 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_SET_INFORMATION: 0xF0504BE4 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0502D5C \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0503106 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0503C30 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0508876 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_SYSTEM_CONTROL: 0xF050CF24 \SystemRoot\System32\DRIVERS\parallel.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0507612 \SystemRoot\System32\DRIVERS\parallel.sys AddDevice: 0xF0507EC4 \SystemRoot\System32\DRIVERS\parallel.sys ServiceKeyName: Parallel \Driver\Flpydisk<0xFCD9E330(13bb330)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDB03A8 \SystemRoot\System32\DRIVERS\flpydisk.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07CBBA0 \SystemRoot\System32\DRIVERS\flpydisk.sys DriverStartIo: 0x00000000 DriverUnload: 0xF07C82E0 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_CREATE: 0xF07C93B8 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07C93B8 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_READ: 0xF07C9CCE \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_WRITE: 0xF07C9CCE \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF07C9466 \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF07C9BEE \SystemRoot\System32\DRIVERS\flpydisk.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF07C991C \SystemRoot\System32\DRIVERS\flpydisk.sys AddDevice: 0xF07C900C \SystemRoot\System32\DRIVERS\flpydisk.sys ServiceKeyName: Flpydisk \Driver\i81x<0xFCDC7D30(13e4d30)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA42A8 \SystemRoot\System32\DRIVERS\i81xnt5.sys FastIoDispatch: 0x00000000 DriverInit: 0xFC8B22E0 \SystemRoot\System32\DRIVERS\i81xnt5.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04886C4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04872F0 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0485F98 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF048572C \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS AddDevice: 0xF04886F4 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS ServiceKeyName: i81x \Driver\AFD<0xFF27F8D0(a068d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF282F68 \SystemRoot\System32\drivers\afd.sys FastIoDispatch: 0xF7FFFC30 \SystemRoot\System32\drivers\afd.sys DriverInit: 0xF801784A \SystemRoot\System32\drivers\afd.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CLOSE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_READ: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_WRITE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_EA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_EA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_FLUSH_BUFFERS: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_DIRECTORY_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_DEVICE_CONTROL: 0xF80002D6 \SystemRoot\System32\drivers\afd.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SHUTDOWN: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_LOCK_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CLEANUP: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_CREATE_MAILSLOT: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_SECURITY: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_SECURITY: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_POWER: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SYSTEM_CONTROL: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_DEVICE_CHANGE: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_QUERY_QUOTA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_SET_QUOTA: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys IRP_MJ_PNP: 0xF8000FF4 \SystemRoot\System32\drivers\afd.sys AddDevice: 0x00000000 ServiceKeyName: AFD \Driver\Fsks<0xFF253E10(651e10)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF251A08 \SystemRoot\System32\DRIVERS\fsksnt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7E7A938 \SystemRoot\System32\DRIVERS\fsksnt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7E68560 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_CREATE: 0xF7E68600 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7E68600 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_READ: 0xF7E68600 \SystemRoot\System32\DRIVERS\fsksnt.sys IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Fsks \Driver\Parport<0xFCD48D50(1365d50)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD48EE8 \SystemRoot\System32\DRIVERS\parport.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07104A2 \SystemRoot\System32\DRIVERS\parport.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0710572 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_CREATE: 0xF0710EF0 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0710F66 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0710850 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF07102E0 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF071334A \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_SYSTEM_CONTROL: 0xF0714B86 \SystemRoot\System32\DRIVERS\parport.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0712914 \SystemRoot\System32\DRIVERS\parport.sys AddDevice: 0xF071289A \SystemRoot\System32\DRIVERS\parport.sys ServiceKeyName: Parport \Driver\IntelIde<0xFCDCB0F0(13e80f0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27E48 intelide.sys FastIoDispatch: 0x00000000 DriverInit: 0xF09CA2C0 intelide.sys DriverStartIo: 0x00000000 DriverUnload: 0xF06841A4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_CREATE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF06840D4 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0680886 \WINNT\System32\Drivers\PCIIDEX.SYS IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0684088 \WINNT\System32\Drivers\PCIIDEX.SYS AddDevice: 0xF0681BB2 \WINNT\System32\Drivers\PCIIDEX.SYS ServiceKeyName: IntelIde \Driver\ApfiltrService<0xFCDA35B0(13c05b0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA3748 \SystemRoot\System32\DRIVERS\Apfiltr.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04A8F80 \SystemRoot\System32\DRIVERS\Apfiltr.sys DriverStartIo: 0x00000000 DriverUnload: 0xF04A8F74 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CREATE: 0xF04A7C76 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CLOSE: 0xF04A7C76 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_READ: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_WRITE: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_EA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_EA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_FLUSH_BUFFERS: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_DIRECTORY_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_DEVICE_CONTROL: 0xF04A7DA6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04A8B5A \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SHUTDOWN: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_LOCK_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CLEANUP: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_CREATE_MAILSLOT: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_SECURITY: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_SECURITY: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_POWER: 0xF04A8EFA \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SYSTEM_CONTROL: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_DEVICE_CHANGE: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_QUERY_QUOTA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_SET_QUOTA: 0xF04A02F6 \SystemRoot\System32\DRIVERS\Apfiltr.sys IRP_MJ_PNP: 0xF04A8D82 \SystemRoot\System32\DRIVERS\Apfiltr.sys AddDevice: 0xF04A7B20 \SystemRoot\System32\DRIVERS\Apfiltr.sys ServiceKeyName: ApfiltrService \Driver\CmBatt<0xFCD27BD0(1344bd0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD27D68 \SystemRoot\System32\DRIVERS\CmBatt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF088DBA0 \SystemRoot\System32\DRIVERS\CmBatt.sys DriverStartIo: 0x00000000 DriverUnload: 0xF088D340 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_CREATE: 0xF088D344 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF088D344 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF088D3AA \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF088D060 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_SYSTEM_CONTROL: 0xF088D0A4 \SystemRoot\System32\DRIVERS\CmBatt.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF088CE78 \SystemRoot\System32\DRIVERS\CmBatt.sys AddDevice: 0xF088CA18 \SystemRoot\System32\DRIVERS\CmBatt.sys ServiceKeyName: CmBatt \Driver\SPI<0xFCD4ADD0(1367dd0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD4AF68 \SystemRoot\System32\Drivers\SonyPI.sys FastIoDispatch: 0x00000000 DriverInit: 0xF04B785C \SystemRoot\System32\Drivers\SonyPI.sys DriverStartIo: 0xF04B0EBD \SystemRoot\System32\Drivers\SonyPI.sys DriverUnload: 0xF04B6720 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_CREATE: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_READ: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_WRITE: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF04B0F02 \SystemRoot\System32\Drivers\SonyPI.sys AddDevice: 0xF04B0ED3 \SystemRoot\System32\Drivers\SonyPI.sys ServiceKeyName: SPI \Driver\iLINKnet<0xFCDBED10(13dbd10)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBEE88 \SystemRoot\System32\DRIVERS\SonyiNet.sys FastIoDispatch: 0x00000000 DriverInit: 0xF07A8414 \SystemRoot\System32\DRIVERS\SonyiNet.sys DriverStartIo: 0x00000000 DriverUnload: 0xFC9306B4 NDIS.sys IRP_MJ_CREATE: 0xFC91EF12 NDIS.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC922018 NDIS.sys IRP_MJ_CLOSE: 0xFC921F43 NDIS.sys IRP_MJ_READ: 0xFC922018 NDIS.sys IRP_MJ_WRITE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_QUERY_EA: 0xFC922018 NDIS.sys IRP_MJ_SET_EA: 0xFC922018 NDIS.sys IRP_MJ_FLUSH_BUFFERS: 0xFC922018 NDIS.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC922018 NDIS.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_DEVICE_CONTROL: 0xFC9218DE NDIS.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_SHUTDOWN: 0xFC922018 NDIS.sys IRP_MJ_LOCK_CONTROL: 0xFC922018 NDIS.sys IRP_MJ_CLEANUP: 0xFC922018 NDIS.sys IRP_MJ_CREATE_MAILSLOT: 0xFC922018 NDIS.sys IRP_MJ_QUERY_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_SET_SECURITY: 0xFC922018 NDIS.sys IRP_MJ_POWER: 0xFC923361 NDIS.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9249DF NDIS.sys IRP_MJ_DEVICE_CHANGE: 0xFC922018 NDIS.sys IRP_MJ_QUERY_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_SET_QUOTA: 0xFC922018 NDIS.sys IRP_MJ_PNP: 0xFC922374 NDIS.sys AddDevice: 0xFC92083C NDIS.sys ServiceKeyName: iLINKnet \Driver\i8042prt<0xFCDC6C90(13e3c90)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC6E68 \SystemRoot\System32\DRIVERS\i8042prt.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0498000 \SystemRoot\System32\DRIVERS\i8042prt.sys DriverStartIo: 0xF04906D6 \SystemRoot\System32\DRIVERS\i8042prt.sys DriverUnload: 0xF0495091 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_CREATE: 0xF0493295 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0494F3F \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF0491583 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0494F68 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF0490300 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0xF0496695 \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_SYSTEM_CONTROL: 0xF04932DA \SystemRoot\System32\DRIVERS\i8042prt.sys IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF0493120 \SystemRoot\System32\DRIVERS\i8042prt.sys AddDevice: 0xF0494E5C \SystemRoot\System32\DRIVERS\i8042prt.sys ServiceKeyName: i8042prt \FileSystem\NetBIOS<0xFCD6CF30(1389f30)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD6C348 \SystemRoot\System32\DRIVERS\netbios.sys FastIoDispatch: 0x00000000 DriverInit: 0xF0586E20 \SystemRoot\System32\DRIVERS\netbios.sys DriverStartIo: 0x00000000 DriverUnload: 0xF0581676 \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_CREATE: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0585D3C \SystemRoot\System32\DRIVERS\netbios.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: NetBIOS \FileSystem\Fastfat<0xFCD4E470(136b470)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE259A8 Fastfat.sys FastIoDispatch: 0xFC957220 Fastfat.sys DriverInit: 0xFC972806 Fastfat.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC95805E Fastfat.sys IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xFC958DDA Fastfat.sys IRP_MJ_READ: 0xFC9542E0 Fastfat.sys IRP_MJ_WRITE: 0xFC954482 Fastfat.sys IRP_MJ_QUERY_INFORMATION: 0xFC95DA34 Fastfat.sys IRP_MJ_SET_INFORMATION: 0xFC960D30 Fastfat.sys IRP_MJ_QUERY_EA: 0xFC9683AC Fastfat.sys IRP_MJ_SET_EA: 0xFC96845C Fastfat.sys IRP_MJ_FLUSH_BUFFERS: 0xFC963082 Fastfat.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC9637BE Fastfat.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC972264 Fastfat.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC957EF0 Fastfat.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC95FF78 Fastfat.sys IRP_MJ_DEVICE_CONTROL: 0xFC95F84E Fastfat.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0xFC9711FA Fastfat.sys IRP_MJ_LOCK_CONTROL: 0xFC9704B8 Fastfat.sys IRP_MJ_CLEANUP: 0xFC95B288 Fastfat.sys IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xFC97092E Fastfat.sys AddDevice: 0x00000000 ServiceKeyName: Fastfat \FileSystem\Rdbss<0xFCC8CA10(12a9a10)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC864C8 \SystemRoot\System32\DRIVERS\rdbss.sys FastIoDispatch: 0xF82A9760 \SystemRoot\System32\DRIVERS\rdbss.sys DriverInit: 0xF82BFF20 \SystemRoot\System32\DRIVERS\rdbss.sys DriverStartIo: 0x00000000 DriverUnload: 0xF82BA154 \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CREATE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CLOSE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_READ: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_WRITE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_EA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_EA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_FLUSH_BUFFERS: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_DIRECTORY_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_DEVICE_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SHUTDOWN: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_LOCK_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CLEANUP: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_CREATE_MAILSLOT: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_SECURITY: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_SECURITY: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_POWER: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SYSTEM_CONTROL: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_DEVICE_CHANGE: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_QUERY_QUOTA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_SET_QUOTA: 0xF82AB30E \SystemRoot\System32\DRIVERS\rdbss.sys IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Rdbss \FileSystem\UdfReadr<0xFCCC4DB0(12e1db0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC4208 \SystemRoot\System32\Drivers\UdfReadr.SYS FastIoDispatch: 0xF8395560 \SystemRoot\System32\Drivers\UdfReadr.SYS DriverInit: 0xF8372722 \SystemRoot\System32\Drivers\UdfReadr.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF8372BAA \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CREATE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CREATE_NAMED_PIPE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CLOSE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_READ: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_WRITE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_EA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_EA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_FLUSH_BUFFERS: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_DIRECTORY_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_DEVICE_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SHUTDOWN: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_LOCK_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CLEANUP: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_CREATE_MAILSLOT: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_SECURITY: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_SECURITY: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_POWER: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SYSTEM_CONTROL: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_DEVICE_CHANGE: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_QUERY_QUOTA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_SET_QUOTA: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS IRP_MJ_PNP: 0xF8372E96 \SystemRoot\System32\Drivers\UdfReadr.SYS AddDevice: 0x00000000 ServiceKeyName: UdfReadr \FileSystem\Msfs<0xFCCC6A70(12e3a70)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC72E8 \SystemRoot\System32\Drivers\Msfs.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF07FBEDA \SystemRoot\System32\Drivers\Msfs.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF07F9740 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF07FA834 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_READ: 0xF07F9140 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_WRITE: 0xF07F9478 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_QUERY_INFORMATION: 0xF07FABC4 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_SET_INFORMATION: 0xF07FB7EE \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF07FB09A \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0xF07FB268 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF07FBC4C \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF07FA368 \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_CREATE_MAILSLOT: 0xF07F9DAC \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_QUERY_SECURITY: 0xF07FB97C \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_SET_SECURITY: 0xF07FB9FE \SystemRoot\System32\Drivers\Msfs.SYS IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Msfs \FileSystem\MRxSmb<0xFCC91590(12ae590)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD6D688 \SystemRoot\System32\DRIVERS\mrxsmb.sys FastIoDispatch: 0xF82A9760 \SystemRoot\System32\DRIVERS\rdbss.sys DriverInit: 0xF8254DD6 \SystemRoot\System32\DRIVERS\mrxsmb.sys DriverStartIo: 0x00000000 DriverUnload: 0xF8269508 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CREATE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CLOSE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_READ: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_WRITE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_EA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_EA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_FLUSH_BUFFERS: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_DIRECTORY_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_DEVICE_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SHUTDOWN: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_LOCK_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CLEANUP: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_CREATE_MAILSLOT: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_SECURITY: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_SECURITY: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_POWER: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SYSTEM_CONTROL: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_DEVICE_CHANGE: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_QUERY_QUOTA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_SET_QUOTA: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys IRP_MJ_PNP: 0xF82567D6 \SystemRoot\System32\DRIVERS\mrxsmb.sys AddDevice: 0x00000000 ServiceKeyName: MRxSmb \FileSystem\Srv<0xFF24DCD0(766cd0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24A828 \SystemRoot\System32\DRIVERS\srv.sys FastIoDispatch: 0x00000000 DriverInit: 0xF7CA90A0 \SystemRoot\System32\DRIVERS\srv.sys DriverStartIo: 0x00000000 DriverUnload: 0xF7C98727 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CREATE: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CLOSE: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_READ: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_WRITE: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_INFORMATION: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_INFORMATION: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_EA: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_EA: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_FLUSH_BUFFERS: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_DIRECTORY_CONTROL: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_DEVICE_CONTROL: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SHUTDOWN: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_LOCK_CONTROL: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CLEANUP: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_CREATE_MAILSLOT: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_SECURITY: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_SECURITY: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_POWER: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SYSTEM_CONTROL: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_DEVICE_CHANGE: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_QUERY_QUOTA: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_SET_QUOTA: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys IRP_MJ_PNP: 0xF7C90441 \SystemRoot\System32\DRIVERS\srv.sys AddDevice: 0x00000000 ServiceKeyName: Srv \FileSystem\NaiFsRec<0xFCDA5790(13c2790)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25828 NaiFsRec.sys FastIoDispatch: 0x00000000 DriverInit: 0xF090494E NaiFsRec.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF09043FA NaiFsRec.sys IRP_MJ_CREATE_NAMED_PIPE: 0xF09043FA NaiFsRec.sys IRP_MJ_CLOSE: 0xF09043FA NaiFsRec.sys IRP_MJ_READ: 0xF09043FA NaiFsRec.sys IRP_MJ_WRITE: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_EA: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_EA: 0xF09043FA NaiFsRec.sys IRP_MJ_FLUSH_BUFFERS: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xF09043FA NaiFsRec.sys IRP_MJ_DIRECTORY_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_DEVICE_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_SHUTDOWN: 0xF09043FA NaiFsRec.sys IRP_MJ_LOCK_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_CLEANUP: 0xF09043FA NaiFsRec.sys IRP_MJ_CREATE_MAILSLOT: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_SECURITY: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_SECURITY: 0xF09043FA NaiFsRec.sys IRP_MJ_POWER: 0xF09043FA NaiFsRec.sys IRP_MJ_SYSTEM_CONTROL: 0xF09043FA NaiFsRec.sys IRP_MJ_DEVICE_CHANGE: 0xF09043FA NaiFsRec.sys IRP_MJ_QUERY_QUOTA: 0xF09043FA NaiFsRec.sys IRP_MJ_SET_QUOTA: 0xF09043FA NaiFsRec.sys IRP_MJ_PNP: 0xF09043FA NaiFsRec.sys AddDevice: 0x00000000 ServiceKeyName: NaiFsRec \FileSystem\Mup<0xFCD4E6D0(136b6d0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25788 Mup.sys FastIoDispatch: 0xFC907258 Mup.sys DriverInit: 0xFC90AB04 Mup.sys DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xFC90936E Mup.sys IRP_MJ_CREATE_NAMED_PIPE: 0xFC90936E Mup.sys IRP_MJ_CLOSE: 0xFC90911E Mup.sys IRP_MJ_READ: 0xFC9056B6 Mup.sys IRP_MJ_WRITE: 0xFC90A1D8 Mup.sys IRP_MJ_QUERY_INFORMATION: 0xFC90FBBC Mup.sys IRP_MJ_SET_INFORMATION: 0xFC90FCD0 Mup.sys IRP_MJ_QUERY_EA: 0xFC9056B6 Mup.sys IRP_MJ_SET_EA: 0xFC9056B6 Mup.sys IRP_MJ_FLUSH_BUFFERS: 0xFC9056B6 Mup.sys IRP_MJ_QUERY_VOLUME_INFORMATION: 0xFC917AE8 Mup.sys IRP_MJ_SET_VOLUME_INFORMATION: 0xFC917CB6 Mup.sys IRP_MJ_DIRECTORY_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_FILE_SYSTEM_CONTROL: 0xFC90A5DA Mup.sys IRP_MJ_DEVICE_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_INTERNAL_DEVICE_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_SHUTDOWN: 0xFC9056B6 Mup.sys IRP_MJ_LOCK_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_CLEANUP: 0xFC908E2E Mup.sys IRP_MJ_CREATE_MAILSLOT: 0xFC90936E Mup.sys IRP_MJ_QUERY_SECURITY: 0xFC9056B6 Mup.sys IRP_MJ_SET_SECURITY: 0xFC9056B6 Mup.sys IRP_MJ_POWER: 0xFC9056B6 Mup.sys IRP_MJ_SYSTEM_CONTROL: 0xFC9056B6 Mup.sys IRP_MJ_DEVICE_CHANGE: 0xFC9056B6 Mup.sys IRP_MJ_QUERY_QUOTA: 0xFC9056B6 Mup.sys IRP_MJ_SET_QUOTA: 0xFC9056B6 Mup.sys IRP_MJ_PNP: 0xFC9056B6 Mup.sys AddDevice: 0x00000000 ServiceKeyName: Mup \FileSystem\RAW<0xFCE14CB0(1431cb0)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 FastIoDispatch: 0x00000000 DriverInit: 0x8055EF80 \WINNT\System32\ntoskrnl.exe DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_READ: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CONTROL: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0x804FE1AF \WINNT\System32\ntoskrnl.exe IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x804FE1AF \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 \FileSystem\Npfs<0xFCCC6250(12e3250)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC63E8 \SystemRoot\System32\Drivers\Npfs.SYS FastIoDispatch: 0xF0562208 \SystemRoot\System32\Drivers\Npfs.SYS DriverInit: 0xF056790E \SystemRoot\System32\Drivers\Npfs.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF05626FE \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_CREATE_NAMED_PIPE: 0xF0562AE4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_CLOSE: 0xF056257C \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_READ: 0xF0565BB4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_WRITE: 0xF0566F5A \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_QUERY_INFORMATION: 0xF0563792 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_SET_INFORMATION: 0xF0563832 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0xF0563ED4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF0566DD4 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0xF05631BE \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF0564070 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF05623E6 \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0xF056633C \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_SET_SECURITY: 0xF05663DC \SystemRoot\System32\Drivers\Npfs.SYS IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Npfs \FileSystem\Fs_Rec<0xFCD90510(13ad510)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC8608 \SystemRoot\System32\Drivers\Fs_Rec.SYS FastIoDispatch: 0x00000000 DriverInit: 0xF0917294 \SystemRoot\System32\Drivers\Fs_Rec.SYS DriverStartIo: 0x00000000 DriverUnload: 0xF091653E \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_CREATE: 0xF0916492 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF0916480 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_READ: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FILE_SYSTEM_CONTROL: 0xF09164C4 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLEANUP: 0xF0916480 \SystemRoot\System32\Drivers\Fs_Rec.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0x80425480 \WINNT\System32\ntoskrnl.exe AddDevice: 0x00000000 ServiceKeyName: Fs_Rec \FileSystem\Cdfs<0xFF1FCB90(198ab90)> SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF1FDB08 \SystemRoot\System32\Drivers\Cdfs.SYS FastIoDispatch: 0xF7DB4CE0 \SystemRoot\System32\Drivers\Cdfs.SYS DriverInit: 0xF7DC01A0 \SystemRoot\System32\Drivers\Cdfs.SYS DriverStartIo: 0x00000000 DriverUnload: 0x00000000 IRP_MJ_CREATE: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_CREATE_NAMED_PIPE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_CLOSE: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_READ: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_WRITE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_INFORMATION: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_SET_INFORMATION: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_QUERY_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_EA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_FLUSH_BUFFERS: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_VOLUME_INFORMATION: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_SET_VOLUME_INFORMATION: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DIRECTORY_CONTROL: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_FILE_SYSTEM_CONTROL: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_DEVICE_CONTROL: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_INTERNAL_DEVICE_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SHUTDOWN: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_LOCK_CONTROL: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_CLEANUP: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS IRP_MJ_CREATE_MAILSLOT: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_SECURITY: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_POWER: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SYSTEM_CONTROL: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_DEVICE_CHANGE: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_QUERY_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_SET_QUOTA: 0x80425480 \WINNT\System32\ntoskrnl.exe IRP_MJ_PNP: 0xF7DB32E0 \SystemRoot\System32\Drivers\Cdfs.SYS AddDevice: 0x00000000 ServiceKeyName: Cdfs Driver count: 100 KeServiceDescriptorTable at virtual address : 0x8046B840(46b840) 0 0x804BBAD9 \WINNT\System32\ntoskrnl.exe 1 0x804B322A \WINNT\System32\ntoskrnl.exe 2 0x804B371A \WINNT\System32\ntoskrnl.exe 3 0x8050ABDE \WINNT\System32\ntoskrnl.exe 4 0x804AADD7 \WINNT\System32\ntoskrnl.exe 5 0x8045A6DE \WINNT\System32\ntoskrnl.exe 6 0x8050BE92 \WINNT\System32\ntoskrnl.exe 7 0x8050BED2 \WINNT\System32\ntoskrnl.exe 8 0x804A6E80 \WINNT\System32\ntoskrnl.exe 9 0x80508458 \WINNT\System32\ntoskrnl.exe a 0x804ABA51 \WINNT\System32\ntoskrnl.exe b 0x804FBBF0 \WINNT\System32\ntoskrnl.exe c 0x804AECE7 \WINNT\System32\ntoskrnl.exe d 0x804AB72A \WINNT\System32\ntoskrnl.exe e 0x804492BA \WINNT\System32\ntoskrnl.exe f 0x804AAE39 \WINNT\System32\ntoskrnl.exe 10 0x8049ED34 \WINNT\System32\ntoskrnl.exe 11 0x804EF7C3 \WINNT\System32\ntoskrnl.exe 12 0x804FBFA3 \WINNT\System32\ntoskrnl.exe 13 0x8040189A \WINNT\System32\ntoskrnl.exe 14 0x804CB21E \WINNT\System32\ntoskrnl.exe 15 0x80418F04 \WINNT\System32\ntoskrnl.exe 16 0x804E9B8C \WINNT\System32\ntoskrnl.exe 17 0x80498F39 \WINNT\System32\ntoskrnl.exe 18 0x8044D292 \WINNT\System32\ntoskrnl.exe 19 0x804AAD7D \WINNT\System32\ntoskrnl.exe 1a 0x804BBF63 \WINNT\System32\ntoskrnl.exe 1b 0x804BC28B \WINNT\System32\ntoskrnl.exe 1c 0x804668B0 \WINNT\System32\ntoskrnl.exe 1d 0x804F3CE6 \WINNT\System32\ntoskrnl.exe 1e 0x8049AE26 \WINNT\System32\ntoskrnl.exe 1f 0x804C47BF \WINNT\System32\ntoskrnl.exe 20 0x8049A5F1 \WINNT\System32\ntoskrnl.exe 21 0x804BA7B0 \WINNT\System32\ntoskrnl.exe 22 0x804FBCC6 \WINNT\System32\ntoskrnl.exe 23 0x804A0635 \WINNT\System32\ntoskrnl.exe 24 0x8048ECD1 \WINNT\System32\ntoskrnl.exe 25 0x804A6DBA \WINNT\System32\ntoskrnl.exe 26 0x8048EBF9 \WINNT\System32\ntoskrnl.exe 27 0x804ECAC7 \WINNT\System32\ntoskrnl.exe 28 0x804B501B \WINNT\System32\ntoskrnl.exe 29 0x804BD4CB \WINNT\System32\ntoskrnl.exe 2a 0x804C3D89 \WINNT\System32\ntoskrnl.exe 2b 0x804B963E \WINNT\System32\ntoskrnl.exe 2c 0x804B849C \WINNT\System32\ntoskrnl.exe 2d 0x80491F98 \WINNT\System32\ntoskrnl.exe 2e 0x804BB61D \WINNT\System32\ntoskrnl.exe 2f 0x8048E37F \WINNT\System32\ntoskrnl.exe 30 0x8050E0D0 \WINNT\System32\ntoskrnl.exe 31 0x804EA9EA \WINNT\System32\ntoskrnl.exe 32 0x80498B96 \WINNT\System32\ntoskrnl.exe 33 0x804B7FE0 \WINNT\System32\ntoskrnl.exe 34 0x804CB386 \WINNT\System32\ntoskrnl.exe 35 0x804958F5 \WINNT\System32\ntoskrnl.exe 36 0x8050C24E \WINNT\System32\ntoskrnl.exe 37 0x804AC8B6 \WINNT\System32\ntoskrnl.exe 38 0x804A22EF \WINNT\System32\ntoskrnl.exe 39 0x804C0066 \WINNT\System32\ntoskrnl.exe 3a 0x804BAA57 \WINNT\System32\ntoskrnl.exe 3b 0x804A408E \WINNT\System32\ntoskrnl.exe 3c 0x804B9EEF \WINNT\System32\ntoskrnl.exe 3d 0x804A14B2 \WINNT\System32\ntoskrnl.exe 3e 0x804F0212 \WINNT\System32\ntoskrnl.exe 3f 0x80508F0A \WINNT\System32\ntoskrnl.exe 40 0x804A6385 \WINNT\System32\ntoskrnl.exe 41 0x804A1CCB \WINNT\System32\ntoskrnl.exe 42 0x804B927C \WINNT\System32\ntoskrnl.exe 43 0x804B306C \WINNT\System32\ntoskrnl.exe 44 0x804B0757 \WINNT\System32\ntoskrnl.exe 45 0x804F063F \WINNT\System32\ntoskrnl.exe 46 0x804498E5 \WINNT\System32\ntoskrnl.exe 47 0x804A29E7 \WINNT\System32\ntoskrnl.exe 48 0x8049C1A5 \WINNT\System32\ntoskrnl.exe 49 0x80492F9B \WINNT\System32\ntoskrnl.exe 4a 0x804F5C02 \WINNT\System32\ntoskrnl.exe 4b 0x80517DFD \WINNT\System32\ntoskrnl.exe 4c 0x80461606 \WINNT\System32\ntoskrnl.exe 4d 0x80449F2C \WINNT\System32\ntoskrnl.exe 4e 0x8050EB71 \WINNT\System32\ntoskrnl.exe 4f 0x804A4826 \WINNT\System32\ntoskrnl.exe 50 0x80453B63 \WINNT\System32\ntoskrnl.exe 51 0x8051E658 \WINNT\System32\ntoskrnl.exe 52 0x804F59F0 \WINNT\System32\ntoskrnl.exe 53 0x804F5BF4 \WINNT\System32\ntoskrnl.exe 54 0x804EAC0D \WINNT\System32\ntoskrnl.exe 55 0x8052AD90 \WINNT\System32\ntoskrnl.exe 56 0x8051F33B \WINNT\System32\ntoskrnl.exe 57 0x80460FCE \WINNT\System32\ntoskrnl.exe 58 0x804A75FD \WINNT\System32\ntoskrnl.exe 59 0x804F06D6 \WINNT\System32\ntoskrnl.exe 5a 0x80491967 \WINNT\System32\ntoskrnl.exe 5b 0x804489A9 \WINNT\System32\ntoskrnl.exe 5c 0x80448DBC \WINNT\System32\ntoskrnl.exe 5d 0x804B977E \WINNT\System32\ntoskrnl.exe 5e 0x804B4CBA \WINNT\System32\ntoskrnl.exe 5f 0x804B9AD4 \WINNT\System32\ntoskrnl.exe 60 0x804B9B02 \WINNT\System32\ntoskrnl.exe 61 0x804BC938 \WINNT\System32\ntoskrnl.exe 62 0x804A6810 \WINNT\System32\ntoskrnl.exe 63 0x804C48AB \WINNT\System32\ntoskrnl.exe 64 0x804B6C37 \WINNT\System32\ntoskrnl.exe 65 0x804CFC5B \WINNT\System32\ntoskrnl.exe 66 0x804FBEDB \WINNT\System32\ntoskrnl.exe 67 0x8049FDAE \WINNT\System32\ntoskrnl.exe 68 0x804A7039 \WINNT\System32\ntoskrnl.exe 69 0x804AED64 \WINNT\System32\ntoskrnl.exe 6a 0x804BE76D \WINNT\System32\ntoskrnl.exe 6b 0x8049E5E5 \WINNT\System32\ntoskrnl.exe 6c 0x804B941B \WINNT\System32\ntoskrnl.exe 6d 0x804AAA86 \WINNT\System32\ntoskrnl.exe 6e 0x804BC708 \WINNT\System32\ntoskrnl.exe 6f 0x804ABD64 \WINNT\System32\ntoskrnl.exe 70 0x80499353 \WINNT\System32\ntoskrnl.exe 71 0x804C4485 \WINNT\System32\ntoskrnl.exe 72 0x804B11E3 \WINNT\System32\ntoskrnl.exe 73 0x8049227F \WINNT\System32\ntoskrnl.exe 74 0x804ABF6F \WINNT\System32\ntoskrnl.exe 75 0x8050B5E3 \WINNT\System32\ntoskrnl.exe 76 0x8050B3BF \WINNT\System32\ntoskrnl.exe 77 0x804BAE4E \WINNT\System32\ntoskrnl.exe 78 0x804BF790 \WINNT\System32\ntoskrnl.exe 79 0x804B4964 \WINNT\System32\ntoskrnl.exe 7a 0x804B6EE6 \WINNT\System32\ntoskrnl.exe 7b 0x804B67D3 \WINNT\System32\ntoskrnl.exe 7c 0x804A7A5C \WINNT\System32\ntoskrnl.exe 7d 0x804BED76 \WINNT\System32\ntoskrnl.exe 7e 0x80491C73 \WINNT\System32\ntoskrnl.exe 7f 0x804D06D6 \WINNT\System32\ntoskrnl.exe 80 0x804BEA2A \WINNT\System32\ntoskrnl.exe 81 0x804B43D3 \WINNT\System32\ntoskrnl.exe 82 0x804B7154 \WINNT\System32\ntoskrnl.exe 83 0x804BDA90 \WINNT\System32\ntoskrnl.exe 84 0x80498DBB \WINNT\System32\ntoskrnl.exe 85 0x804EAC8B \WINNT\System32\ntoskrnl.exe 86 0x804B6854 \WINNT\System32\ntoskrnl.exe 87 0x80498FC2 \WINNT\System32\ntoskrnl.exe 88 0x8049E3E0 \WINNT\System32\ntoskrnl.exe 89 0x804A7E24 \WINNT\System32\ntoskrnl.exe 8a 0x804C4357 \WINNT\System32\ntoskrnl.exe 8b 0x804A0EB7 \WINNT\System32\ntoskrnl.exe 8c 0x8051F9F0 \WINNT\System32\ntoskrnl.exe 8d 0x804C461E \WINNT\System32\ntoskrnl.exe 8e 0x804A2E40 \WINNT\System32\ntoskrnl.exe 8f 0x80520094 \WINNT\System32\ntoskrnl.exe 90 0x804BF0C1 \WINNT\System32\ntoskrnl.exe 91 0x804D15EE \WINNT\System32\ntoskrnl.exe 92 0x804BCAFC \WINNT\System32\ntoskrnl.exe 93 0x8044D7BA \WINNT\System32\ntoskrnl.exe 94 0x804C2ECD \WINNT\System32\ntoskrnl.exe 95 0x804BC7A5 \WINNT\System32\ntoskrnl.exe 96 0x804C37D8 \WINNT\System32\ntoskrnl.exe 97 0x8049F2CE \WINNT\System32\ntoskrnl.exe 98 0x804A2888 \WINNT\System32\ntoskrnl.exe 99 0x804AD79C \WINNT\System32\ntoskrnl.exe 9a 0x804B0536 \WINNT\System32\ntoskrnl.exe 9b 0x804A01DA \WINNT\System32\ntoskrnl.exe 9c 0x804B77C4 \WINNT\System32\ntoskrnl.exe 9d 0x804A6670 \WINNT\System32\ntoskrnl.exe 9e 0x804AD6F9 \WINNT\System32\ntoskrnl.exe 9f 0x804668F8 \WINNT\System32\ntoskrnl.exe a0 0x804C2B38 \WINNT\System32\ntoskrnl.exe a1 0x8049AF1B \WINNT\System32\ntoskrnl.exe a2 0x804D2295 \WINNT\System32\ntoskrnl.exe a3 0x804BC642 \WINNT\System32\ntoskrnl.exe a4 0x804A585A \WINNT\System32\ntoskrnl.exe a5 0x804BB8F2 \WINNT\System32\ntoskrnl.exe a6 0x80499536 \WINNT\System32\ntoskrnl.exe a7 0x8049DAC1 \WINNT\System32\ntoskrnl.exe a8 0x804991E5 \WINNT\System32\ntoskrnl.exe a9 0x8051F81F \WINNT\System32\ntoskrnl.exe aa 0x804A42A8 \WINNT\System32\ntoskrnl.exe ab 0x804986CE \WINNT\System32\ntoskrnl.exe ac 0x804339E4 \WINNT\System32\ntoskrnl.exe ad 0x804EAE8E \WINNT\System32\ntoskrnl.exe ae 0x804F5B92 \WINNT\System32\ntoskrnl.exe af 0x804B29EE \WINNT\System32\ntoskrnl.exe b0 0x80498311 \WINNT\System32\ntoskrnl.exe b1 0x804F599C \WINNT\System32\ntoskrnl.exe b2 0x804BF8E0 \WINNT\System32\ntoskrnl.exe b3 0x8044A413 \WINNT\System32\ntoskrnl.exe b4 0x8051EF54 \WINNT\System32\ntoskrnl.exe b5 0x804BB755 \WINNT\System32\ntoskrnl.exe b6 0x80495A06 \WINNT\System32\ntoskrnl.exe b7 0x8051F0B8 \WINNT\System32\ntoskrnl.exe b8 0x804330BD \WINNT\System32\ntoskrnl.exe b9 0x804BEE87 \WINNT\System32\ntoskrnl.exe ba 0x804931B3 \WINNT\System32\ntoskrnl.exe bb 0x804C2DCF \WINNT\System32\ntoskrnl.exe bc 0x804C0322 \WINNT\System32\ntoskrnl.exe bd 0x804C08F0 \WINNT\System32\ntoskrnl.exe be 0x804D0C43 \WINNT\System32\ntoskrnl.exe bf 0x80498E90 \WINNT\System32\ntoskrnl.exe c0 0x804C4B4D \WINNT\System32\ntoskrnl.exe c1 0x804C4A93 \WINNT\System32\ntoskrnl.exe c2 0x804A16C0 \WINNT\System32\ntoskrnl.exe c3 0x804FCE5A \WINNT\System32\ntoskrnl.exe c4 0x8051F525 \WINNT\System32\ntoskrnl.exe c5 0x804A2F65 \WINNT\System32\ntoskrnl.exe c6 0x804B732C \WINNT\System32\ntoskrnl.exe c7 0x8049D596 \WINNT\System32\ntoskrnl.exe c8 0x8050F100 \WINNT\System32\ntoskrnl.exe c9 0x804C4345 \WINNT\System32\ntoskrnl.exe ca 0x80492B0E \WINNT\System32\ntoskrnl.exe cb 0x804C4AF7 \WINNT\System32\ntoskrnl.exe cc 0x804C4A2F \WINNT\System32\ntoskrnl.exe cd 0x804D1B59 \WINNT\System32\ntoskrnl.exe ce 0x8044D6C5 \WINNT\System32\ntoskrnl.exe cf 0x804C3A62 \WINNT\System32\ntoskrnl.exe d0 0x8048D7CA \WINNT\System32\ntoskrnl.exe d1 0x80489C29 \WINNT\System32\ntoskrnl.exe d2 0x8048DE42 \WINNT\System32\ntoskrnl.exe d3 0x804921A9 \WINNT\System32\ntoskrnl.exe d4 0x8041909D \WINNT\System32\ntoskrnl.exe d5 0x8048DF4C \WINNT\System32\ntoskrnl.exe d6 0x804C3279 \WINNT\System32\ntoskrnl.exe d7 0x804A8822 \WINNT\System32\ntoskrnl.exe d8 0x804D1C75 \WINNT\System32\ntoskrnl.exe d9 0x804C0034 \WINNT\System32\ntoskrnl.exe da 0x8044E121 \WINNT\System32\ntoskrnl.exe db 0x804C3FFA \WINNT\System32\ntoskrnl.exe dc 0x804C42A1 \WINNT\System32\ntoskrnl.exe dd 0x80492ECB \WINNT\System32\ntoskrnl.exe de 0x8052ABEF \WINNT\System32\ntoskrnl.exe df 0x804FDC2C \WINNT\System32\ntoskrnl.exe e0 0x804BE082 \WINNT\System32\ntoskrnl.exe e1 0x804B7C2F \WINNT\System32\ntoskrnl.exe e2 0x804BB99A \WINNT\System32\ntoskrnl.exe e3 0x8052AF5D \WINNT\System32\ntoskrnl.exe e4 0x8051F34D \WINNT\System32\ntoskrnl.exe e5 0x804A73C6 \WINNT\System32\ntoskrnl.exe e6 0x804B469E \WINNT\System32\ntoskrnl.exe e7 0x804B82A3 \WINNT\System32\ntoskrnl.exe e8 0x80494707 \WINNT\System32\ntoskrnl.exe e9 0x8044E312 \WINNT\System32\ntoskrnl.exe ea 0x80498C2D \WINNT\System32\ntoskrnl.exe eb 0x804C49D1 \WINNT\System32\ntoskrnl.exe ec 0x804C4973 \WINNT\System32\ntoskrnl.exe ed 0x804A1A9A \WINNT\System32\ntoskrnl.exe ee 0x804D2B4A \WINNT\System32\ntoskrnl.exe ef 0x804BC69B \WINNT\System32\ntoskrnl.exe f0 0x804A56D1 \WINNT\System32\ntoskrnl.exe f1 0x804E9B84 \WINNT\System32\ntoskrnl.exe f2 0x804E9B84 \WINNT\System32\ntoskrnl.exe f3 0x804E9B84 \WINNT\System32\ntoskrnl.exe f4 0x80432FFF \WINNT\System32\ntoskrnl.exe f5 0x80446B97 \WINNT\System32\ntoskrnl.exe f6 0x804E9B8C \WINNT\System32\ntoskrnl.exe f7 0x80433007 \WINNT\System32\ntoskrnl.exe KeServiceDescriptorTableShadow at virtual address : 0x8046B880(46b880) 0 0xA0105666 \??\C:\WINNT\system32\win32k.sys 1 0xA011D430 \??\C:\WINNT\system32\win32k.sys 2 0xA00AEB4F \??\C:\WINNT\system32\win32k.sys 3 0xA0111BE9 \??\C:\WINNT\system32\win32k.sys 4 0xA011F1CA \??\C:\WINNT\system32\win32k.sys 5 0xA0105C7B \??\C:\WINNT\system32\win32k.sys 6 0xA0106355 \??\C:\WINNT\system32\win32k.sys 7 0xA0102E82 \??\C:\WINNT\system32\win32k.sys 8 0xA011E911 \??\C:\WINNT\system32\win32k.sys 9 0xA004B276 \??\C:\WINNT\system32\win32k.sys a 0xA00B5F7A \??\C:\WINNT\system32\win32k.sys b 0xA005284F \??\C:\WINNT\system32\win32k.sys c 0xA00477BD \??\C:\WINNT\system32\win32k.sys d 0xA001AF74 \??\C:\WINNT\system32\win32k.sys e 0xA011EE73 \??\C:\WINNT\system32\win32k.sys f 0xA0120C7F \??\C:\WINNT\system32\win32k.sys 10 0xA00550C7 \??\C:\WINNT\system32\win32k.sys 11 0xA0120DD9 \??\C:\WINNT\system32\win32k.sys 12 0xA0077603 \??\C:\WINNT\system32\win32k.sys 13 0xA004D14B \??\C:\WINNT\system32\win32k.sys 14 0xA007A0EF \??\C:\WINNT\system32\win32k.sys 15 0xA0016344 \??\C:\WINNT\system32\win32k.sys 16 0xA004F7EF \??\C:\WINNT\system32\win32k.sys 17 0xA001E106 \??\C:\WINNT\system32\win32k.sys 18 0xA0089E93 \??\C:\WINNT\system32\win32k.sys 19 0xA004FE0F \??\C:\WINNT\system32\win32k.sys 1a 0xA0120932 \??\C:\WINNT\system32\win32k.sys 1b 0xA00761D6 \??\C:\WINNT\system32\win32k.sys 1c 0xA001D56E \??\C:\WINNT\system32\win32k.sys 1d 0xA006854C \??\C:\WINNT\system32\win32k.sys 1e 0xA0091F45 \??\C:\WINNT\system32\win32k.sys 1f 0xA009310D \??\C:\WINNT\system32\win32k.sys 20 0xA010938E \??\C:\WINNT\system32\win32k.sys 21 0xA0094717 \??\C:\WINNT\system32\win32k.sys 22 0xA00526B9 \??\C:\WINNT\system32\win32k.sys 23 0xA004CC3F \??\C:\WINNT\system32\win32k.sys 24 0xA0093FF3 \??\C:\WINNT\system32\win32k.sys 25 0xA008AD46 \??\C:\WINNT\system32\win32k.sys 26 0xA007786F \??\C:\WINNT\system32\win32k.sys 27 0xA0077E6B \??\C:\WINNT\system32\win32k.sys 28 0xA01094A3 \??\C:\WINNT\system32\win32k.sys 29 0xA00B103A \??\C:\WINNT\system32\win32k.sys 2a 0xA001DC18 \??\C:\WINNT\system32\win32k.sys 2b 0xA0123824 \??\C:\WINNT\system32\win32k.sys 2c 0xA0123BC3 \??\C:\WINNT\system32\win32k.sys 2d 0xA0123C54 \??\C:\WINNT\system32\win32k.sys 2e 0xA012402C \??\C:\WINNT\system32\win32k.sys 2f 0xA0123CC2 \??\C:\WINNT\system32\win32k.sys 30 0xA01241FE \??\C:\WINNT\system32\win32k.sys 31 0xA0127078 \??\C:\WINNT\system32\win32k.sys 32 0xA0128FDC \??\C:\WINNT\system32\win32k.sys 33 0xA00BB12D \??\C:\WINNT\system32\win32k.sys 34 0xA012875C \??\C:\WINNT\system32\win32k.sys 35 0xA0125E29 \??\C:\WINNT\system32\win32k.sys 36 0xA00A7695 \??\C:\WINNT\system32\win32k.sys 37 0xA012697A \??\C:\WINNT\system32\win32k.sys 38 0xA01278BC \??\C:\WINNT\system32\win32k.sys 39 0xA00A8397 \??\C:\WINNT\system32\win32k.sys 3a 0xA00A73F2 \??\C:\WINNT\system32\win32k.sys 3b 0xA00A73F2 \??\C:\WINNT\system32\win32k.sys 3c 0xA012811E \??\C:\WINNT\system32\win32k.sys 3d 0xA00BBF6C \??\C:\WINNT\system32\win32k.sys 3e 0xA00A647F \??\C:\WINNT\system32\win32k.sys 3f 0xA00A6BED \??\C:\WINNT\system32\win32k.sys 40 0xA01286ED \??\C:\WINNT\system32\win32k.sys 41 0xA00BAFA1 \??\C:\WINNT\system32\win32k.sys 42 0xA0126FAF \??\C:\WINNT\system32\win32k.sys 43 0xA01289C6 \??\C:\WINNT\system32\win32k.sys 44 0xA00BC55B \??\C:\WINNT\system32\win32k.sys 45 0xA0127723 \??\C:\WINNT\system32\win32k.sys 46 0xA00B01E9 \??\C:\WINNT\system32\win32k.sys 47 0xA01267AF \??\C:\WINNT\system32\win32k.sys 48 0xA00BC9E9 \??\C:\WINNT\system32\win32k.sys 49 0xA00A8962 \??\C:\WINNT\system32\win32k.sys 4a 0xA0127B83 \??\C:\WINNT\system32\win32k.sys 4b 0xA00BBE3A \??\C:\WINNT\system32\win32k.sys 4c 0xA0128598 \??\C:\WINNT\system32\win32k.sys 4d 0xA01283B5 \??\C:\WINNT\system32\win32k.sys 4e 0xA0127CC7 \??\C:\WINNT\system32\win32k.sys 4f 0xA0127E7B \??\C:\WINNT\system32\win32k.sys 50 0xA01274DD \??\C:\WINNT\system32\win32k.sys 51 0xA00A6DF5 \??\C:\WINNT\system32\win32k.sys 52 0xA012659B \??\C:\WINNT\system32\win32k.sys 53 0xA00A8CF2 \??\C:\WINNT\system32\win32k.sys 54 0xA0128E95 \??\C:\WINNT\system32\win32k.sys 55 0xA00A90B3 \??\C:\WINNT\system32\win32k.sys 56 0xA00BC940 \??\C:\WINNT\system32\win32k.sys 57 0xA0128B4E \??\C:\WINNT\system32\win32k.sys 58 0xA00510ED \??\C:\WINNT\system32\win32k.sys 59 0xA00BC44C \??\C:\WINNT\system32\win32k.sys 5a 0xA012760B \??\C:\WINNT\system32\win32k.sys 5b 0xA0129484 \??\C:\WINNT\system32\win32k.sys 5c 0xA01295F6 \??\C:\WINNT\system32\win32k.sys 5d 0xA012737F \??\C:\WINNT\system32\win32k.sys 5e 0xA00BB0B6 \??\C:\WINNT\system32\win32k.sys 5f 0xA00A6D46 \??\C:\WINNT\system32\win32k.sys 60 0xA012669E \??\C:\WINNT\system32\win32k.sys 61 0xA00BAC82 \??\C:\WINNT\system32\win32k.sys 62 0xA00BC7BB \??\C:\WINNT\system32\win32k.sys 63 0xA012A818 \??\C:\WINNT\system32\win32k.sys 64 0xA012C011 \??\C:\WINNT\system32\win32k.sys 65 0xA012A960 \??\C:\WINNT\system32\win32k.sys 66 0xA012ABB0 \??\C:\WINNT\system32\win32k.sys 67 0xA012AC1F \??\C:\WINNT\system32\win32k.sys 68 0xA012AD9E \??\C:\WINNT\system32\win32k.sys 69 0xA012AF3D \??\C:\WINNT\system32\win32k.sys 6a 0xA012B076 \??\C:\WINNT\system32\win32k.sys 6b 0xA012B18C \??\C:\WINNT\system32\win32k.sys 6c 0xA012B53D \??\C:\WINNT\system32\win32k.sys 6d 0xA012B353 \??\C:\WINNT\system32\win32k.sys 6e 0xA012B623 \??\C:\WINNT\system32\win32k.sys 6f 0xA012B7E0 \??\C:\WINNT\system32\win32k.sys 70 0xA012B8C6 \??\C:\WINNT\system32\win32k.sys 71 0xA012BEE1 \??\C:\WINNT\system32\win32k.sys 72 0xA0089E60 \??\C:\WINNT\system32\win32k.sys 73 0xA005091C \??\C:\WINNT\system32\win32k.sys 74 0xA0120BA8 \??\C:\WINNT\system32\win32k.sys 75 0xA002BF83 \??\C:\WINNT\system32\win32k.sys 76 0xA005112A \??\C:\WINNT\system32\win32k.sys 77 0xA00BE7E4 \??\C:\WINNT\system32\win32k.sys 78 0xA00BE9D7 \??\C:\WINNT\system32\win32k.sys 79 0xA008A753 \??\C:\WINNT\system32\win32k.sys 7a 0xA011EA32 \??\C:\WINNT\system32\win32k.sys 7b 0xA009D1C7 \??\C:\WINNT\system32\win32k.sys 7c 0xA0001BCE \??\C:\WINNT\system32\win32k.sys 7d 0xA009AFBB \??\C:\WINNT\system32\win32k.sys 7e 0xA009AFC9 \??\C:\WINNT\system32\win32k.sys 7f 0xA004784C \??\C:\WINNT\system32\win32k.sys 80 0xA006F50B \??\C:\WINNT\system32\win32k.sys 81 0xA006E967 \??\C:\WINNT\system32\win32k.sys 82 0xA006EC6D \??\C:\WINNT\system32\win32k.sys 83 0xA004B483 \??\C:\WINNT\system32\win32k.sys 84 0xA00AFAFE \??\C:\WINNT\system32\win32k.sys 85 0xA012F5A6 \??\C:\WINNT\system32\win32k.sys 86 0xA012F409 \??\C:\WINNT\system32\win32k.sys 87 0xA003E887 \??\C:\WINNT\system32\win32k.sys 88 0xA006A99E \??\C:\WINNT\system32\win32k.sys 89 0xA004D1E9 \??\C:\WINNT\system32\win32k.sys 8a 0xA0045846 \??\C:\WINNT\system32\win32k.sys 8b 0xA013063C \??\C:\WINNT\system32\win32k.sys 8c 0xA002C5FE \??\C:\WINNT\system32\win32k.sys 8d 0xA002754A \??\C:\WINNT\system32\win32k.sys 8e 0xA006B82B \??\C:\WINNT\system32\win32k.sys 8f 0xA0055135 \??\C:\WINNT\system32\win32k.sys 90 0xA00A4872 \??\C:\WINNT\system32\win32k.sys 91 0xA011D548 \??\C:\WINNT\system32\win32k.sys 92 0xA0017998 \??\C:\WINNT\system32\win32k.sys 93 0xA0013C16 \??\C:\WINNT\system32\win32k.sys 94 0xA011FB03 \??\C:\WINNT\system32\win32k.sys 95 0xA010958E \??\C:\WINNT\system32\win32k.sys 96 0xA00B688E \??\C:\WINNT\system32\win32k.sys 97 0xA00717C5 \??\C:\WINNT\system32\win32k.sys 98 0xA0026505 \??\C:\WINNT\system32\win32k.sys 99 0xA0071F30 \??\C:\WINNT\system32\win32k.sys 9a 0xA00A6717 \??\C:\WINNT\system32\win32k.sys 9b 0xA00A3448 \??\C:\WINNT\system32\win32k.sys 9c 0xA0072381 \??\C:\WINNT\system32\win32k.sys 9d 0xA011DB5C \??\C:\WINNT\system32\win32k.sys 9e 0xA00291A3 \??\C:\WINNT\system32\win32k.sys 9f 0xA0070506 \??\C:\WINNT\system32\win32k.sys a0 0xA007D95E \??\C:\WINNT\system32\win32k.sys a1 0xA011ECD6 \??\C:\WINNT\system32\win32k.sys a2 0xA0130F14 \??\C:\WINNT\system32\win32k.sys a3 0xA0028C95 \??\C:\WINNT\system32\win32k.sys a4 0xA0077AE4 \??\C:\WINNT\system32\win32k.sys a5 0xA0077B0A \??\C:\WINNT\system32\win32k.sys a6 0xA00D64EF \??\C:\WINNT\system32\win32k.sys a7 0xA011EF23 \??\C:\WINNT\system32\win32k.sys a8 0xA0121025 \??\C:\WINNT\system32\win32k.sys a9 0xA0041AD8 \??\C:\WINNT\system32\win32k.sys aa 0xA00932EB \??\C:\WINNT\system32\win32k.sys ab 0xA0131CC0 \??\C:\WINNT\system32\win32k.sys ac 0xA012E6BD \??\C:\WINNT\system32\win32k.sys ad 0xA009DC8C \??\C:\WINNT\system32\win32k.sys ae 0xA011F494 \??\C:\WINNT\system32\win32k.sys af 0xA011FEDD \??\C:\WINNT\system32\win32k.sys b0 0xA011FD84 \??\C:\WINNT\system32\win32k.sys b1 0xA011EB52 \??\C:\WINNT\system32\win32k.sys b2 0xA00B9BD2 \??\C:\WINNT\system32\win32k.sys b3 0xA01057C6 \??\C:\WINNT\system32\win32k.sys b4 0xA011E98A \??\C:\WINNT\system32\win32k.sys b5 0xA0110FB5 \??\C:\WINNT\system32\win32k.sys b6 0xA0037922 \??\C:\WINNT\system32\win32k.sys b7 0xA0068781 \??\C:\WINNT\system32\win32k.sys b8 0xA004F5E9 \??\C:\WINNT\system32\win32k.sys b9 0xA0070B2A \??\C:\WINNT\system32\win32k.sys ba 0xA011D95F \??\C:\WINNT\system32\win32k.sys bb 0xA0080513 \??\C:\WINNT\system32\win32k.sys bc 0xA002755E \??\C:\WINNT\system32\win32k.sys bd 0xA00D4BCB \??\C:\WINNT\system32\win32k.sys be 0xA00B5F12 \??\C:\WINNT\system32\win32k.sys bf 0xA009C898 \??\C:\WINNT\system32\win32k.sys c0 0xA003E8A2 \??\C:\WINNT\system32\win32k.sys c1 0xA00D9C5F \??\C:\WINNT\system32\win32k.sys c2 0xA00A91E3 \??\C:\WINNT\system32\win32k.sys c3 0xA0131E9E \??\C:\WINNT\system32\win32k.sys c4 0xA001C464 \??\C:\WINNT\system32\win32k.sys c5 0xA012F6FF \??\C:\WINNT\system32\win32k.sys c6 0xA0071145 \??\C:\WINNT\system32\win32k.sys c7 0xA0037BC9 \??\C:\WINNT\system32\win32k.sys c8 0xA00940E7 \??\C:\WINNT\system32\win32k.sys c9 0xA00487D0 \??\C:\WINNT\system32\win32k.sys ca 0xA007CFC2 \??\C:\WINNT\system32\win32k.sys cb 0xA0079728 \??\C:\WINNT\system32\win32k.sys cc 0xA004C407 \??\C:\WINNT\system32\win32k.sys cd 0xA011F60B \??\C:\WINNT\system32\win32k.sys ce 0xA011F6E9 \??\C:\WINNT\system32\win32k.sys cf 0xA011FEFA \??\C:\WINNT\system32\win32k.sys d0 0xA007C94F \??\C:\WINNT\system32\win32k.sys d1 0xA0114441 \??\C:\WINNT\system32\win32k.sys d2 0xA0074EFC \??\C:\WINNT\system32\win32k.sys d3 0xA0121662 \??\C:\WINNT\system32\win32k.sys d4 0xA005BFE2 \??\C:\WINNT\system32\win32k.sys d5 0xA0000461 \??\C:\WINNT\system32\win32k.sys d6 0xA002752F \??\C:\WINNT\system32\win32k.sys d7 0xA0068120 \??\C:\WINNT\system32\win32k.sys d8 0xA003F12D \??\C:\WINNT\system32\win32k.sys d9 0xA011FC87 \??\C:\WINNT\system32\win32k.sys da 0xA004CD7A \??\C:\WINNT\system32\win32k.sys db 0xA009C05D \??\C:\WINNT\system32\win32k.sys dc 0xA004C773 \??\C:\WINNT\system32\win32k.sys dd 0xA0122DE3 \??\C:\WINNT\system32\win32k.sys de 0xA011EE9F \??\C:\WINNT\system32\win32k.sys df 0xA00519CF \??\C:\WINNT\system32\win32k.sys e0 0xA003E90B \??\C:\WINNT\system32\win32k.sys e1 0xA0091951 \??\C:\WINNT\system32\win32k.sys e2 0xA0077D2A \??\C:\WINNT\system32\win32k.sys e3 0xA008AAF1 \??\C:\WINNT\system32\win32k.sys e4 0xA011D77C \??\C:\WINNT\system32\win32k.sys e5 0xA0115B0C \??\C:\WINNT\system32\win32k.sys e6 0xA011E419 \??\C:\WINNT\system32\win32k.sys e7 0xA003FB5B \??\C:\WINNT\system32\win32k.sys e8 0xA011E538 \??\C:\WINNT\system32\win32k.sys e9 0xA011F08F \??\C:\WINNT\system32\win32k.sys ea 0xA0109A34 \??\C:\WINNT\system32\win32k.sys eb 0xA009A062 \??\C:\WINNT\system32\win32k.sys ec 0xA005BFF2 \??\C:\WINNT\system32\win32k.sys ed 0xA004046D \??\C:\WINNT\system32\win32k.sys ee 0xA011EFA7 \??\C:\WINNT\system32\win32k.sys ef 0xA006B1F5 \??\C:\WINNT\system32\win32k.sys f0 0xA011F2F0 \??\C:\WINNT\system32\win32k.sys f1 0xA011F47D \??\C:\WINNT\system32\win32k.sys f2 0xA00996C4 \??\C:\WINNT\system32\win32k.sys f3 0xA0123093 \??\C:\WINNT\system32\win32k.sys f4 0xA0077470 \??\C:\WINNT\system32\win32k.sys f5 0xA00D714E \??\C:\WINNT\system32\win32k.sys f6 0xA0077480 \??\C:\WINNT\system32\win32k.sys f7 0xA00522DA \??\C:\WINNT\system32\win32k.sys f8 0xA011F9AB \??\C:\WINNT\system32\win32k.sys f9 0xA001C93D \??\C:\WINNT\system32\win32k.sys fa 0xA011EE7F \??\C:\WINNT\system32\win32k.sys fb 0xA00517DF \??\C:\WINNT\system32\win32k.sys fc 0xA00774B8 \??\C:\WINNT\system32\win32k.sys fd 0xA011EE8F \??\C:\WINNT\system32\win32k.sys fe 0xA006AC98 \??\C:\WINNT\system32\win32k.sys ff 0xA011FA75 \??\C:\WINNT\system32\win32k.sys 100 0xA007E645 \??\C:\WINNT\system32\win32k.sys 101 0xA004BE05 \??\C:\WINNT\system32\win32k.sys 102 0xA011ED4D \??\C:\WINNT\system32\win32k.sys 103 0xA00508A6 \??\C:\WINNT\system32\win32k.sys 104 0xA01213BE \??\C:\WINNT\system32\win32k.sys 105 0xA00779DD \??\C:\WINNT\system32\win32k.sys 106 0xA0001FDD \??\C:\WINNT\system32\win32k.sys 107 0xA004C93D \??\C:\WINNT\system32\win32k.sys 108 0xA004C982 \??\C:\WINNT\system32\win32k.sys 109 0xA004CF06 \??\C:\WINNT\system32\win32k.sys 10a 0xA0123599 \??\C:\WINNT\system32\win32k.sys 10b 0xA004C474 \??\C:\WINNT\system32\win32k.sys 10c 0xA004C5FD \??\C:\WINNT\system32\win32k.sys 10d 0xA011F99F \??\C:\WINNT\system32\win32k.sys 10e 0xA011F993 \??\C:\WINNT\system32\win32k.sys 10f 0xA007797F \??\C:\WINNT\system32\win32k.sys 110 0xA00806F3 \??\C:\WINNT\system32\win32k.sys 111 0xA01330C1 \??\C:\WINNT\system32\win32k.sys 112 0xA011EF8C \??\C:\WINNT\system32\win32k.sys 113 0xA011EF33 \??\C:\WINNT\system32\win32k.sys 114 0xA01322A9 \??\C:\WINNT\system32\win32k.sys 115 0xA0053FAD \??\C:\WINNT\system32\win32k.sys 116 0xA004CE7D \??\C:\WINNT\system32\win32k.sys 117 0xA004C5AF \??\C:\WINNT\system32\win32k.sys 118 0xA0099A1F \??\C:\WINNT\system32\win32k.sys 119 0xA009BA39 \??\C:\WINNT\system32\win32k.sys 11a 0xA008B08D \??\C:\WINNT\system32\win32k.sys 11b 0xA0094A44 \??\C:\WINNT\system32\win32k.sys 11c 0xA00BEB07 \??\C:\WINNT\system32\win32k.sys 11d 0xA00AA173 \??\C:\WINNT\system32\win32k.sys 11e 0xA0133294 \??\C:\WINNT\system32\win32k.sys 11f 0xA003E999 \??\C:\WINNT\system32\win32k.sys 120 0xA0119E5C \??\C:\WINNT\system32\win32k.sys 121 0xA011FB8A \??\C:\WINNT\system32\win32k.sys 122 0xA011F1C4 \??\C:\WINNT\system32\win32k.sys 123 0xA011EF80 \??\C:\WINNT\system32\win32k.sys 124 0xA012324F \??\C:\WINNT\system32\win32k.sys 125 0xA011D5DF \??\C:\WINNT\system32\win32k.sys 126 0xA005D014 \??\C:\WINNT\system32\win32k.sys 127 0xA007ED1E \??\C:\WINNT\system32\win32k.sys 128 0xA00E3183 \??\C:\WINNT\system32\win32k.sys 129 0xA007E51C \??\C:\WINNT\system32\win32k.sys 12a 0xA0029892 \??\C:\WINNT\system32\win32k.sys 12b 0xA007DB09 \??\C:\WINNT\system32\win32k.sys 12c 0xA00E1971 \??\C:\WINNT\system32\win32k.sys 12d 0xA00E329F \??\C:\WINNT\system32\win32k.sys 12e 0xA003710F \??\C:\WINNT\system32\win32k.sys 12f 0xA0054168 \??\C:\WINNT\system32\win32k.sys 130 0xA00E16C4 \??\C:\WINNT\system32\win32k.sys 131 0xA007E6A1 \??\C:\WINNT\system32\win32k.sys 132 0xA0036980 \??\C:\WINNT\system32\win32k.sys 133 0xA0000CCD \??\C:\WINNT\system32\win32k.sys 134 0xA007988D \??\C:\WINNT\system32\win32k.sys 135 0xA0079D42 \??\C:\WINNT\system32\win32k.sys 136 0xA008AF79 \??\C:\WINNT\system32\win32k.sys 137 0xA004BE5F \??\C:\WINNT\system32\win32k.sys 138 0xA0015D95 \??\C:\WINNT\system32\win32k.sys 139 0xA0015DDD \??\C:\WINNT\system32\win32k.sys 13a 0xA007950D \??\C:\WINNT\system32\win32k.sys 13b 0xA009E0DD \??\C:\WINNT\system32\win32k.sys 13c 0xA00E1B81 \??\C:\WINNT\system32\win32k.sys 13d 0xA005E8F6 \??\C:\WINNT\system32\win32k.sys 13e 0xA00A9B79 \??\C:\WINNT\system32\win32k.sys 13f 0xA007039D \??\C:\WINNT\system32\win32k.sys 140 0xA00E055D \??\C:\WINNT\system32\win32k.sys 141 0xA0067C07 \??\C:\WINNT\system32\win32k.sys 142 0xA005DB2E \??\C:\WINNT\system32\win32k.sys 143 0xA005DB79 \??\C:\WINNT\system32\win32k.sys 144 0xA005B3B9 \??\C:\WINNT\system32\win32k.sys 145 0xA006901A \??\C:\WINNT\system32\win32k.sys 146 0xA0054963 \??\C:\WINNT\system32\win32k.sys 147 0xA003E955 \??\C:\WINNT\system32\win32k.sys 148 0xA0093ECC \??\C:\WINNT\system32\win32k.sys 149 0xA007B156 \??\C:\WINNT\system32\win32k.sys 14a 0xA0005EF5 \??\C:\WINNT\system32\win32k.sys 14b 0xA00E30FE \??\C:\WINNT\system32\win32k.sys 14c 0xA0068068 \??\C:\WINNT\system32\win32k.sys 14d 0xA003300A \??\C:\WINNT\system32\win32k.sys 14e 0xA00054F6 \??\C:\WINNT\system32\win32k.sys 14f 0xA00B22A1 \??\C:\WINNT\system32\win32k.sys 150 0xA005455A \??\C:\WINNT\system32\win32k.sys 151 0xA00B1448 \??\C:\WINNT\system32\win32k.sys 152 0xA006B3C3 \??\C:\WINNT\system32\win32k.sys 153 0xA007DB49 \??\C:\WINNT\system32\win32k.sys 154 0xA007D418 \??\C:\WINNT\system32\win32k.sys 155 0xA00A9D7E \??\C:\WINNT\system32\win32k.sys 156 0xA00349EC \??\C:\WINNT\system32\win32k.sys 157 0xA00E3145 \??\C:\WINNT\system32\win32k.sys 158 0xA008B13B \??\C:\WINNT\system32\win32k.sys 159 0xA0027A44 \??\C:\WINNT\system32\win32k.sys 15a 0xA00E38C9 \??\C:\WINNT\system32\win32k.sys 15b 0xA002A916 \??\C:\WINNT\system32\win32k.sys 15c 0xA00E1809 \??\C:\WINNT\system32\win32k.sys 15d 0xA00DF42C \??\C:\WINNT\system32\win32k.sys 15e 0xA00E0838 \??\C:\WINNT\system32\win32k.sys 15f 0xA00E0911 \??\C:\WINNT\system32\win32k.sys 160 0xA005DE69 \??\C:\WINNT\system32\win32k.sys 161 0xA0077BC7 \??\C:\WINNT\system32\win32k.sys 162 0xA00E1BD7 \??\C:\WINNT\system32\win32k.sys 163 0xA0067ED6 \??\C:\WINNT\system32\win32k.sys 164 0xA0062EB6 \??\C:\WINNT\system32\win32k.sys 165 0xA0093E54 \??\C:\WINNT\system32\win32k.sys 166 0xA006B371 \??\C:\WINNT\system32\win32k.sys 167 0xA00E09DE \??\C:\WINNT\system32\win32k.sys 168 0xA00299C6 \??\C:\WINNT\system32\win32k.sys 169 0xA00A8055 \??\C:\WINNT\system32\win32k.sys 16a 0xA00A96E4 \??\C:\WINNT\system32\win32k.sys 16b 0xA00A6382 \??\C:\WINNT\system32\win32k.sys 16c 0xA00DFB3C \??\C:\WINNT\system32\win32k.sys 16d 0xA006ADC0 \??\C:\WINNT\system32\win32k.sys 16e 0xA007EC89 \??\C:\WINNT\system32\win32k.sys 16f 0xA001E3C9 \??\C:\WINNT\system32\win32k.sys 170 0xA006C0E2 \??\C:\WINNT\system32\win32k.sys 171 0xA00E3BC3 \??\C:\WINNT\system32\win32k.sys 172 0xA00E028E \??\C:\WINNT\system32\win32k.sys 173 0xA00E0211 \??\C:\WINNT\system32\win32k.sys 174 0xA00E3676 \??\C:\WINNT\system32\win32k.sys 175 0xA00795EC \??\C:\WINNT\system32\win32k.sys 176 0xA00898AB \??\C:\WINNT\system32\win32k.sys 177 0xA00E1323 \??\C:\WINNT\system32\win32k.sys 178 0xA00347EE \??\C:\WINNT\system32\win32k.sys 179 0xA0077FD1 \??\C:\WINNT\system32\win32k.sys 17a 0xA0067F8B \??\C:\WINNT\system32\win32k.sys 17b 0xA0089EF2 \??\C:\WINNT\system32\win32k.sys 17c 0xA008B0F0 \??\C:\WINNT\system32\win32k.sys 17d 0xA007AF02 \??\C:\WINNT\system32\win32k.sys 17e 0xA00E0A24 \??\C:\WINNT\system32\win32k.sys 17f 0xA00E05EB \??\C:\WINNT\system32\win32k.sys 180 0xA00DFFAF \??\C:\WINNT\system32\win32k.sys 181 0xA0073A61 \??\C:\WINNT\system32\win32k.sys 182 0xA0064BB7 \??\C:\WINNT\system32\win32k.sys 183 0xA007AE54 \??\C:\WINNT\system32\win32k.sys 184 0xA007ED93 \??\C:\WINNT\system32\win32k.sys 185 0xA00E0089 \??\C:\WINNT\system32\win32k.sys 186 0xA0018D94 \??\C:\WINNT\system32\win32k.sys 187 0xA007EE45 \??\C:\WINNT\system32\win32k.sys 188 0xA008AEF2 \??\C:\WINNT\system32\win32k.sys 189 0xA0028605 \??\C:\WINNT\system32\win32k.sys 18a 0xA00B8F27 \??\C:\WINNT\system32\win32k.sys 18b 0xA00DFE1F \??\C:\WINNT\system32\win32k.sys 18c 0xA009234F \??\C:\WINNT\system32\win32k.sys 18d 0xA0077C92 \??\C:\WINNT\system32\win32k.sys 18e 0xA00E3533 \??\C:\WINNT\system32\win32k.sys 18f 0xA00E33B4 \??\C:\WINNT\system32\win32k.sys 190 0xA00DFBE1 \??\C:\WINNT\system32\win32k.sys 191 0xA006AF30 \??\C:\WINNT\system32\win32k.sys 192 0xA00B0805 \??\C:\WINNT\system32\win32k.sys 193 0xA006CFB9 \??\C:\WINNT\system32\win32k.sys 194 0xA004B5F8 \??\C:\WINNT\system32\win32k.sys 195 0xA0078F7D \??\C:\WINNT\system32\win32k.sys 196 0xA00E005F \??\C:\WINNT\system32\win32k.sys 197 0xA00E03B7 \??\C:\WINNT\system32\win32k.sys 198 0xA00E0729 \??\C:\WINNT\system32\win32k.sys 199 0xA00AFF64 \??\C:\WINNT\system32\win32k.sys 19a 0xA001557C \??\C:\WINNT\system32\win32k.sys 19b 0xA00E0F5A \??\C:\WINNT\system32\win32k.sys 19c 0xA005B042 \??\C:\WINNT\system32\win32k.sys 19d 0xA003E974 \??\C:\WINNT\system32\win32k.sys 19e 0xA00B121A \??\C:\WINNT\system32\win32k.sys 19f 0xA005AD37 \??\C:\WINNT\system32\win32k.sys 1a0 0xA00E015E \??\C:\WINNT\system32\win32k.sys 1a1 0xA003A283 \??\C:\WINNT\system32\win32k.sys 1a2 0xA005AC7E \??\C:\WINNT\system32\win32k.sys 1a3 0xA0028D97 \??\C:\WINNT\system32\win32k.sys 1a4 0xA00DFEE0 \??\C:\WINNT\system32\win32k.sys 1a5 0xA003812E \??\C:\WINNT\system32\win32k.sys 1a6 0xA00401A8 \??\C:\WINNT\system32\win32k.sys 1a7 0xA00795BA \??\C:\WINNT\system32\win32k.sys 1a8 0xA007E0FE \??\C:\WINNT\system32\win32k.sys 1a9 0xA00D6446 \??\C:\WINNT\system32\win32k.sys 1aa 0xA00DF067 \??\C:\WINNT\system32\win32k.sys 1ab 0xA0079439 \??\C:\WINNT\system32\win32k.sys 1ac 0xA004B2C9 \??\C:\WINNT\system32\win32k.sys 1ad 0xA00E198D \??\C:\WINNT\system32\win32k.sys 1ae 0xA000F37B \??\C:\WINNT\system32\win32k.sys 1af 0xA000C517 \??\C:\WINNT\system32\win32k.sys 1b0 0xA00B612C \??\C:\WINNT\system32\win32k.sys 1b1 0xA00B8FB8 \??\C:\WINNT\system32\win32k.sys 1b2 0xA00296AD \??\C:\WINNT\system32\win32k.sys 1b3 0xA006A94B \??\C:\WINNT\system32\win32k.sys 1b4 0xA007AF50 \??\C:\WINNT\system32\win32k.sys 1b5 0xA001966F \??\C:\WINNT\system32\win32k.sys 1b6 0xA00B94A9 \??\C:\WINNT\system32\win32k.sys 1b7 0xA00008F1 \??\C:\WINNT\system32\win32k.sys 1b8 0xA00AA142 \??\C:\WINNT\system32\win32k.sys 1b9 0xA00DF336 \??\C:\WINNT\system32\win32k.sys 1ba 0xA007BF9B \??\C:\WINNT\system32\win32k.sys 1bb 0xA00E1298 \??\C:\WINNT\system32\win32k.sys 1bc 0xA0018B5E \??\C:\WINNT\system32\win32k.sys 1bd 0xA006965B \??\C:\WINNT\system32\win32k.sys 1be 0xA00E0B4A \??\C:\WINNT\system32\win32k.sys 1bf 0xA00E0A90 \??\C:\WINNT\system32\win32k.sys 1c0 0xA007E718 \??\C:\WINNT\system32\win32k.sys 1c1 0xA007D84C \??\C:\WINNT\system32\win32k.sys 1c2 0xA00E386B \??\C:\WINNT\system32\win32k.sys 1c3 0xA005ACFA \??\C:\WINNT\system32\win32k.sys 1c4 0xA00DFDC8 \??\C:\WINNT\system32\win32k.sys 1c5 0xA0067D47 \??\C:\WINNT\system32\win32k.sys 1c6 0xA0053CF8 \??\C:\WINNT\system32\win32k.sys 1c7 0xA000098D \??\C:\WINNT\system32\win32k.sys 1c8 0xA005424A \??\C:\WINNT\system32\win32k.sys 1c9 0xA005D443 \??\C:\WINNT\system32\win32k.sys 1ca 0xA0018AA8 \??\C:\WINNT\system32\win32k.sys 1cb 0xA0015799 \??\C:\WINNT\system32\win32k.sys 1cc 0xA001B951 \??\C:\WINNT\system32\win32k.sys 1cd 0xA005C576 \??\C:\WINNT\system32\win32k.sys 1ce 0xA00E13D3 \??\C:\WINNT\system32\win32k.sys 1cf 0xA00E3224 \??\C:\WINNT\system32\win32k.sys 1d0 0xA00E185C \??\C:\WINNT\system32\win32k.sys 1d1 0xA00E39AA \??\C:\WINNT\system32\win32k.sys 1d2 0xA002C7D3 \??\C:\WINNT\system32\win32k.sys 1d3 0xA00E0258 \??\C:\WINNT\system32\win32k.sys 1d4 0xA00790F1 \??\C:\WINNT\system32\win32k.sys 1d5 0xA0059D3F \??\C:\WINNT\system32\win32k.sys 1d6 0xA0000FE4 \??\C:\WINNT\system32\win32k.sys 1d7 0xA00DFD23 \??\C:\WINNT\system32\win32k.sys 1d8 0xA002B66A \??\C:\WINNT\system32\win32k.sys 1d9 0xA008B00E \??\C:\WINNT\system32\win32k.sys 1da 0xA007A5F8 \??\C:\WINNT\system32\win32k.sys 1db 0xA005D986 \??\C:\WINNT\system32\win32k.sys 1dc 0xA00B6495 \??\C:\WINNT\system32\win32k.sys 1dd 0xA00A9F51 \??\C:\WINNT\system32\win32k.sys 1de 0xA00167EC \??\C:\WINNT\system32\win32k.sys 1df 0xA0067459 \??\C:\WINNT\system32\win32k.sys 1e0 0xA007658B \??\C:\WINNT\system32\win32k.sys 1e1 0xA006B026 \??\C:\WINNT\system32\win32k.sys 1e2 0xA0091E24 \??\C:\WINNT\system32\win32k.sys 1e3 0xA00781AC \??\C:\WINNT\system32\win32k.sys 1e4 0xA001B8F0 \??\C:\WINNT\system32\win32k.sys 1e5 0xA00E3610 \??\C:\WINNT\system32\win32k.sys 1e6 0xA007875B \??\C:\WINNT\system32\win32k.sys 1e7 0xA0070CBD \??\C:\WINNT\system32\win32k.sys 1e8 0xA00E0B8F \??\C:\WINNT\system32\win32k.sys 1e9 0xA0069092 \??\C:\WINNT\system32\win32k.sys 1ea 0xA005487C \??\C:\WINNT\system32\win32k.sys 1eb 0xA005CFCF \??\C:\WINNT\system32\win32k.sys 1ec 0xA0028AAB \??\C:\WINNT\system32\win32k.sys 1ed 0xA00E115D \??\C:\WINNT\system32\win32k.sys 1ee 0xA0092078 \??\C:\WINNT\system32\win32k.sys 1ef 0xA00E079A \??\C:\WINNT\system32\win32k.sys 1f0 0xA00796A1 \??\C:\WINNT\system32\win32k.sys 1f1 0xA00B93A5 \??\C:\WINNT\system32\win32k.sys 1f2 0xA00E3482 \??\C:\WINNT\system32\win32k.sys 1f3 0xA00E36F6 \??\C:\WINNT\system32\win32k.sys 1f4 0xA005B621 \??\C:\WINNT\system32\win32k.sys 1f5 0xA005CF92 \??\C:\WINNT\system32\win32k.sys 1f6 0xA00E048C \??\C:\WINNT\system32\win32k.sys 1f7 0xA006CEC0 \??\C:\WINNT\system32\win32k.sys 1f8 0xA0006E5F \??\C:\WINNT\system32\win32k.sys 1f9 0xA00695B7 \??\C:\WINNT\system32\win32k.sys 1fa 0xA00AA0CC \??\C:\WINNT\system32\win32k.sys 1fb 0xA00AFD5C \??\C:\WINNT\system32\win32k.sys 1fc 0xA00E080E \??\C:\WINNT\system32\win32k.sys 1fd 0xA00DF0A9 \??\C:\WINNT\system32\win32k.sys 1fe 0xA007DE1D \??\C:\WINNT\system32\win32k.sys 1ff 0xA0053CDA \??\C:\WINNT\system32\win32k.sys 200 0xA007A571 \??\C:\WINNT\system32\win32k.sys 201 0xA00E0780 \??\C:\WINNT\system32\win32k.sys 202 0xA0016F12 \??\C:\WINNT\system32\win32k.sys 203 0xA000102F \??\C:\WINNT\system32\win32k.sys 204 0xA00E0BC2 \??\C:\WINNT\system32\win32k.sys 205 0xA00E110D \??\C:\WINNT\system32\win32k.sys 206 0xA006E779 \??\C:\WINNT\system32\win32k.sys 207 0xA00B08AB \??\C:\WINNT\system32\win32k.sys 208 0xA0053C7B \??\C:\WINNT\system32\win32k.sys 209 0xA00E37F1 \??\C:\WINNT\system32\win32k.sys 20a 0xA007EC20 \??\C:\WINNT\system32\win32k.sys 20b 0xA0018C55 \??\C:\WINNT\system32\win32k.sys 20c 0xA0079B77 \??\C:\WINNT\system32\win32k.sys 20d 0xA00382DE \??\C:\WINNT\system32\win32k.sys 20e 0xA004821D \??\C:\WINNT\system32\win32k.sys 20f 0xA002EAB1 \??\C:\WINNT\system32\win32k.sys 210 0xA0094217 \??\C:\WINNT\system32\win32k.sys 211 0xA0000577 \??\C:\WINNT\system32\win32k.sys 212 0xA003B694 \??\C:\WINNT\system32\win32k.sys 213 0xA0004DD8 \??\C:\WINNT\system32\win32k.sys 214 0xA0070C8A \??\C:\WINNT\system32\win32k.sys 215 0xA00DFD4D \??\C:\WINNT\system32\win32k.sys 216 0xA007946B \??\C:\WINNT\system32\win32k.sys 217 0xA006BF1A \??\C:\WINNT\system32\win32k.sys 218 0xA003764A \??\C:\WINNT\system32\win32k.sys 219 0xA005D8E1 \??\C:\WINNT\system32\win32k.sys 21a 0xA00E1420 \??\C:\WINNT\system32\win32k.sys 21b 0xA0000A36 \??\C:\WINNT\system32\win32k.sys 21c 0xA002280F \??\C:\WINNT\system32\win32k.sys 21d 0xA00B6AFA \??\C:\WINNT\system32\win32k.sys 21e 0xA006E7F2 \??\C:\WINNT\system32\win32k.sys 21f 0xA0023155 \??\C:\WINNT\system32\win32k.sys 220 0xA0066D64 \??\C:\WINNT\system32\win32k.sys 221 0xA0061046 \??\C:\WINNT\system32\win32k.sys 222 0xA00E0DF8 \??\C:\WINNT\system32\win32k.sys 223 0xA0080965 \??\C:\WINNT\system32\win32k.sys 224 0xA007B708 \??\C:\WINNT\system32\win32k.sys 225 0xA003B994 \??\C:\WINNT\system32\win32k.sys 226 0xA00DFD9C \??\C:\WINNT\system32\win32k.sys 227 0xA00E17E5 \??\C:\WINNT\system32\win32k.sys 228 0xA000087E \??\C:\WINNT\system32\win32k.sys 229 0xA005E5B8 \??\C:\WINNT\system32\win32k.sys 22a 0xA00E0EFC \??\C:\WINNT\system32\win32k.sys 22b 0xA00E31DE \??\C:\WINNT\system32\win32k.sys 22c 0xA00DFA9D \??\C:\WINNT\system32\win32k.sys 22d 0xA00A45B1 \??\C:\WINNT\system32\win32k.sys 22e 0xA00E3D00 \??\C:\WINNT\system32\win32k.sys 22f 0xA0003609 \??\C:\WINNT\system32\win32k.sys 230 0xA00E1462 \??\C:\WINNT\system32\win32k.sys 231 0xA00E1446 \??\C:\WINNT\system32\win32k.sys 232 0xA0089D91 \??\C:\WINNT\system32\win32k.sys 233 0xA007B9D9 \??\C:\WINNT\system32\win32k.sys 234 0xA0060573 \??\C:\WINNT\system32\win32k.sys 235 0xA00A9747 \??\C:\WINNT\system32\win32k.sys 236 0xA0018B39 \??\C:\WINNT\system32\win32k.sys 237 0xA00DF0A4 \??\C:\WINNT\system32\win32k.sys 238 0xA002CAD8 \??\C:\WINNT\system32\win32k.sys 239 0xA00B6ACA \??\C:\WINNT\system32\win32k.sys 23a 0xA00DEF09 \??\C:\WINNT\system32\win32k.sys 23b 0xA00DEF4F \??\C:\WINNT\system32\win32k.sys 23c 0xA00DEF98 \??\C:\WINNT\system32\win32k.sys 23d 0xA00DEFE8 \??\C:\WINNT\system32\win32k.sys 23e 0xA00DF021 \??\C:\WINNT\system32\win32k.sys 23f 0xA009B9D9 \??\C:\WINNT\system32\win32k.sys 240 0xA00AA3EE \??\C:\WINNT\system32\win32k.sys 241 0xA009B593 \??\C:\WINNT\system32\win32k.sys 242 0xA0135959 \??\C:\WINNT\system32\win32k.sys 243 0xA00436AD \??\C:\WINNT\system32\win32k.sys 244 0xA00457D5 \??\C:\WINNT\system32\win32k.sys 245 0xA013365D \??\C:\WINNT\system32\win32k.sys 246 0xA004100E \??\C:\WINNT\system32\win32k.sys 247 0xA009A713 \??\C:\WINNT\system32\win32k.sys 248 0xA013520E \??\C:\WINNT\system32\win32k.sys 249 0xA00AA49B \??\C:\WINNT\system32\win32k.sys 24a 0xA00AA39B \??\C:\WINNT\system32\win32k.sys 24b 0xA00AB04E \??\C:\WINNT\system32\win32k.sys 24c 0xA00B4691 \??\C:\WINNT\system32\win32k.sys 24d 0xA0133E02 \??\C:\WINNT\system32\win32k.sys 24e 0xA00BE93C \??\C:\WINNT\system32\win32k.sys 24f 0xA00BDF2A \??\C:\WINNT\system32\win32k.sys 250 0xA0134458 \??\C:\WINNT\system32\win32k.sys 251 0xA00BD5E7 \??\C:\WINNT\system32\win32k.sys 252 0xA01346EF \??\C:\WINNT\system32\win32k.sys 253 0xA0134876 \??\C:\WINNT\system32\win32k.sys 254 0xA0134A04 \??\C:\WINNT\system32\win32k.sys 255 0xA0134BFB \??\C:\WINNT\system32\win32k.sys 256 0xA0134E64 \??\C:\WINNT\system32\win32k.sys 257 0xA00AAE3B \??\C:\WINNT\system32\win32k.sys 258 0xA0133A74 \??\C:\WINNT\system32\win32k.sys 259 0xA0135C86 \??\C:\WINNT\system32\win32k.sys 25a 0xA0135D21 \??\C:\WINNT\system32\win32k.sys 25b 0xA0135C4F \??\C:\WINNT\system32\win32k.sys 25c 0xA01353B2 \??\C:\WINNT\system32\win32k.sys 25d 0xA013536E \??\C:\WINNT\system32\win32k.sys 25e 0xA01352EA \??\C:\WINNT\system32\win32k.sys 25f 0xA0135310 \??\C:\WINNT\system32\win32k.sys 260 0xA0135332 \??\C:\WINNT\system32\win32k.sys 261 0xA013534C \??\C:\WINNT\system32\win32k.sys 262 0xA01354C7 \??\C:\WINNT\system32\win32k.sys 263 0xA0135442 \??\C:\WINNT\system32\win32k.sys 264 0xA0135486 \??\C:\WINNT\system32\win32k.sys 265 0xA004C56A \??\C:\WINNT\system32\win32k.sys 266 0xA009AD10 \??\C:\WINNT\system32\win32k.sys 267 0xA009A930 \??\C:\WINNT\system32\win32k.sys 268 0xA00AA83C \??\C:\WINNT\system32\win32k.sys 269 0xA009A9E2 \??\C:\WINNT\system32\win32k.sys 26a 0xA00AA8A7 \??\C:\WINNT\system32\win32k.sys 26b 0xA009A627 \??\C:\WINNT\system32\win32k.sys 26c 0xA0135682 \??\C:\WINNT\system32\win32k.sys 26d 0xA013577D \??\C:\WINNT\system32\win32k.sys 26e 0xA0135B73 \??\C:\WINNT\system32\win32k.sys 26f 0xA01355D6 \??\C:\WINNT\system32\win32k.sys 270 0xA01358C5 \??\C:\WINNT\system32\win32k.sys 271 0xA009A774 \??\C:\WINNT\system32\win32k.sys 272 0xA00AA534 \??\C:\WINNT\system32\win32k.sys 273 0xA009A78A \??\C:\WINNT\system32\win32k.sys 274 0xA01358FE \??\C:\WINNT\system32\win32k.sys 275 0xA004F92E \??\C:\WINNT\system32\win32k.sys 276 0xA004F9DB \??\C:\WINNT\system32\win32k.sys 277 0xA004F9AF \??\C:\WINNT\system32\win32k.sys 278 0xA01359E0 \??\C:\WINNT\system32\win32k.sys 279 0xA0135A87 \??\C:\WINNT\system32\win32k.sys 27a 0xA0135935 \??\C:\WINNT\system32\win32k.sys 27b 0xA0135D60 \??\C:\WINNT\system32\win32k.sys 27c 0xA0135DC3 \??\C:\WINNT\system32\win32k.sys 27d 0xA0135E52 \??\C:\WINNT\system32\win32k.sys 27e 0xA01155D8 \??\C:\WINNT\system32\win32k.sys PspCidTable: 0x8046B360(46b360) 1. TABLE: 0xFCE250A8(14420a8): Table: 0xE1004000 QuotaProcess: ProcessId: 0 HandleCount: 278 CapturedHandleCount: 279 TableLevel: 2 StrictFIFO: No OBJECT: 0xFCE009E0(141d9e0) Type: 6 Thread Object Header: 0xFCE009C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000004 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCE00C60(141dc60) Type: 5 Process Object Header: 0xFCE00C48 GrantedAccess: 0 PointerCount: 44 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: System OBJECT: 0xFCE00280(141d280) Type: 6 Thread Object Header: 0xFCE00268 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000000C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF020(141c020) Type: 6 Thread Object Header: 0xFCDFF008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000010 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFFDA0(141cda0) Type: 6 Thread Object Header: 0xFCDFFD88 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000014 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFFB20(141cb20) Type: 6 Thread Object Header: 0xFCDFFB08 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000018 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF8A0(141c8a0) Type: 6 Thread Object Header: 0xFCDFF888 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000001C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF620(141c620) Type: 6 Thread Object Header: 0xFCDFF608 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000020 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFF3A0(141c3a0) Type: 6 Thread Object Header: 0xFCDFF388 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000024 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFE020(141b020) Type: 6 Thread Object Header: 0xFCDFE008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000028 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFEDA0(141bda0) Type: 6 Thread Object Header: 0xFCDFED88 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000002C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFEB20(141bb20) Type: 6 Thread Object Header: 0xFCDFEB08 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000030 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFD1E0(141a1e0) Type: 6 Thread Object Header: 0xFCDFD1C8 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000034 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFC020(1419020) Type: 6 Thread Object Header: 0xFCDFC008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000038 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFCDA0(1419da0) Type: 6 Thread Object Header: 0xFCDFCD88 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000003C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFCB20(1419b20) Type: 6 Thread Object Header: 0xFCDFCB08 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000040 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDFC2E0(14192e0) Type: 6 Thread Object Header: 0xFCDFC2C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000044 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDF8020(1415020) Type: 6 Thread Object Header: 0xFCDF8008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000048 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDF3DA0(1410da0) Type: 6 Thread Object Header: 0xFCDF3D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000004C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD30BC0(134dbc0) Type: 6 Thread Object Header: 0xFCD30BA8 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000050 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD2D560(134a560) Type: 6 Thread Object Header: 0xFCD2D548 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000054 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDA5020(13c2020) Type: 6 Thread Object Header: 0xFCDA5008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000058 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDB1020(13ce020) Type: 6 Thread Object Header: 0xFCDB1008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000005C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCCC4980(12e1980) Type: 6 Thread Object Header: 0xFCCC4968 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000060 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCCC4700(12e1700) Type: 6 Thread Object Header: 0xFCCC46E8 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000064 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD995A0(13b65a0) Type: 6 Thread Object Header: 0xFCD99588 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000068 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD99320(13b6320) Type: 6 Thread Object Header: 0xFCD99308 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000006C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD98C40(13b5c40) Type: 6 Thread Object Header: 0xFCD98C28 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000070 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD8D020(13aa020) Type: 6 Thread Object Header: 0xFCD8D008 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000074 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD8D420(13aa420) Type: 6 Thread Object Header: 0xFCD8D408 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000078 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD67B20(1384b20) Type: 6 Thread Object Header: 0xFCD67B08 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000007C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD67DA0(1384da0) Type: 6 Thread Object Header: 0xFCD67D88 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000080 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC84020(12a1020) Type: 6 Thread Object Header: 0xFCC84008 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000084 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC84DA0(12a1da0) Type: 6 Thread Object Header: 0xFCC84D88 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000088 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCA363A0(10533a0) Type: 6 Thread Object Header: 0xFCA36388 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.0000008C ThreadsProcess: 0xFCA36620 OBJECT: 0xFCD64020(1381020) Type: 6 Thread Object Header: 0xFCD64008 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000090 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD64AE0(1381ae0) Type: 6 Thread Object Header: 0xFCD64AC8 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.00000094 ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCD64D60(1381d60) Type: 5 Process Object Header: 0xFCD64D48 GrantedAccess: 0 PointerCount: 12 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: smss.exe OBJECT: 0xFCD64800(1381800) Type: 6 Thread Object Header: 0xFCD647E8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.0000009C ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCD64560(1381560) Type: 6 Thread Object Header: 0xFCD64548 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000A0 ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCD5C380(1379380) Type: 6 Thread Object Header: 0xFCD5C368 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000A4 ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCD5C020(1379020) Type: 6 Thread Object Header: 0xFCD5C008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000A8 ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCC62020(127f020) Type: 6 Thread Object Header: 0xFCC62008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000AC ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCA36620(1053620) Type: 5 Process Object Header: 0xFCA36608 GrantedAccess: 0 PointerCount: 217 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: winlogon.exe OBJECT: 0xFCC62B00(127fb00) Type: 5 Process Object Header: 0xFCC62AE8 GrantedAccess: 0 PointerCount: 141 HandleCount: 3 SecurityDescriptor: 0xE1D39478(689e478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x20c79;;;SY) ImageFileName: csrss.exe OBJECT: 0xFCC5A500(1277500) Type: 6 Thread Object Header: 0xFCC5A4E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000B8 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA371A0(10541a0) Type: 6 Thread Object Header: 0xFCA37188 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000BC ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA36CA0(1053ca0) Type: 6 Thread Object Header: 0xFCA36C88 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C0 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA36960(1053960) Type: 6 Thread Object Header: 0xFCA36948 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C4 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA33D60(1050d60) Type: 6 Thread Object Header: 0xFCA33D48 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C8 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA2E620(104b620) Type: 6 Thread Object Header: 0xFCA2E608 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000CC ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA2D020(104a020) Type: 6 Thread Object Header: 0xFCA2D008 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000D0 ThreadsProcess: 0xFCC62B00 OBJECT: 0x82000000 OBJECT: 0xFCA2C620(1049620) Type: 6 Thread Object Header: 0xFCA2C608 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000D8 ThreadsProcess: 0xFCA36620 OBJECT: 0xFCA2B020(1048020) Type: 6 Thread Object Header: 0xFCA2B008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000DC ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1D9020(1ee9020) Type: 6 Thread Object Header: 0xFF1D9008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000E0 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFCA2BBC0(1048bc0) Type: 5 Process Object Header: 0xFCA2BBA8 GrantedAccess: 0 PointerCount: 261 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xFCA2B560(1048560) Type: 6 Thread Object Header: 0xFCA2B548 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000E8 ThreadsProcess: 0xFCA36620 OBJECT: 0x82000000 OBJECT: 0xFCA2A500(1047500) Type: 5 Process Object Header: 0xFCA2A4E8 GrantedAccess: 0 PointerCount: 126 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xFCA27480(1044480) Type: 6 Thread Object Header: 0xFCA27468 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000F4 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA25B80(1042b80) Type: 6 Thread Object Header: 0xFCA25B68 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000F8 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFCA25500(1042500) Type: 6 Thread Object Header: 0xFCA254E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000000FC ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF28F020(79f0020) Type: 6 Thread Object Header: 0xFF28F008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000100 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF28F620(79f0620) Type: 6 Thread Object Header: 0xFF28F608 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000104 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF28E020(7b2d020) Type: 6 Thread Object Header: 0xFF28E008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000108 ThreadsProcess: 0xFCA36620 OBJECT: 0x82000000 OBJECT: 0xFF28D020(ff6020) Type: 6 Thread Object Header: 0xFF28D008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000110 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF28DBA0(ff6ba0) Type: 6 Thread Object Header: 0xFF28DB88 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000114 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF28A1E0(fc41e0) Type: 6 Thread Object Header: 0xFF28A1C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000118 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF143C00(3dc8c00) Type: 6 Thread Object Header: 0xFF143BE8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.0000011C ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF288020(8ad020) Type: 6 Thread Object Header: 0xFF288008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000120 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF1DB4A0(1dae4a0) Type: 6 Thread Object Header: 0xFF1DB488 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000124 ThreadsProcess: 0xFF277520 OBJECT: 0xFF288600(8ad600) Type: 6 Thread Object Header: 0xFF2885E8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.0000012C ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF1CB020(2d34020) Type: 5 Process Object Header: 0xFF1CB008 GrantedAccess: 0 PointerCount: 89 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: helix.exe OBJECT: 0xFF287AC0(945ac0) Type: 6 Thread Object Header: 0xFF287AA8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000134 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF286980(8aa980) Type: 6 Thread Object Header: 0xFF286968 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000138 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF285DA0(92eda0) Type: 6 Thread Object Header: 0xFF285D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000013C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF284DA0(a93da0) Type: 6 Thread Object Header: 0xFF284D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000140 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF12E3A0(6643a0) Type: 6 Thread Object Header: 0xFF12E388 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000144 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF148900(26c9900) Type: 6 Thread Object Header: 0xFF1488E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000148 ThreadsProcess: 0xFF277520 OBJECT: 0xFF284520(a93520) Type: 6 Thread Object Header: 0xFF284508 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000014C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF284260(a93260) Type: 6 Thread Object Header: 0xFF284248 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000150 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF18C4A0(3a594a0) Type: 6 Thread Object Header: 0xFF18C488 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002D0.00000154 ThreadsProcess: 0xFF1FD720 OBJECT: 0xFF282940(9de940) Type: 6 Thread Object Header: 0xFF282928 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000158 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27FDA0(a06da0) Type: 6 Thread Object Header: 0xFF27FD88 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000015C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0x82000000 OBJECT: 0xFF1DB860(1dae860) Type: 6 Thread Object Header: 0xFF1DB848 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000164 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF280D20(ae5d20) Type: 6 Thread Object Header: 0xFF280D08 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000168 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27F020(a06020) Type: 6 Thread Object Header: 0xFF27F008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000016C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27E020(aef020) Type: 6 Thread Object Header: 0xFF27E008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000170 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27EDA0(aefda0) Type: 6 Thread Object Header: 0xFF27ED88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000174 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27B660(eb3660) Type: 6 Thread Object Header: 0xFF27B648 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000178 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27A460(cd9460) Type: 6 Thread Object Header: 0xFF27A448 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000017C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF278DA0(dfada0) Type: 6 Thread Object Header: 0xFF278D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000180 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2782E0(dfa2e0) Type: 6 Thread Object Header: 0xFF2782C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000184 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF278760(dfa760) Type: 6 Thread Object Header: 0xFF278748 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000188 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF12A8A0(49328a0) Type: 6 Thread Object Header: 0xFF12A888 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.0000018C ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF276020(dcd020) Type: 6 Thread Object Header: 0xFF276008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000190 ThreadsProcess: 0xFF277520 OBJECT: 0xFF277520(dd0520) Type: 5 Process Object Header: 0xFF277508 GrantedAccess: 0 PointerCount: 120 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF276A60(dcda60) Type: 6 Thread Object Header: 0xFF276A48 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000198 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2767A0(dcd7a0) Type: 6 Thread Object Header: 0xFF276788 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000019C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2757C0(dbd7c0) Type: 6 Thread Object Header: 0xFF2757A8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000001A0 ThreadsProcess: 0xFF277520 OBJECT: 0xFF273180(ec5180) Type: 6 Thread Object Header: 0xFF273168 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000001A4 ThreadsProcess: 0xFF277520 OBJECT: 0xFF26F020(f74020) Type: 6 Thread Object Header: 0xFF26F008 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000001A8 ThreadsProcess: 0xFF277520 OBJECT: 0xFF26ED80(f7ed80) Type: 6 Thread Object Header: 0xFF26ED68 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001AC ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF2748A0(e3e8a0) Type: 5 Process Object Header: 0xFF274888 GrantedAccess: 0 PointerCount: 48 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: spoolsv.exe OBJECT: 0xFF26DC40(f2cc40) Type: 6 Thread Object Header: 0xFF26DC28 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001B4 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF26D4A0(f2c4a0) Type: 6 Thread Object Header: 0xFF26D488 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001B8 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF26CDA0(fadda0) Type: 6 Thread Object Header: 0xFF26CD88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001BC ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF26C460(fad460) Type: 6 Thread Object Header: 0xFF26C448 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001C4 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF269860(2e5860) Type: 6 Thread Object Header: 0xFF269848 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.000001C8 ThreadsProcess: 0xFF269BA0 OBJECT: 0xFF269BA0(2e5ba0) Type: 5 Process Object Header: 0xFF269B88 GrantedAccess: 0 PointerCount: 21 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avsynmgr.exe OBJECT: 0xFF267020(f86020) Type: 6 Thread Object Header: 0xFF267008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.000001D0 ThreadsProcess: 0xFF269BA0 OBJECT: 0xFF267600(f86600) Type: 6 Thread Object Header: 0xFF2675E8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D8.000001D4 ThreadsProcess: 0xFF267D60 OBJECT: 0xFF267D60(f86d60) Type: 5 Process Object Header: 0xFF267D48 GrantedAccess: 0 PointerCount: 15 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: dfrws2005.exe OBJECT: 0xFF25F3C0(1b163c0) Type: 6 Thread Object Header: 0xFF25F3A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D8.000001DC ThreadsProcess: 0xFF267D60 OBJECT: 0x82000000 OBJECT: 0xFF25E980(1d8980) Type: 6 Thread Object Header: 0xFF25E968 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001E4 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF25DB80(18ffb80) Type: 6 Thread Object Header: 0xFF25DB68 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000001E8 ThreadsProcess: 0xFF277960 OBJECT: 0xFF277960(dd0960) Type: 5 Process Object Header: 0xFF277948 GrantedAccess: 0 PointerCount: 122 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0x82000000 OBJECT: 0xFF25ADA0(2272da0) Type: 6 Thread Object Header: 0xFF25AD88 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001F8.000001F4 ThreadsProcess: 0xFF25A020 OBJECT: 0xFF25A020(2272020) Type: 5 Process Object Header: 0xFF25A008 GrantedAccess: 0 PointerCount: 68 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: nc.exe OBJECT: 0xFF259C40(26f8c40) Type: 6 Thread Object Header: 0xFF259C28 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000001FC ThreadsProcess: 0xFF277960 OBJECT: 0xFF255020(23a6020) Type: 6 Thread Object Header: 0xFF255008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001F8.00000200 ThreadsProcess: 0xFF25A020 OBJECT: 0x82000000 OBJECT: 0xFF2480C0(4b880c0) Type: 6 Thread Object Header: 0xFF2480A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000208 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF24F020(7ac020) Type: 6 Thread Object Header: 0xFF24F008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.0000020C ThreadsProcess: 0xFCC62B00 OBJECT: 0xFF217580(53ca580) Type: 6 Thread Object Header: 0xFF217568 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000210 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF250020(7c7020) Type: 6 Thread Object Header: 0xFF250008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000214 ThreadsProcess: 0xFF277960 OBJECT: 0xFF247760(4bc8760) Type: 6 Thread Object Header: 0xFF247748 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000218 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF228560(4f13560) Type: 6 Thread Object Header: 0xFF228548 GrantedAccess: 0 PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000021C ThreadsProcess: 0xFF277960 OBJECT: 0xFF245020(4c75020) Type: 6 Thread Object Header: 0xFF245008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000224.00000220 ThreadsProcess: 0xFF2461E0 OBJECT: 0xFF2461E0(4be51e0) Type: 5 Process Object Header: 0xFF2461C8 GrantedAccess: 0 PointerCount: 82 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: UMGR32.EXE OBJECT: 0xFF2433E0(55b33e0) Type: 6 Thread Object Header: 0xFF2433C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000224.00000228 ThreadsProcess: 0xFF2461E0 OBJECT: 0xFF241DA0(54c1da0) Type: 6 Thread Object Header: 0xFF241D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000230.0000022C ThreadsProcess: 0xFF241020 OBJECT: 0xFF241020(54c1020) Type: 5 Process Object Header: 0xFF241008 GrantedAccess: 0 PointerCount: 12 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: regsvc.exe OBJECT: 0xFF23D020(56b1020) Type: 6 Thread Object Header: 0xFF23D008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000234 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF237C20(646cc20) Type: 6 Thread Object Header: 0xFF237C08 GrantedAccess: 0 PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000238 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF247020(4bc8020) Type: 6 Thread Object Header: 0xFF247008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000230.0000023C ThreadsProcess: 0xFF241020 OBJECT: 0xFF23ED60(560ad60) Type: 5 Process Object Header: 0xFF23ED48 GrantedAccess: 0 PointerCount: 98 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: MSTask.exe OBJECT: 0xFF12E8A0(6648a0) Type: 6 Thread Object Header: 0xFF12E888 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000244 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF2398C0(65e28c0) Type: 6 Thread Object Header: 0xFF2398A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.00000248 ThreadsProcess: 0xFF269BA0 OBJECT: 0xFF238AC0(64a8ac0) Type: 6 Thread Object Header: 0xFF238AA8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.0000024C ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF2375E0(646c5e0) Type: 6 Thread Object Header: 0xFF2375C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000250 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF23E640(560a640) Type: 6 Thread Object Header: 0xFF23E628 GrantedAccess: 0 PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000254 ThreadsProcess: 0xFF277960 OBJECT: 0xFF234C40(28a2c40) Type: 6 Thread Object Header: 0xFF234C28 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000258 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF232540(6c11540) Type: 6 Thread Object Header: 0xFF232528 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000025C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF232A60(6c11a60) Type: 6 Thread Object Header: 0xFF232A48 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000260 ThreadsProcess: 0xFF277960 OBJECT: 0xFF232200(6c11200) Type: 6 Thread Object Header: 0xFF2321E8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000224.00000264 ThreadsProcess: 0xFF2461E0 OBJECT: 0xFF2307C0(7da7c0) Type: 6 Thread Object Header: 0xFF2307A8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000268 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF22CCA0(b6eca0) Type: 6 Thread Object Header: 0xFF22CC88 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.0000026C ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF22C220(b6e220) Type: 6 Thread Object Header: 0xFF22C208 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000270 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF22ADA0(4f61da0) Type: 6 Thread Object Header: 0xFF22AD88 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000274 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF192DA0(3992da0) Type: 6 Thread Object Header: 0xFF192D88 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000278 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF12E620(664620) Type: 6 Thread Object Header: 0xFF12E608 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.0000027C ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF161BC0(57f2bc0) Type: 6 Thread Object Header: 0xFF161BA8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000280 ThreadsProcess: 0xFF277520 OBJECT: 0xFF2271C0(4ff51c0) Type: 6 Thread Object Header: 0xFF2271A8 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000284 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF2269C0(7789c0) Type: 6 Thread Object Header: 0xFF2269A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000028C.00000288 ThreadsProcess: 0xFF226C80 OBJECT: 0xFF226C80(778c80) Type: 5 Process Object Header: 0xFF226C68 GrantedAccess: 0 PointerCount: 22 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: VsStat.exe OBJECT: 0xFF24D420(766420) Type: 6 Thread Object Header: 0xFF24D408 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000290 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF221260(47bc260) Type: 6 Thread Object Header: 0xFF221248 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000294 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF233D60(6b8ad60) Type: 6 Thread Object Header: 0xFF233D48 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000298 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF21DB80(6623b80) Type: 6 Thread Object Header: 0xFF21DB68 GrantedAccess: 0 PointerCount: 2 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000029C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF21D900(6623900) Type: 6 Thread Object Header: 0xFF21D8E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000002A0 ThreadsProcess: 0xFCA2A500 OBJECT: 0x82000000 OBJECT: 0xFF21B020(4ec9020) Type: 6 Thread Object Header: 0xFF21B008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002A8 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF228020(4f13020) Type: 6 Thread Object Header: 0xFF228008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002AC ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF219800(4571800) Type: 6 Thread Object Header: 0xFF2197E8 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002B0 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1ED6E0(48ca6e0) Type: 6 Thread Object Header: 0xFF1ED6C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002B4 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2194E0(45714e0) Type: 6 Thread Object Header: 0xFF2194C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000028C.000002B8 ThreadsProcess: 0xFF226C80 OBJECT: 0xFF1AC4E0(33384e0) Type: 6 Thread Object Header: 0xFF1AC4C8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.000002BC ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF20C020(4ece020) Type: 6 Thread Object Header: 0xFF20C008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002C4.000002C0 ThreadsProcess: 0xFF20D520 OBJECT: 0xFF20D520(477e520) Type: 5 Process Object Header: 0xFF20D508 GrantedAccess: 0 PointerCount: 18 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avconsol.exe OBJECT: 0xFF134020(58c7020) Type: 6 Thread Object Header: 0xFF134008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.000002C8 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF1FC020(198a020) Type: 6 Thread Object Header: 0xFF1FC008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002D0.000002CC ThreadsProcess: 0xFF1FD720 OBJECT: 0xFF1FD720(4859720) Type: 5 Process Object Header: 0xFF1FD708 GrantedAccess: 0 PointerCount: 54 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: WinMgmt.exe OBJECT: 0xFF1906A0(3a076a0) Type: 5 Process Object Header: 0xFF190688 GrantedAccess: 0 PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd2k.exe OBJECT: 0xFF1EC8A0(4eb98a0) Type: 6 Thread Object Header: 0xFF1EC888 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002D0.000002E8 ThreadsProcess: 0xFF1FD720 OBJECT: 0xFF1FD020(4859020) Type: 6 Thread Object Header: 0xFF1FD008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002EC ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1E8560(1c6e560) Type: 6 Thread Object Header: 0xFF1E8548 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002F4 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1E33E0(4a4a3e0) Type: 6 Thread Object Header: 0xFF1E33C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002F8 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1DC980(1da7980) Type: 6 Thread Object Header: 0xFF1DC968 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002FC ThreadsProcess: 0xFCA36620 OBJECT: 0xFF111DA0(35d6da0) Type: 6 Thread Object Header: 0xFF111D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000300 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF1AF180(30bd180) Type: 6 Thread Object Header: 0xFF1AF168 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000304 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF211020(4c85020) Type: 6 Thread Object Header: 0xFF211008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.00000308 ThreadsProcess: 0xFF269BA0 OBJECT: 0xFF1D5660(2220660) Type: 6 Thread Object Header: 0xFF1D5648 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002C4.0000030C ThreadsProcess: 0xFF20D520 OBJECT: 0xFF1D52C0(22202c0) Type: 6 Thread Object Header: 0xFF1D52A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000310 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1EF360(4c48360) Type: 6 Thread Object Header: 0xFF1EF348 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000314 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1D3740(2317740) Type: 6 Thread Object Header: 0xFF1D3728 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000318 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1D08A0(22ff8a0) Type: 6 Thread Object Header: 0xFF1D0888 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.0000031C ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1D0620(22ff620) Type: 6 Thread Object Header: 0xFF1D0608 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000000B0.00000320 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1CF020(22fe020) Type: 6 Thread Object Header: 0xFF1CF008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000324 ThreadsProcess: 0xFF277960 OBJECT: 0xFF1CE3C0(27043c0) Type: 6 Thread Object Header: 0xFF1CE3A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.0000032C ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1CE840(2704840) Type: 6 Thread Object Header: 0xFF1CE828 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000338 ThreadsProcess: 0xFF277960 OBJECT: 0xFF1CD020(4703020) Type: 6 Thread Object Header: 0xFF1CD008 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000033C ThreadsProcess: 0xFF277960 OBJECT: 0xFF1CD780(4703780) Type: 6 Thread Object Header: 0xFF1CD768 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000344 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1CDA00(4703a00) Type: 5 Process Object Header: 0xFF1CD9E8 GrantedAccess: 0 PointerCount: 152 HandleCount: 5 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Explorer.Exe OBJECT: 0xFF1392E0(1bc62e0) Type: 6 Thread Object Header: 0xFF1392C8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000034C ThreadsProcess: 0xFF277960 OBJECT: 0xFF1898A0(3a7d8a0) Type: 6 Thread Object Header: 0xFF189888 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000398.00000350 ThreadsProcess: 0xFF1A12E0 OBJECT: 0xFF18ADA0(3a7eda0) Type: 6 Thread Object Header: 0xFF18AD88 GrantedAccess: 0 PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000354 ThreadsProcess: 0xFF277520 OBJECT: 0xFF1B2160(2d3d160) Type: 6 Thread Object Header: 0xFF1B2148 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000358 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1B16A0(2ff56a0) Type: 6 Thread Object Header: 0xFF1B1688 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.0000035C ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1AB660(3354660) Type: 6 Thread Object Header: 0xFF1AB648 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000360 ThreadsProcess: 0xFF277960 OBJECT: 0xFF174800(5a45800) Object Header: 0xFF1747E8 GrantedAccess: 0 PointerCount: 0 HandleCount: 0 OBJECT: 0xFF1A8020(3492020) Type: 6 Thread Object Header: 0xFF1A8008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000368 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF131640(917640) Type: 6 Thread Object Header: 0xFF131628 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.0000036C ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF13E2E0(21602e0) Type: 6 Thread Object Header: 0xFF13E2C8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000370 ThreadsProcess: 0xFF1CDA00 OBJECT: 0x82000000 OBJECT: 0xFF19CD60(381cd60) Type: 5 Process Object Header: 0xFF19CD48 GrantedAccess: 0 PointerCount: 17 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: DragDrop.exe OBJECT: 0xFF1A4860(3588860) Type: 6 Thread Object Header: 0xFF1A4848 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000037C.00000380 ThreadsProcess: 0xFF19CD60 OBJECT: 0xFF1A2900(364e900) Type: 6 Thread Object Header: 0xFF1A28E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000384 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1A2140(364e140) Type: 6 Thread Object Header: 0xFF1A2128 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000388 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1A0740(37c0740) Type: 6 Thread Object Header: 0xFF1A0728 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.0000038C ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1A04C0(37c04c0) Type: 6 Thread Object Header: 0xFF1A04A8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000390 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF19F020(37d0020) Type: 6 Thread Object Header: 0xFF19F008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000398.00000394 ThreadsProcess: 0xFF1A12E0 OBJECT: 0xFF1A12E0(36ee2e0) Type: 5 Process Object Header: 0xFF1A12C8 GrantedAccess: 0 PointerCount: 38 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Apoint.exe OBJECT: 0xFF19F3E0(37d03e0) Type: 6 Thread Object Header: 0xFF19F3C8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000039C ThreadsProcess: 0xFF277960 OBJECT: 0xFF19B4C0(384a4c0) Type: 6 Thread Object Header: 0xFF19B4A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000003A0 ThreadsProcess: 0xFF277960 OBJECT: 0xFF1ED9E0(48ca9e0) Type: 6 Thread Object Header: 0xFF1ED9C8 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000041C.000003A4 ThreadsProcess: 0xFF19C020 OBJECT: 0xFF175520(37ef520) Type: 6 Thread Object Header: 0xFF175508 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000003A8 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF22A020(4f61020) Type: 6 Thread Object Header: 0xFF22A008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000004A4.000003AC ThreadsProcess: 0xFF151B40 OBJECT: 0xFF189C60(3a7dc60) Type: 6 Thread Object Header: 0xFF189C48 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.000003B4 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF194020(38cf020) Type: 6 Thread Object Header: 0xFF194008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003BC.000003B8 ThreadsProcess: 0xFF1952C0 OBJECT: 0xFF1952C0(38eb2c0) Type: 5 Process Object Header: 0xFF1952A8 GrantedAccess: 0 PointerCount: 13 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: HKserv.exe OBJECT: 0xFF194840(38cf840) Type: 6 Thread Object Header: 0xFF194828 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000003C0 ThreadsProcess: 0xFF277960 OBJECT: 0xFF18D880(3a3f880) Type: 6 Thread Object Header: 0xFF18D868 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C8.000003C4 ThreadsProcess: 0xFF192780 OBJECT: 0xFF192780(3992780) Type: 5 Process Object Header: 0xFF192768 GrantedAccess: 0 PointerCount: 58 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: JogServ2.exe OBJECT: 0xFF1DA020(1f40020) Type: 6 Thread Object Header: 0xFF1DA008 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000002D8.000003CC ThreadsProcess: 0xFF1906A0 OBJECT: 0xFF1A5960(3524960) Type: 6 Thread Object Header: 0xFF1A5948 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.000003D0 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF147320(2ce4320) Type: 6 Thread Object Header: 0xFF147308 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000003D8 ThreadsProcess: 0xFF277520 OBJECT: 0xFF188DA0(3c42da0) Type: 6 Thread Object Header: 0xFF188D88 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003E0.000003DC ThreadsProcess: 0xFF188020 OBJECT: 0xFF188020(3c42020) Type: 5 Process Object Header: 0xFF188008 GrantedAccess: 0 PointerCount: 10 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: alogserv.exe OBJECT: 0xFF15FC60(54efc60) Type: 6 Thread Object Header: 0xFF15FC48 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.000003E4 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF185020(3e21020) Type: 6 Thread Object Header: 0xFF185008 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003FC.000003E8 ThreadsProcess: 0xFF1827E0 OBJECT: 0xFF183020(3ec4020) Type: 6 Thread Object Header: 0xFF183008 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.000003F0 ThreadsProcess: 0xFF184100 OBJECT: 0xFF184100(3e2f100) Type: 5 Process Object Header: 0xFF1840E8 GrantedAccess: 0 PointerCount: 100 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: tgcmd.exe OBJECT: 0xFF1824E0(3f5b4e0) Type: 6 Thread Object Header: 0xFF1824C8 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003FC.000003F8 ThreadsProcess: 0xFF1827E0 OBJECT: 0xFF1827E0(3f5b7e0) Type: 5 Process Object Header: 0xFF1827C8 GrantedAccess: 0 PointerCount: 12 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Apntex.exe OBJECT: 0xFF159520(4882520) Type: 6 Thread Object Header: 0xFF159508 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C8.00000400 ThreadsProcess: 0xFF192780 OBJECT: 0xFF1817C0(40607c0) Type: 6 Thread Object Header: 0xFF1817A8 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.00000404 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFF180BE0(98dbe0) Type: 6 Thread Object Header: 0xFF180BC8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003E0.00000408 ThreadsProcess: 0xFF188020 OBJECT: 0xFF138020(1de6020) Type: 6 Thread Object Header: 0xFF138008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000040C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF17AA40(43d4a40) Type: 6 Thread Object Header: 0xFF17AA28 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003BC.00000410 ThreadsProcess: 0xFF1952C0 OBJECT: 0x82000000 OBJECT: 0xFF13E020(2160020) Type: 6 Thread Object Header: 0xFF13E008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000418 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF19C020(381c020) Type: 5 Process Object Header: 0xFF19C008 GrantedAccess: 0 PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd2k.exe OBJECT: 0xFF1738A0(25c58a0) Type: 6 Thread Object Header: 0xFF173888 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000420 ThreadsProcess: 0xFF184100 OBJECT: 0xFF177740(5901740) Type: 6 Thread Object Header: 0xFF177728 GrantedAccess: 0 PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000424 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF177AC0(5901ac0) Type: 5 Process Object Header: 0xFF177AA8 GrantedAccess: 0 PointerCount: 61 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: PcfMgr.exe OBJECT: 0xFF16FC20(4591c20) Type: 6 Thread Object Header: 0xFF16FC08 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000042C ThreadsProcess: 0xFF184100 OBJECT: 0xFF16F960(4591960) Type: 6 Thread Object Header: 0xFF16F948 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000430 ThreadsProcess: 0xFF184100 OBJECT: 0xFF16F6A0(45916a0) Type: 6 Thread Object Header: 0xFF16F688 GrantedAccess: 0 PointerCount: 7 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000434 ThreadsProcess: 0xFF184100 OBJECT: 0xFF16F320(4591320) Type: 6 Thread Object Header: 0xFF16F308 GrantedAccess: 0 PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000438 ThreadsProcess: 0xFF184100 OBJECT: 0xFF151620(1e44620) Type: 6 Thread Object Header: 0xFF151608 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.0000043C ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF16A160(51c8160) Type: 6 Thread Object Header: 0xFF16A148 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000444 ThreadsProcess: 0xFF184100 OBJECT: 0xFF148020(26c9020) Type: 6 Thread Object Header: 0xFF148008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.0000044C ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF14D020(1fdf020) Type: 6 Thread Object Header: 0xFF14D008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000454 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF145560(27a2560) Type: 6 Thread Object Header: 0xFF145548 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.0000045C ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1518A0(1e448a0) Type: 6 Thread Object Header: 0xFF151888 GrantedAccess: 0 PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.00000460 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF13A800(38ad800) Type: 6 Thread Object Header: 0xFF13A7E8 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000464 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF149BA0(54caba0) Type: 6 Thread Object Header: 0xFF149B88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003BC.00000478 ThreadsProcess: 0xFF1952C0 OBJECT: 0xFF148DA0(26c9da0) Type: 6 Thread Object Header: 0xFF148D88 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.0000047C ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF147B40(2ce4b40) Type: 6 Thread Object Header: 0xFF147B28 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.00000488 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF12ADA0(4932da0) Type: 6 Thread Object Header: 0xFF12AD88 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000048C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF13F020(2061020) Type: 6 Thread Object Header: 0xFF13F008 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000490 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF12AB20(4932b20) Type: 6 Thread Object Header: 0xFF12AB08 GrantedAccess: 0 PointerCount: 3 HandleCount: 0 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000498 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFF140AA0(3442aa0) Type: 6 Thread Object Header: 0xFF140A88 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000049C ThreadsProcess: 0xFF277960 OBJECT: 0x82000000 OBJECT: 0xFF151B40(1e44b40) Type: 5 Process Object Header: 0xFF151B28 GrantedAccess: 0 PointerCount: 10 HandleCount: 3 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: dd.exe OBJECT: 0xFF139B20(1bc6b20) Type: 6 Thread Object Header: 0xFF139B08 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000004A8 ThreadsProcess: 0xFF277960 OBJECT: 0x82000000 OBJECT: 0xFF139020(1bc6020) Type: 6 Thread Object Header: 0xFF139008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C8.000004CC ThreadsProcess: 0xFF192780 OBJECT: 0x82000000 OBJECT: 0xFF2087A0(6b927a0) Type: 6 Thread Object Header: 0xFF208788 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000004D4 ThreadsProcess: 0xFF277960 OBJECT: 0xFF131380(917380) Type: 6 Thread Object Header: 0xFF131368 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000004E4 ThreadsProcess: 0xFF277960 OBJECT: 0xFF111020(35d6020) Type: 6 Thread Object Header: 0xFF111008 GrantedAccess: 0 PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.000004EC ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF111B20(35d6b20) Type: 6 Thread Object Header: 0xFF111B08 GrantedAccess: 0 PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.000004F0 ThreadsProcess: 0xFF1CB020 Processes and threads: 279 HandleTableListHead: 0x8046BC20(46bc20) 1. TABLE: 0xFCE256E8(14426e8): Table: 0xE1002000 QuotaProcess: ProcessId: 8 HandleCount: 143 CapturedHandleCount: 143 TableLevel: 2 StrictFIFO: No OBJECT: 0xFCE00C60(141dc60) Type: 5 Process Object Header: 0xFCE00C48 GrantedAccess: 1f0fff PointerCount: 44 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: System OBJECT: 0xFCDFC2E0(14192e0) Type: 6 Thread Object Header: 0xFCDFC2C8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000044 ThreadsProcess: 0xFCE00C60 OBJECT: 0xE10087F0(15d97f0) Type: 18 Key Object Header: 0xE10087D8 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 Directory: 0xFCE00850 Name: REGISTRY SecurityDescriptor: (null) Path: REGISTRY\ OBJECT: 0xE12A1480(18a8480) Type: 18 Key Object Header: 0xE12A1468 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\ OBJECT: 0xE12A55A0(18c85a0) Type: 18 Key Object Header: 0xE12A5588 GrantedAccess: 2001f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\Setup\ OBJECT: 0xE1008180(15d9180) Type: 18 Key Object Header: 0xE1008168 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\CurrentDockInfo\ OBJECT: 0xE1008100(15d9100) Type: 18 Key Object Header: 0xE10080E8 GrantedAccess: 20 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\Current\ OBJECT: 0xE12A53E0(18c83e0) Type: 18 Key Object Header: 0xE12A53C8 GrantedAccess: 2001f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ProductOptions\ OBJECT: 0xFCDF8A10(1415a10) Type: 8 Event Object Header: 0xFCDF89F8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCDFD730 Name: TRKWKS_EVENT SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE12A51C0(18c81c0) Type: 18 Key Object Header: 0xE12A51A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\ OBJECT: 0xE12F5560(1a40560) Type: 18 Key Object Header: 0xE12F5548 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\*PNP0501\1_0_17_0_0_0\LogConf\ OBJECT: 0xFCD2D370(134a370) Type: 2 Directory Object Header: 0xFCD2D358 GrantedAccess: f000f PointerCount: 3 HandleCount: 1 Directory: 0xFCDFD570 Name: Sbp2 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Sbp2 OBJECT: 0xFCDF3DA0(1410da0) Type: 6 Thread Object Header: 0xFCDF3D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000004C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD995A0(13b65a0) Type: 6 Thread Object Header: 0xFCD99588 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000068 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD2D560(134a560) Type: 6 Thread Object Header: 0xFCD2D548 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000054 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCE02410(141f410) Type: 8 Event Object Header: 0xFCE023F8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCD59990 Name: VxKernel2VoldEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFCDA6E50(13c3e50) Type: 2 Directory Object Header: 0xFCDA6E38 GrantedAccess: f000f PointerCount: 8 HandleCount: 1 Directory: 0xFCDFD570 Name: Harddisk0 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Harddisk0 OBJECT: 0xE134F580(1af6580) Type: 18 Key Object Header: 0xE134F568 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\HARDWARE\DEVICEMAP\Scsi\ OBJECT: 0xFCD513D0(136e3d0) Type: 2 Directory Object Header: 0xFCD513B8 GrantedAccess: f000f PointerCount: 3 HandleCount: 1 Directory: 0xFCDFD570 Name: WinDfs SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\WinDfs OBJECT: 0xFCD99320(13b6320) Type: 6 Thread Object Header: 0xFCD99308 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000006C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCDB1020(13ce020) Type: 6 Thread Object Header: 0xFCDB1008 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.0000005C ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCD98C40(13b5c40) Type: 6 Thread Object Header: 0xFCD98C28 GrantedAccess: 0 PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000070 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCCCF790(12ec790) Type: 2 Directory Object Header: 0xFCCCF778 GrantedAccess: f000f PointerCount: 6 HandleCount: 1 Directory: 0xFCDFD570 Name: Harddisk1 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Harddisk1 OBJECT: 0xFCD93170(13b0170) Type: 2 Directory Object Header: 0xFCD93158 GrantedAccess: f000f PointerCount: 6 HandleCount: 1 Directory: 0xFCDFD570 Name: Harddisk2 SecurityDescriptor: 0xE1000478(159a478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCRC;;;BA) FullPath: \Device\Harddisk2 OBJECT: 0xE1EA27F0(50647f0) Type: 19 Port Object Header: 0xE1EA27D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000020 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE12E42A0(197d2a0) Type: 18 Key Object Header: 0xE12E4288 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\cdrom\ OBJECT: 0xE12A5B30(18c8b30) Type: 17 Section Object Header: 0xE12A5B18 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1EF8008(5249008) BasedAddress: 0x00000080 SizeOfSegment: 0x100000 OBJECT: 0xE1EF5250(558250) Type: 4 Token Object Header: 0xE1EF5238 GrantedAccess: f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-7 Attributes: Mandatory Default Enabled AuthenticationID: {0,98c6} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: NtLmSsp {0,0} TokenFlags: 0x1 Token ID: {0,98ca} ParentToken ID: {0,0} Modified ID: {0,98c9} SessionID: 0 TokenInUse: No Groups: 1 S-1-0-0 Attributes: 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-2 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-0-0 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled OBJECT: 0xFF24C988(4605988) Type: 26 File Object Header: 0xFF24C970 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ OBJECT: 0xFF173D68(25c5d68) Type: 26 File Object Header: 0xFF173D50 GrantedAccess: 3 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF24C088(4605088) Type: 26 File Object Header: 0xFF24C070 GrantedAccess: 20 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: LanmanRedirector OBJECT: 0xFF189808(3a7d808) Type: 26 File Object Header: 0xFF1897F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NTPNP_PCI0008\Topology OBJECT: 0xE12DEFE0(196ffe0) Type: 18 Key Object Header: 0xE12DEFC8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\i8042prt\ OBJECT: 0xE12DC080(1966080) Type: 18 Key Object Header: 0xE12DC068 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mouclass\ OBJECT: 0xE12DC240(1966240) Type: 18 Key Object Header: 0xE12DC228 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\kbdclass\ OBJECT: 0xFF24C228(4605228) Type: 26 File Object Header: 0xFF24C210 GrantedAccess: 120116 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Mup OBJECT: 0xFCD6C668(1389668) Type: 26 File Object Header: 0xFCD6C650 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFCD6E128 (138b128) Unknown1: 0x004F0073 (1) Unknown2: 0x740070 OBJECT: 0xFCC8DD88(12aad88) Type: 26 File Object Header: 0xFCC8DD70 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFCC8DD28 (12aad28) Address Object: 0xFCC8DB68 (12aab68) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF20A808:FF1496A8} OBJECT: 0xFCC5B8C8(12788c8) Type: 26 File Object Header: 0xFCC5B8B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF137448 (3f2a448) Address Object: 0xFF136008 (3629008) Local Address: 0x0:304 0.0.0.0:1027 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFCC8E3E8(12ab3e8) Type: 26 File Object Header: 0xFCC8E3D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFCC8DFC8 (12aafc8) Address Object: 0xFCC8DE08 (12aae08) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFCC8C848(12a9848) Type: 26 File Object Header: 0xFCC8C830 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFCC8E308 (12ab308) Unknown1: 0x004F0073 (1) Unknown2: 0x740070 OBJECT: 0xFCD8D420(13aa420) Type: 6 Thread Object Header: 0xFCD8D408 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000008.00000078 ThreadsProcess: 0xFCE00C60 OBJECT: 0xFCC91688(12ae688) Type: 26 File Object Header: 0xFCC91670 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Gpc OBJECT: 0xFCC8E4A8(12ab4a8) Type: 26 File Object Header: 0xFCC8E490 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFCD8B408 (13a8408) Unknown1: 0x00530073 (1) Unknown2: 0x62006d OBJECT: 0xE1352A70(1b35a70) Type: 19 Port Object Header: 0xE1352A58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000090 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1372750(27f3750) Type: 19 Port Object Header: 0xE1372738 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000090 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE12DC1A0(19661a0) Type: 18 Key Object Header: 0xE12DC188 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Parport\ OBJECT: 0xE12DB300(1965300) Type: 18 Key Object Header: 0xE12DB2E8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Serial\ OBJECT: 0xFCD61EA8(137eea8) Type: 26 File Object Header: 0xFCD61E90 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\pagefile.sys OBJECT: 0xE130EE20(1a37e20) Type: 19 Port Object Header: 0xE130EE08 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 1 Directory: 0xFCE00850 Name: SeRmCommandPort SecurityDescriptor: 0xE131B438(1a3b438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 00000008.00000004 ClientThread: 0x00000000 ServerProcess: 0xFCE00C60 OBJECT: 0xFCD67A10(1384a10) Type: 8 Event Object Header: 0xFCD679F8 GrantedAccess: 100003 PointerCount: 5 HandleCount: 2 Directory: 0xFCE00850 Name: LanmanServerAnnounceEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFCA2A500(1047500) Type: 5 Process Object Header: 0xFCA2A4E8 GrantedAccess: 28 PointerCount: 126 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xFF1A58C8(35248c8) Type: 26 File Object Header: 0xFF1A58B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\CSC\00000001 OBJECT: 0xFF1D6868(202e868) Type: 26 File Object Header: 0xFF1D6850 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000005\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFCD1A408(1337408) Type: 26 File Object Header: 0xFCD1A3F0 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: NTPNP_PCI0008\Wave OBJECT: 0xFF1D6368(202e368) Type: 26 File Object Header: 0xFF1D6350 GrantedAccess: 12019f PointerCount: 5 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000005\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFCDBEA28(13dba28) Type: 26 File Object Header: 0xFCDBEA10 GrantedAccess: 120116 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: NTPNP_PCI0008{146F1A80-4791-11D0-A5D6-28DB04C10000}\ f‡ÎbÏ¥Ö(ÛÁ OBJECT: 0xFF1D7F48(1eebf48) Type: 26 File Object Header: 0xFF1D7F30 GrantedAccess: 120116 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000005{146F1A80-4791-11D0-A5D6-28DB04C10000}\ f‡ÎbÏ¥Ö(ÛÁ OBJECT: 0xFCA33B88(1050b88) Type: 26 File Object Header: 0xFCA33B70 GrantedAccess: 120116 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000005{146F1A80-4791-11D0-A5D6-28DB04C10000}\ f‡ÎbÏ¥Ö(ÛÁ OBJECT: 0xFF190BC8(3a07bc8) Type: 26 File Object Header: 0xFF190BB0 GrantedAccess: 120116 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000005{146F1A80-4791-11D0-A5D6-28DB04C10000}\ f‡ÎbÏ¥Ö(ÛÁ OBJECT: 0xE205A030(3a49030) Type: 19 Port Object Header: 0xE205A018 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000008.00000024 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF161368(57f2368) Type: 26 File Object Header: 0xFF161350 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF248828 (4b88828) Unknown1: 0x00005453 (1) Unknown2: 0x5 Address Object: 0xFF157268 (4054268) Local Address: 0x200a8c0:8a00 192.168.0.2:138 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF16BB28(45e6b28) Type: 26 File Object Header: 0xFF16BB10 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF2102C8 (658e2c8) Unknown1: 0x00005453 (1) Unknown2: 0x5 Address Object: 0xFF160E48 (708e48) Local Address: 0x200a8c0:8900 192.168.0.2:137 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF2596E8(26f86e8) Type: 26 File Object Header: 0xFF2596D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFCDBFDC8 (13dcdc8) Unknown1: 0x00005453 (1) Unknown2: 0x5 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF26CC48(fadc48) Type: 26 File Object Header: 0xFF26CC30 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF2064A8 (515e4a8) ConnectionHandle: 0x1D00001C Connection Object: 0xFCC5C808 (1279808) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x1d AfdEndpoint: 0xFCE18B48 (1435b48) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x1D00001C Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF161E48(57f2e48) Type: 26 File Object Header: 0xFF161E30 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF20B788 (538c788) ConnectionHandle: 0x1E00001D Connection Object: 0xFF164488 (4873488) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x1e AfdEndpoint: 0xFF15AD08 (23a8d08) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x1E00001D Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF183508(3ec4508) Type: 26 File Object Header: 0xFF1834F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1EDC88 (48cac88) ConnectionHandle: 0x1F00001E Connection Object: 0xFF165A48 (4d87a48) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x1f AfdEndpoint: 0xFF25CB48 (1982b48) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x1F00001E Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCA30728(104d728) Type: 26 File Object Header: 0xFCA30710 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF166E08 (7c66e08) ConnectionHandle: 0x2000001F Connection Object: 0xFF1EDEE8 (48caee8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x20 AfdEndpoint: 0xFF155448 (53cf448) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x2000001F Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1E6908(507f908) Type: 26 File Object Header: 0xFF1E68F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF19D0C8 (37bd0c8) ConnectionHandle: 0x21000020 Connection Object: 0xFF166388 (7c66388) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x21 AfdEndpoint: 0xFF2496A8 (468f6a8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x21000020 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1624E8(51d34e8) Type: 26 File Object Header: 0xFF1624D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22B528 (4e36528) ConnectionHandle: 0x22000021 Connection Object: 0xFF23A888 (6400888) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x22 AfdEndpoint: 0xFF2491E8 (468f1e8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x22000021 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF2819E8(9f99e8) Type: 26 File Object Header: 0xFF2819D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF2008E8 (4dd88e8) ConnectionHandle: 0x23000022 Connection Object: 0xFF17C808 (4292808) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x23 AfdEndpoint: 0xFF1543C8 (4fcb3c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x23000022 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF23A7E8(64007e8) Type: 26 File Object Header: 0xFF23A7D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF20BBC8 (538cbc8) ConnectionHandle: 0x24000023 Connection Object: 0xFF170C08 (1a9dc08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x24 AfdEndpoint: 0xFF230E48 (7dae48) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x24000023 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF248888(4b88888) Type: 26 File Object Header: 0xFF248870 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16A728 (51c8728) ConnectionHandle: 0x25000024 Connection Object: 0xFF16B908 (45e6908) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x25 AfdEndpoint: 0xFF1EF8E8 (4c488e8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x25000024 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF16C968(497a968) Type: 26 File Object Header: 0xFF16C950 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF20BB88 (538cb88) ConnectionHandle: 0x26000025 Connection Object: 0xFF165D08 (4d87d08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x26 AfdEndpoint: 0xFCDC7F28 (13e4f28) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x26000025 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1884A8(3c424a8) Type: 26 File Object Header: 0xFF188490 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF165E08 (4d87e08) ConnectionHandle: 0x27000026 Connection Object: 0xFF162748 (51d3748) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x27 AfdEndpoint: 0xFF23A5C8 (64005c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x27000026 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF16CC08(497ac08) Type: 26 File Object Header: 0xFF16CBF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF206848 (515e848) ConnectionHandle: 0x28000027 Connection Object: 0xFF1EEC88 (1cc0c88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x28 AfdEndpoint: 0xFF14D5C8 (1fdf5c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x28000027 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF259388(26f8388) Type: 26 File Object Header: 0xFF259370 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF19D088 (37bd088) ConnectionHandle: 0x29000028 Connection Object: 0xFF1F2C68 (1d41c68) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x29 AfdEndpoint: 0xFF1EA108 (17d108) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x29000028 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF26B768(250768) Type: 26 File Object Header: 0xFF26B750 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF2346C8 (28a26c8) ConnectionHandle: 0x2A000029 Connection Object: 0xFF1D61C8 (202e1c8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x2a AfdEndpoint: 0xFCCC75E8 (12e45e8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x2A000029 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF15D4E8(57304e8) Type: 26 File Object Header: 0xFF15D4D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF20BAC8 (538cac8) ConnectionHandle: 0x2B00002A Connection Object: 0xFF2017E8 (4f557e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x2b AfdEndpoint: 0xFF1888C8 (3c428c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x2B00002A Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF182028(3f5b028) Type: 26 File Object Header: 0xFF182010 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF25ECC8 (1d8cc8) ConnectionHandle: 0x2C00002B Connection Object: 0xFF18E868 (3ac0868) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x2c AfdEndpoint: 0xFF240948 (63f3948) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x2C00002B Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF174368(5a45368) Type: 26 File Object Header: 0xFF174350 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF24F628 (7ac628) ConnectionHandle: 0x2D00002C Connection Object: 0xFCD6DCC8 (138acc8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x2d AfdEndpoint: 0xFF1CA908 (2d33908) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x2D00002C Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCC63868(1280868) Type: 26 File Object Header: 0xFCC63850 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF25EE48 (1d8e48) ConnectionHandle: 0x2E00002D Connection Object: 0xFF193488 (38e6488) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x2e AfdEndpoint: 0xFF17E748 (40d9748) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x2E00002D Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCA32E28(104fe28) Type: 26 File Object Header: 0xFCA32E10 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF251368 (4793368) ConnectionHandle: 0x2F00002E Connection Object: 0xFF159008 (4882008) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x2f AfdEndpoint: 0xFF140F88 (3442f88) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x2F00002E Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCA2ED08(104bd08) Type: 26 File Object Header: 0xFCA2ECF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF2512C8 (47932c8) ConnectionHandle: 0x3000002F Connection Object: 0xFF1832A8 (3ec42a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x30 AfdEndpoint: 0xFF1A02C8 (37c02c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x3000002F Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCC60E68(127de68) Type: 26 File Object Header: 0xFCC60E50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF251D08 (4793d08) ConnectionHandle: 0x31000030 Connection Object: 0xFF15E008 (6430008) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x31 AfdEndpoint: 0xFF152F88 (21cef88) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x31000030 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCA321E8(104f1e8) Type: 26 File Object Header: 0xFCA321D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF251C68 (4793c68) ConnectionHandle: 0x32000031 Connection Object: 0xFF253788 (651788) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x32 AfdEndpoint: 0xFF18AD08 (3a7ed08) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x32000031 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF14D3E8(1fdf3e8) Type: 26 File Object Header: 0xFF14D3D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF251BC8 (4793bc8) ConnectionHandle: 0x33000032 Connection Object: 0xFF191D48 (39b1d48) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x33 AfdEndpoint: 0xFF1A3868 (362e868) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x33000032 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF131E68(917e68) Type: 26 File Object Header: 0xFF131E50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF275288 (dbd288) ConnectionHandle: 0x34000033 Connection Object: 0xFF1874E8 (3c414e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x34 AfdEndpoint: 0xFF195D68 (38ebd68) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x34000033 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF140D88(3442d88) Type: 26 File Object Header: 0xFF140D70 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1A35A8 (362e5a8) ConnectionHandle: 0x35000034 Connection Object: 0xFF187C68 (3c41c68) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x35 AfdEndpoint: 0xFF270D88 (fb0d88) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x35000034 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF18E728(3ac0728) Type: 26 File Object Header: 0xFF18E710 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1325E8 (66785e8) ConnectionHandle: 0x36000035 Connection Object: 0xFF193C08 (38e6c08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x36 AfdEndpoint: 0xFCDBE888 (13db888) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x36000035 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF244EA8(51e5ea8) Type: 26 File Object Header: 0xFF244E90 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF132568 (6678568) ConnectionHandle: 0x37000036 Connection Object: 0xFF23A9E8 (64009e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x37 AfdEndpoint: 0xFF187F48 (3c41f48) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x37000036 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF15D5A8(57305a8) Type: 26 File Object Header: 0xFF15D590 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1324E8 (66784e8) ConnectionHandle: 0x38000037 Connection Object: 0xFF199EE8 (381bee8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x38 AfdEndpoint: 0xFF1AA768 (33a8768) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x38000037 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF23B368(5686368) Type: 26 File Object Header: 0xFF23B350 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1323E8 (66783e8) ConnectionHandle: 0x39000038 Connection Object: 0xFF16A008 (51c8008) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x39 AfdEndpoint: 0xFF13C588 (217f588) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x39000038 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF22B788(4e36788) Type: 26 File Object Header: 0xFF22B770 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF132628 (6678628) ConnectionHandle: 0x3A000039 Connection Object: 0xFF16A428 (51c8428) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x3a AfdEndpoint: 0xFF16C2E8 (497a2e8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x3A000039 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF183608(3ec4608) Type: 26 File Object Header: 0xFF1835F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1324A8 (66784a8) ConnectionHandle: 0x3B00003A Connection Object: 0xFF27F548 (a06548) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x3b AfdEndpoint: 0xFF168A48 (53dba48) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x3B00003A Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1A6EA8(3506ea8) Type: 26 File Object Header: 0xFF1A6E90 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF14B1C8 (2fcb1c8) ConnectionHandle: 0x3C00003B Connection Object: 0xFF163548 (5047548) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x3c AfdEndpoint: 0xFF1CB9E8 (2d349e8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x3C00003B Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF218508(4b15508) Type: 26 File Object Header: 0xFF2184F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF147DA8 (2ce4da8) ConnectionHandle: 0x3D00003C Connection Object: 0xFF178C88 (33d1c88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x3d AfdEndpoint: 0xFF14ADA8 (2e68da8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x3D00003C Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF17BB08(4321b08) Type: 26 File Object Header: 0xFF17BAF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1A2868 (364e868) ConnectionHandle: 0x3E00003D Connection Object: 0xFF1DC428 (1da7428) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x3e AfdEndpoint: 0xFF13D008 (20ee008) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x3E00003D Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF244808(51e5808) Type: 26 File Object Header: 0xFF2447F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF25B328 (194a328) ConnectionHandle: 0x3F00003E Connection Object: 0xFF180708 (98d708) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x3f AfdEndpoint: 0xFF14DB68 (1fdfb68) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x3F00003E Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF170F88(1a9df88) Type: 26 File Object Header: 0xFF170F70 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF17E508 (40d9508) ConnectionHandle: 0x4000003F Connection Object: 0xFF20B868 (538c868) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x40 AfdEndpoint: 0xFF16B2C8 (45e62c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x4000003F Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1A0CA8(37c0ca8) Type: 26 File Object Header: 0xFF1A0C90 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1A2428 (364e428) ConnectionHandle: 0x41000040 Connection Object: 0xFF152408 (21ce408) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x41 AfdEndpoint: 0xFCC609C8 (127d9c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x41000040 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF16C8C8(497a8c8) Type: 26 File Object Header: 0xFF16C8B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF137BA8 (3f2aba8) ConnectionHandle: 0x42000041 Connection Object: 0xFF18D628 (3a3f628) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x42 AfdEndpoint: 0xFF1D6BE8 (202ebe8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x42000041 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF21CDE8(50adde8) Type: 26 File Object Header: 0xFF21CDD0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF13E8A8 (21608a8) ConnectionHandle: 0x43000042 Connection Object: 0xFF23C2C8 (65f72c8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x43 AfdEndpoint: 0xFF23AC08 (6400c08) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x43000042 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF154628(4fcb628) Type: 26 File Object Header: 0xFF154610 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF13E928 (2160928) ConnectionHandle: 0x44000043 Connection Object: 0xFF20A8C8 (7df08c8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x44 AfdEndpoint: 0xFF1574A8 (40544a8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x44000043 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF17F2E8(406c2e8) Type: 26 File Object Header: 0xFF17F2D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF137388 (3f2a388) ConnectionHandle: 0x45000044 Connection Object: 0xFCC5C9C8 (12799c8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x45 AfdEndpoint: 0xFF19AE68 (385ce68) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x45000044 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF17F028(406c028) Type: 26 File Object Header: 0xFF17F010 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF173C28 (25c5c28) ConnectionHandle: 0x46000045 Connection Object: 0xFF218808 (4b15808) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x46 AfdEndpoint: 0xFF1944C8 (38cf4c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x46000045 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1D6A68(202ea68) Type: 26 File Object Header: 0xFF1D6A50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1689E8 (53db9e8) ConnectionHandle: 0x47000046 Connection Object: 0xFF1605A8 (7085a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x47 AfdEndpoint: 0xFF1922A8 (39922a8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x47000046 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1CAE68(2d33e68) Type: 26 File Object Header: 0xFF1CAE50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF168FC8 (53dbfc8) ConnectionHandle: 0x48000047 Connection Object: 0xFF289148 (85e148) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x48 AfdEndpoint: 0xFF17CC88 (4292c88) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x48000047 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF143028(3dc8028) Type: 26 File Object Header: 0xFF143010 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF14A968 (2e68968) ConnectionHandle: 0x49000048 Connection Object: 0xFF1D1B08 (22dbb08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x49 AfdEndpoint: 0xFF19C8A8 (381c8a8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x49000048 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF189648(3a7d648) Type: 26 File Object Header: 0xFF189630 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF239168 (65e2168) ConnectionHandle: 0x4A000049 Connection Object: 0xFF15B9A8 (65f99a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x4a AfdEndpoint: 0xFF19E288 (3841288) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x4A000049 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCCC6368(12e3368) Type: 26 File Object Header: 0xFCCC6350 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1D9688 (1ee9688) ConnectionHandle: 0x4B00004A Connection Object: 0xFF24F5A8 (7ac5a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x4b AfdEndpoint: 0xFF28C5C8 (7c155c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x4B00004A Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF17F4A8(406c4a8) Type: 26 File Object Header: 0xFF17F490 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF14BA88 (2fcba88) ConnectionHandle: 0x4C00004B Connection Object: 0xFF171948 (eec948) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x4c AfdEndpoint: 0xFF1B2008 (2d3d008) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x4C00004B Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1EB4E8(49a74e8) Type: 26 File Object Header: 0xFF1EB4D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1A7E48 (34bfe48) ConnectionHandle: 0x4D00004C Connection Object: 0xFF17F1E8 (406c1e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x4d AfdEndpoint: 0xFCC8D2C8 (12aa2c8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x4D00004C Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF1795C8(44055c8) Type: 26 File Object Header: 0xFF1795B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1A7E88 (34bfe88) ConnectionHandle: 0x4E00004D Connection Object: 0xFF1EDDA8 (48cada8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x4e AfdEndpoint: 0xFF14AB88 (2e68b88) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x4E00004D Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFCA317C8(104e7c8) Type: 26 File Object Header: 0xFCA317B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF20D228(477e228) Type: 26 File Object Header: 0xFF20D210 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF155DC8(53cfdc8) Type: 26 File Object Header: 0xFF155DB0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF1A3268(362e268) Type: 26 File Object Header: 0xFF1A3250 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF1566C8(19736c8) Type: 26 File Object Header: 0xFF1566B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF1549C8(4fcb9c8) Type: 26 File Object Header: 0xFF1549B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF283468(a77468) Type: 26 File Object Header: 0xFF283450 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF15A848(23a8848) Type: 26 File Object Header: 0xFF15A830 GrantedAccess: 180 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFCA2F588(104c588) Type: 26 File Object Header: 0xFCA2F570 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF149588 (54ca588) ConnectionHandle: 0x4F00004E Connection Object: 0xFF176128 (591c128) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x4f AfdEndpoint: 0xFF168828 (53db828) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x4F00004E Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF164188(4873188) Type: 26 File Object Header: 0xFF164170 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFCDA2928(13bf928) Type: 26 File Object Header: 0xFCDA2910 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF20B6C8 (538c6c8) ConnectionHandle: 0x5000004F Connection Object: 0xFF16AE88 (51c8e88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x50 AfdEndpoint: 0xFF18F828 (3a06828) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x5000004F Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF2057E8(49d87e8) Type: 26 File Object Header: 0xFF2057D0 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF187848(3c41848) Type: 26 File Object Header: 0xFF187830 GrantedAccess: 180 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF15F4E8(54ef4e8) Type: 26 File Object Header: 0xFF15F4D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF20BC88 (538cc88) ConnectionHandle: 0x51000050 Connection Object: 0xFF201628 (4f55628) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x51 AfdEndpoint: 0xFCA30B88 (104db88) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x51000050 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF2046C8(4dfb6c8) Type: 26 File Object Header: 0xFF2046B0 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFCC60348(127d348) Type: 26 File Object Header: 0xFCC60330 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1A2D48 (364ed48) ConnectionHandle: 0x52000051 Connection Object: 0xFF161A88 (57f2a88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF1D9928 (1ee9928) ConnectionId: 0x52 AfdEndpoint: 0xFF1910E8 (39b10e8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x52000051 Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} OBJECT: 0xFF203DA8(519eda8) Type: 26 File Object Header: 0xFF203D90 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFF280728(ae5728) Type: 26 File Object Header: 0xFF280710 GrantedAccess: 180 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF18C348(3a59348) Type: 26 File Object Header: 0xFF18C330 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1A2FC8 (364efc8) ConnectionHandle: 0x53000052 Connection Object: 0xFF1496A8 (54ca6a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCC8DB68 (12aab68) ConnectionId: 0x53 AfdEndpoint: 0xFF20F888 (65f2888) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x53000052 Address Object: 0xFCC8DB68 (12aab68) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF20A808:FF1496A8} OBJECT: 0xFF1383E8(1de63e8) Type: 26 File Object Header: 0xFF1383D0 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF155C08(53cfc08) Type: 26 File Object Header: 0xFF155BF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF168128 (53db128) ConnectionHandle: 0x54000053 Connection Object: 0xFF137A08 (3f2aa08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCC8DB68 (12aab68) ConnectionId: 0x54 AfdEndpoint: 0xFF152DC8 (21cedc8) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x54000053 Address Object: 0xFCC8DB68 (12aab68) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF20A808:FF1496A8} OBJECT: 0xFF1482E8(26c92e8) Type: 26 File Object Header: 0xFF1482D0 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF138C48(1de6c48) Type: 26 File Object Header: 0xFF138C30 GrantedAccess: 180 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF19EB68(3841b68) Type: 26 File Object Header: 0xFF19EB50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF1322A8 (66782a8) ConnectionHandle: 0x55000054 Connection Object: 0xFF206408 (515e408) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCC8DB68 (12aab68) ConnectionId: 0x55 AfdEndpoint: 0xFF174B28 (5a45b28) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x55000054 Address Object: 0xFCC8DB68 (12aab68) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF20A808:FF1496A8} OBJECT: 0xFF2051E8(49d81e8) Type: 26 File Object Header: 0xFF2051D0 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF1A4B48(3588b48) Type: 26 File Object Header: 0xFF1A4B30 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF219128 (4571128) ConnectionHandle: 0x56000055 Connection Object: 0xFF20A808 (7df0808) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFCC8DB68 (12aab68) ConnectionId: 0x56 AfdEndpoint: 0xFF1A7168 (34bf168) ProcessId: 0x8 System TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x56000055 Address Object: 0xFCC8DB68 (12aab68) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF20A808:FF1496A8} OBJECT: 0xFF15DAE8(5730ae8) Type: 26 File Object Header: 0xFF15DAD0 GrantedAccess: 0 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetbiosSmb OBJECT: 0xFF1454C8(27a24c8) Type: 26 File Object Header: 0xFF1454B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFCC5B828(1278828) Type: 26 File Object Header: 0xFCC5B810 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} 2. TABLE: 0xFCE25668(1442668): Table: 0xE1003000 QuotaProcess: ProcessId: 0 HandleCount: 59 CapturedHandleCount: 59 TableLevel: 2 StrictFIFO: No OBJECT: 0xFF271968(38f968) Type: 26 File Object Header: 0xFF271950 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF271908 (38f908) ConnectionHandle: 0x05000004 Connection Object: 0xFF2718A8 (38f8a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2721C8 (e841c8) ConnectionId: 0x5 AfdEndpoint: 0xFF2719E8 (38f9e8) ProcessId: 0x194 svchost.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x05000004 Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} OBJECT: 0xFF271B68(38fb68) Type: 26 File Object Header: 0xFF271B50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF271B08 (38fb08) ConnectionHandle: 0x04000003 Connection Object: 0xFF271AA8 (38faa8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2721C8 (e841c8) ConnectionId: 0x4 AfdEndpoint: 0xFF271BE8 (38fbe8) ProcessId: 0x194 svchost.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x04000003 Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} OBJECT: 0xFF272508(e84508) Type: 26 File Object Header: 0xFF2724F0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF272388 (e84388) Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} OBJECT: 0xE130E4A0(1a374a0) Type: 18 Key Object Header: 0xE130E488 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Power\ OBJECT: 0xFF272068(e84068) Type: 26 File Object Header: 0xFF272050 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF271F08 (38ff08) ConnectionHandle: 0x02000001 Connection Object: 0xFF271EA8 (38fea8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2721C8 (e841c8) ConnectionId: 0x2 AfdEndpoint: 0xFF271F48 (38ff48) ProcessId: 0x194 svchost.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x02000001 Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} OBJECT: 0xFF272148(e84148) Type: 26 File Object Header: 0xFF272130 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF2720E8 (e840e8) ConnectionHandle: 0x01000000 Connection Object: 0xFF272868 (e84868) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2721C8 (e841c8) ConnectionId: 0x1 AfdEndpoint: 0xFF2770E8 (dd00e8) ProcessId: 0x194 svchost.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x01000000 Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} OBJECT: 0xFF271D68(38fd68) Type: 26 File Object Header: 0xFF271D50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF271D08 (38fd08) ConnectionHandle: 0x03000002 Connection Object: 0xFF271CA8 (38fca8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2721C8 (e841c8) ConnectionId: 0x3 AfdEndpoint: 0xFF271DE8 (38fde8) ProcessId: 0x194 svchost.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x03000002 Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} OBJECT: 0xFCD5F768(137c768) Type: 26 File Object Header: 0xFCD5F750 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SAM.LOG OBJECT: 0xFCD5F808(137c808) Type: 26 File Object Header: 0xFCD5F7F0 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SAM OBJECT: 0xFCCCA1C8(12e71c8) Type: 26 File Object Header: 0xFCCCA1B0 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\DEFAULT.LOG OBJECT: 0xFCCCA268(12e7268) Type: 26 File Object Header: 0xFCCCA250 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\DEFAULT OBJECT: 0xFCD5E1C8(137b1c8) Type: 26 File Object Header: 0xFCD5E1B0 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SYSTEM.ALT OBJECT: 0xFCD5E308(137b308) Type: 26 File Object Header: 0xFCD5E2F0 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SYSTEM OBJECT: 0xFCD5E508(137b508) Type: 26 File Object Header: 0xFCD5E4F0 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SOFTWARE.LOG OBJECT: 0xE1309940(19fa940) Type: 18 Key Object Header: 0xE1309928 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_REDBOOK\0000\ OBJECT: 0xFCD5E628(137b628) Type: 26 File Object Header: 0xFCD5E610 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SOFTWARE OBJECT: 0xFCD5EB68(137bb68) Type: 26 File Object Header: 0xFCD5EB50 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SECURITY OBJECT: 0xE13AE320(2b89320) Type: 18 Key Object Header: 0xE13AE308 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_REDBOOK\0000\Control\ OBJECT: 0xE12F3580(199b580) Type: 18 Key Object Header: 0xE12F3568 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CDAUDIO\0000\Control\ OBJECT: 0xFCD61A48(137ea48) Type: 26 File Object Header: 0xFCD61A30 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\hiberfil.sys OBJECT: 0xE12B8F20(19bdf20) Type: 18 Key Object Header: 0xE12B8F08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CDAUDIO\0000\ OBJECT: 0xFCD5E808(137b808) Type: 26 File Object Header: 0xFCD5E7F0 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\Config\SECURITY.LOG OBJECT: 0xE130B4C0(1aa04c0) Type: 18 Key Object Header: 0xE130B4A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_REDBOOK\ OBJECT: 0xE12B8EE0(19bdee0) Type: 18 Key Object Header: 0xE12B8EC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CDAUDIO\ OBJECT: 0xFF22F748(2c02748) Type: 26 File Object Header: 0xFF22F730 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22F6E8 (2c026e8) ConnectionHandle: 0x08000007 Connection Object: 0xFF235568 (7799568) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22F888 (2c02888) ConnectionId: 0x8 AfdEndpoint: 0xFF22F7C8 (2c027c8) ProcessId: 0x224 UMGR32.EXE TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x08000007 Address Object: 0xFF22F888 (2c02888) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1593E8:FF235568} OBJECT: 0xFF22F3A8(2c023a8) Type: 26 File Object Header: 0xFF22F390 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22F348 (2c02348) ConnectionHandle: 0x0A000009 Connection Object: 0xFF22F2E8 (2c022e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22F888 (2c02888) ConnectionId: 0xa AfdEndpoint: 0xFF22F428 (2c02428) ProcessId: 0x224 UMGR32.EXE TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x0A000009 Address Object: 0xFF22F888 (2c02888) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1593E8:FF235568} OBJECT: 0xFF22FAA8(2c02aa8) Type: 26 File Object Header: 0xFF22FA90 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF22FA48 (2c02a48) Address Object: 0xFF22F888 (2c02888) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1593E8:FF235568} OBJECT: 0xFF22F5A8(2c025a8) Type: 26 File Object Header: 0xFF22F590 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22F548 (2c02548) ConnectionHandle: 0x09000008 Connection Object: 0xFF22F4E8 (2c024e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22F888 (2c02888) ConnectionId: 0x9 AfdEndpoint: 0xFF22F628 (2c02628) ProcessId: 0x224 UMGR32.EXE TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x09000008 Address Object: 0xFF22F888 (2c02888) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1593E8:FF235568} OBJECT: 0xFF2541A8(29ac1a8) Type: 26 File Object Header: 0xFF254190 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF254148 (29ac148) ConnectionHandle: 0x07000006 Connection Object: 0xFF2562A8 (29042a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2542E8 (29ac2e8) ConnectionId: 0x7 AfdEndpoint: 0xFF254228 (29ac228) ProcessId: 0x1f8 nc.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x07000006 Address Object: 0xFF2542E8 (29ac2e8) Local Address: 0x0:b80b 0.0.0.0:3000 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF2562A8:FF2562A8} OBJECT: 0xFF254508(29ac508) Type: 26 File Object Header: 0xFF2544F0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF2544A8 (29ac4a8) Address Object: 0xFF2542E8 (29ac2e8) Local Address: 0x0:b80b 0.0.0.0:3000 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF2562A8:FF2562A8} OBJECT: 0xFF26FC28(f74c28) Type: 26 File Object Header: 0xFF26FC10 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF26FBC8 (f74bc8) ConnectionHandle: 0x06000005 Connection Object: 0xFF27AE88 (cd9e88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF2721C8 (e841c8) ConnectionId: 0x6 AfdEndpoint: 0xFF26FCE8 (f74ce8) ProcessId: 0x194 svchost.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x06000005 Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} OBJECT: 0xFF22F1A8(2c021a8) Type: 26 File Object Header: 0xFF22F190 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22F148 (2c02148) ConnectionHandle: 0x0B00000A Connection Object: 0xFF22F0E8 (2c020e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22F888 (2c02888) ConnectionId: 0xb AfdEndpoint: 0xFF22F228 (2c02228) ProcessId: 0x224 UMGR32.EXE TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x0B00000A Address Object: 0xFF22F888 (2c02888) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1593E8:FF235568} OBJECT: 0xFF22FE08(2c02e08) Type: 26 File Object Header: 0xFF22FDF0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF22E248 (dc5248) Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} OBJECT: 0xFF22DB08(6ba7b08) Type: 26 File Object Header: 0xFF22DAF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22DAA8 (6ba7aa8) ConnectionHandle: 0x0E00000D Connection Object: 0xFF236C28 (7774c28) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22DD28 (6ba7d28) ConnectionId: 0xe AfdEndpoint: 0xFF22DB88 (6ba7b88) ProcessId: 0x240 MSTask.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x0E00000D Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} OBJECT: 0xFF22DCA8(6ba7ca8) Type: 26 File Object Header: 0xFF22DC90 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22DC48 (6ba7c48) ConnectionHandle: 0x0D00000C Connection Object: 0xFF22EB68 (dc5b68) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22DD28 (6ba7d28) ConnectionId: 0xd AfdEndpoint: 0xFF22E188 (dc5188) ProcessId: 0x240 MSTask.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x0D00000C Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} OBJECT: 0xFF22D968(6ba7968) Type: 26 File Object Header: 0xFF22D950 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22D908 (6ba7908) ConnectionHandle: 0x0F00000E Connection Object: 0xFF22E888 (dc5888) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22DD28 (6ba7d28) ConnectionId: 0xf AfdEndpoint: 0xFF22D9E8 (6ba79e8) ProcessId: 0x240 MSTask.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x0F00000E Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} OBJECT: 0xFF22D7C8(6ba77c8) Type: 26 File Object Header: 0xFF22D7B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22D768 (6ba7768) ConnectionHandle: 0x1000000F Connection Object: 0xFF22E908 (dc5908) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22DD28 (6ba7d28) ConnectionId: 0x10 AfdEndpoint: 0xFF22D848 (6ba7848) ProcessId: 0x240 MSTask.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x1000000F Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} OBJECT: 0xFF22D628(6ba7628) Type: 26 File Object Header: 0xFF22D610 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22D5C8 (6ba75c8) ConnectionHandle: 0x11000010 Connection Object: 0xFF22D568 (6ba7568) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22DD28 (6ba7d28) ConnectionId: 0x11 AfdEndpoint: 0xFF22D6A8 (6ba76a8) ProcessId: 0x240 MSTask.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x11000010 Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} OBJECT: 0xFF22C8E8(b6e8e8) Type: 26 File Object Header: 0xFF22C8D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF22C888 (b6e888) ConnectionHandle: 0x12000011 Connection Object: 0xFF22D228 (6ba7228) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22DD28 (6ba7d28) ConnectionId: 0x12 AfdEndpoint: 0xFF22C968 (b6e968) ProcessId: 0x240 MSTask.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x12000011 Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} OBJECT: 0xFCC5EB48(127bb48) Type: 26 File Object Header: 0xFCC5EB30 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF16E168 (4721168) Unknown1: 0x00010000 (15e8000) Unknown2: 0x65a93890 Address Object: 0xFF16D008 (ab9008) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF250F08:FF24EC28} OBJECT: 0xFCDC2CC8(13dfcc8) Type: 26 File Object Header: 0xFCDC2CB0 GrantedAccess: 3 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\ntuser.dat.LOG OBJECT: 0xFF1E4748(4d3c748) Type: 26 File Object Header: 0xFF1E4730 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1EA548 (17d548) Address Object: 0xFF1E4008 (4d3c008) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF1EF9C8(4c489c8) Type: 26 File Object Header: 0xFF1EF9B0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1EF968 (4c48968) Unknown2: 0x1000 Address Object: 0xFF1E5968 (626968) Local Address: 0x0:204 0.0.0.0:1026 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFCDC2F68(13dff68) Type: 26 File Object Header: 0xFCDC2F50 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat OBJECT: 0xFCD47C08(1364c08) Type: 26 File Object Header: 0xFCD47BF0 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\ntuser.dat OBJECT: 0xFCD47268(1364268) Type: 26 File Object Header: 0xFCD47250 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG OBJECT: 0xFCC5FF08(127cf08) Type: 26 File Object Header: 0xFCC5FEF0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16DDC8 (ab9dc8) ConnectionHandle: 0x15000014 Connection Object: 0xFF250AE8 (7c7ae8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D008 (ab9008) ConnectionId: 0x15 AfdEndpoint: 0xFF16DE08 (ab9e08) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x15000014 Address Object: 0xFF16D008 (ab9008) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF250F08:FF24EC28} OBJECT: 0xFCC5F328(127c328) Type: 26 File Object Header: 0xFCC5F310 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16DFC8 (ab9fc8) ConnectionHandle: 0x13000012 Connection Object: 0xFF24EC28 (7d47c28) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D008 (ab9008) ConnectionId: 0x13 AfdEndpoint: 0xFF187928 (3c41928) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x13000012 Address Object: 0xFF16D008 (ab9008) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF250F08:FF24EC28} OBJECT: 0xFCC5F688(127c688) Type: 26 File Object Header: 0xFCC5F670 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16DEC8 (ab9ec8) ConnectionHandle: 0x14000013 Connection Object: 0xFCC5A888 (1277888) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D008 (ab9008) ConnectionId: 0x14 AfdEndpoint: 0xFF16DF08 (ab9f08) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x14000013 Address Object: 0xFF16D008 (ab9008) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF250F08:FF24EC28} OBJECT: 0xFF176388(591c388) Type: 26 File Object Header: 0xFF176370 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16DCC8 (ab9cc8) ConnectionHandle: 0x16000015 Connection Object: 0xFF24EC88 (7d47c88) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D008 (ab9008) ConnectionId: 0x16 AfdEndpoint: 0xFF16DD08 (ab9d08) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x16000015 Address Object: 0xFF16D008 (ab9008) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF250F08:FF24EC28} OBJECT: 0xFF16DB88(ab9b88) Type: 26 File Object Header: 0xFF16DB70 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16DB28 (ab9b28) ConnectionHandle: 0x17000016 Connection Object: 0xFF250F08 (7c7f08) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D008 (ab9008) ConnectionId: 0x17 AfdEndpoint: 0xFF16DC08 (ab9c08) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x17000016 Address Object: 0xFF16D008 (ab9008) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF250F08:FF24EC28} OBJECT: 0xFF16D8A8(ab98a8) Type: 26 File Object Header: 0xFF16D890 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF16D848 (ab9848) Unknown1: 0x000000BB (1) Address Object: 0xFF16D688 (ab9688) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFCC5C948:FF2518A8} OBJECT: 0xFF16D548(ab9548) Type: 26 File Object Header: 0xFF16D530 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16D4E8 (ab94e8) ConnectionHandle: 0x18000017 Connection Object: 0xFF2518A8 (47938a8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D688 (ab9688) ConnectionId: 0x18 AfdEndpoint: 0xFF16D5C8 (ab95c8) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x18000017 Address Object: 0xFF16D688 (ab9688) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFCC5C948:FF2518A8} OBJECT: 0xFF16D3A8(ab93a8) Type: 26 File Object Header: 0xFF16D390 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16D348 (ab9348) ConnectionHandle: 0x19000018 Connection Object: 0xFCC5B608 (1278608) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D688 (ab9688) ConnectionId: 0x19 AfdEndpoint: 0xFF16D428 (ab9428) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x19000018 Address Object: 0xFF16D688 (ab9688) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFCC5C948:FF2518A8} OBJECT: 0xFF16D208(ab9208) Type: 26 File Object Header: 0xFF16D1F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16C008 (497a008) ConnectionHandle: 0x1A000019 Connection Object: 0xFF26B008 (250008) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D688 (ab9688) ConnectionId: 0x1a AfdEndpoint: 0xFF16D288 (ab9288) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x1A000019 Address Object: 0xFF16D688 (ab9688) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFCC5C948:FF2518A8} OBJECT: 0xFF16CEC8(497aec8) Type: 26 File Object Header: 0xFF16CEB0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16CE68 (497ae68) ConnectionHandle: 0x1B00001A Connection Object: 0xFCA37068 (1054068) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D688 (ab9688) ConnectionId: 0x1b AfdEndpoint: 0xFF16CF48 (497af48) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x1B00001A Address Object: 0xFF16D688 (ab9688) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFCC5C948:FF2518A8} OBJECT: 0xFF16CD28(497ad28) Type: 26 File Object Header: 0xFF16CD10 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF16CCC8 (497acc8) ConnectionHandle: 0x1C00001B Connection Object: 0xFCC5C948 (1279948) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF16D688 (ab9688) ConnectionId: 0x1c AfdEndpoint: 0xFF16CDA8 (497ada8) ProcessId: 0x3f4 tgcmd.exe TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x1C00001B Address Object: 0xFF16D688 (ab9688) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFCC5C948:FF2518A8} OBJECT: 0xFF191328(39b1328) Type: 26 File Object Header: 0xFF191310 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONNECTION_FILE TDI Context: 0xFF149748 (54ca748) ConnectionHandle: 0x59000056 Connection Object: 0xFF1593E8 (48823e8) ControlChannel: 0x00000000 (1) LocalAddressObject: 0xFF22F888 (2c02888) ConnectionId: 0x59 AfdEndpoint: 0xFF203E68 (519ee68) ProcessId: 0x224 UMGR32.EXE TableLock: 0xFF271008 (38f008) ConnectionHandle: 0x59000056 Address Object: 0xFF22F888 (2c02888) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1593E8:FF235568} OBJECT: 0xFF289A48(85ea48) Type: 26 File Object Header: 0xFF289A30 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF17CD88 (4292d88) Unknown1: 0x00005453 (1) Unknown2: 0x5 Address Object: 0xFF19B828 (384a828) Local Address: 0x200a8c0:f401 192.168.0.2:500 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} 3. TABLE: 0xFCC83628(12a0628): Table: 0xE13D2000 QuotaProcess: 0xFCD64D60 ProcessId: 98 HandleCount: 33 CapturedHandleCount: 33 TableLevel: 2 StrictFIFO: No OBJECT: 0xE131C390(1a65390) Type: 17 Section Object Header: 0xE131C378 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE137DD88(28e0d88) BasedAddress: 0x2E90CC38 SizeOfSegment: 0xe000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\smss.exe OBJECT: 0xFCC83820(12a0820) Type: 8 Event Object Header: 0xFCC83808 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC837E0(12a07e0) Type: 8 Event Object Header: 0xFCC837C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC837A0(12a07a0) Type: 8 Event Object Header: 0xFCC83788 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC834A8(12a04a8) Type: 26 File Object Header: 0xFCC83490 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT OBJECT: 0xE13D1F40(4450f40) Type: 19 Port Object Header: 0xE13D1F28 GrantedAccess: 1f0001 PointerCount: 8 HandleCount: 1 Directory: 0xFCE00850 Name: SmApiPort SecurityDescriptor: 0xE13C5C38(2cf2c38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCRC;;;RC)(A;;0x1f0001;;;BA) Creator: 00000098.00000094 ClientThread: 0x00000000 ServerProcess: 0xFCD64D60 OBJECT: 0xFCD64800(1381800) Type: 6 Thread Object Header: 0xFCD647E8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.0000009C ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCD64560(1381560) Type: 6 Thread Object Header: 0xFCD64548 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000A0 ThreadsProcess: 0xFCD64D60 OBJECT: 0xE1DC9EF0(75ebef0) Type: 19 Port Object Header: 0xE1DC9ED8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000098.000000A0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCE00630(141d630) Type: 2 Directory Object Header: 0xFCE00618 GrantedAccess: f000f PointerCount: 142 HandleCount: 1 Directory: 0xFCE00850 Name: ?? SecurityDescriptor: 0xE1007D38(15a8d38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;OICIIO;GX;;;WD)(A;OICIIO;GA;;;BA)(A;OICIIO;GA;;;SY)(A;OICIIO;GA;;;CO) FullPath: \?? OBJECT: 0xFCC82548(129f548) Type: 26 File Object Header: 0xFCC82530 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32 OBJECT: 0xFCC82370(129f370) Type: 3 SymbolicLink Object Header: 0xFCC82358 GrantedAccess: f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC82930 Name: KnownDllPath SecurityDescriptor: 0xE13D1E78(4450e78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCRC;;;RC)(A;;CCSDRCWDWO;;;BA) Target: C:\WINNT\system32 OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: f000f PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xE130FC60(1a38c60) Type: 18 Key Object Header: 0xE130FC48 GrantedAccess: 20006 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PERFLIB\ OBJECT: 0xFCD5FF10(137cf10) Type: 8 Event Object Header: 0xFCD5FEF8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCE00850 Name: UniqueSessionIdEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1CEF5A0(633d5a0) Type: 19 Port Object Header: 0xE1CEF588 GrantedAccess: 1f0001 PointerCount: 7 HandleCount: 1 Directory: 0xFCE00850 Name: DbgSsApiPort SecurityDescriptor: 0xE137A9D8(281b9d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD) Creator: 00000098.00000094 ClientThread: 0x00000000 ServerProcess: 0xFCD64D60 OBJECT: 0xE130E160(1a37160) Type: 18 Key Object Header: 0xE130E148 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CrashControl\ OBJECT: 0xE1D398A0(689e8a0) Type: 19 Port Object Header: 0xE1D39888 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCE00850 Name: DbgUiApiPort SecurityDescriptor: 0xE137A9D8(281b9d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD) Creator: 00000098.00000094 ClientThread: 0x00000000 ServerProcess: 0xFCD64D60 OBJECT: 0xFCD5C020(1379020) Type: 6 Thread Object Header: 0xFCD5C008 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000A8 ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCD5C380(1379380) Type: 6 Thread Object Header: 0xFCD5C368 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000A4 ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCD64D60(1381d60) Type: 5 Process Object Header: 0xFCD64D48 GrantedAccess: 20040 PointerCount: 12 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: smss.exe OBJECT: 0xE1D384D0(688d4d0) Type: 19 Port Object Header: 0xE1D384B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000098.000000A4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1400770(6604770) Type: 19 Port Object Header: 0xE1400758 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000098.00000094 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC62020(127f020) Type: 6 Thread Object Header: 0xFCC62008 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000098.000000AC ThreadsProcess: 0xFCD64D60 OBJECT: 0xFCC62F40(127ff40) Type: 8 Event Object Header: 0xFCC62F28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC62B00(127fb00) Type: 5 Process Object Header: 0xFCC62AE8 GrantedAccess: 1f0fff PointerCount: 141 HandleCount: 3 SecurityDescriptor: 0xE1D39478(689e478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x20c79;;;SY) ImageFileName: csrss.exe OBJECT: 0xFCC62B00(127fb00) Type: 5 Process Object Header: 0xFCC62AE8 GrantedAccess: 20040 PointerCount: 141 HandleCount: 3 SecurityDescriptor: 0xE1D39478(689e478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x20c79;;;SY) ImageFileName: csrss.exe OBJECT: 0xE1DC87F0(76627f0) Type: 19 Port Object Header: 0xE1DC87D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000098.00000094 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1DC6310(7600310) Type: 19 Port Object Header: 0xE1DC62F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000098.000000A4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC62B00(127fb00) Type: 5 Process Object Header: 0xFCC62AE8 GrantedAccess: 400 PointerCount: 141 HandleCount: 3 SecurityDescriptor: 0xE1D39478(689e478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x20c79;;;SY) ImageFileName: csrss.exe OBJECT: 0xE1DC88D0(76628d0) Type: 19 Port Object Header: 0xE1DC88B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000098.0000009C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1DC9030(75eb030) Type: 19 Port Object Header: 0xE1DC9018 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000098.0000009C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA36620(1053620) Type: 5 Process Object Header: 0xFCA36608 GrantedAccess: 1f0fff PointerCount: 217 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: winlogon.exe 4. TABLE: 0xFCC63CE8(1280ce8): Table: 0xE1D3C000 QuotaProcess: 0xFCC62B00 ProcessId: b4 HandleCount: 321 CapturedHandleCount: 322 TableLevel: 2 StrictFIFO: No OBJECT: 0xE130DBB0(1a30bb0) Type: 17 Section Object Header: 0xE130DB98 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1338388(1aa6388) BasedAddress: 0x2EBF1C30 SizeOfSegment: 0x4000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\csrss.exe OBJECT: 0xFCC62720(127f720) Type: 8 Event Object Header: 0xFCC62708 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC626E0(127f6e0) Type: 8 Event Object Header: 0xFCC626C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC626A0(127f6a0) Type: 8 Event Object Header: 0xFCC62688 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFCC62608(127f608) Type: 26 File Object Header: 0xFCC625F0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32 OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFCA36620(1053620) Type: 5 Process Object Header: 0xFCA36608 GrantedAccess: 1f0fff PointerCount: 217 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: winlogon.exe OBJECT: 0xE1321510(1a6d510) Type: 17 Section Object Header: 0xE13214F8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1D3B9E8(68b99e8) BasedAddress: 0x000000C0 SizeOfSegment: 0x100000 OBJECT: 0xFCC61FA0(127efa0) Type: 8 Event Object Header: 0xFCC61F88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC61B30(127eb30) Type: 2 Directory Object Header: 0xFCC61B18 GrantedAccess: f000f PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: Restricted SecurityDescriptor: 0xE1D409B8(69709b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;CCDCLCSWRC;;;RC) FullPath: \BaseNamedObjects\Restricted OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: f000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1f0001 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1D42040(695b040) Type: 17 Section Object Header: 0xE1D42028 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC616C0 Name: NlsSectionUnicode SecurityDescriptor: 0xE1D405F8(69705f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D3F0E8(692f0e8) BasedAddress: 0x2D7BD4D8 SizeOfSegment: 0x15df4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\unicode.nls OBJECT: 0xE1D40420(6970420) Type: 17 Section Object Header: 0xE1D40408 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC616C0 Name: NlsSectionLocale SecurityDescriptor: 0xE1D405F8(69705f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D40468(6970468) BasedAddress: 0x2DC314D8 SizeOfSegment: 0x2eeec SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\locale.nls OBJECT: 0xE1D40220(6970220) Type: 17 Section Object Header: 0xE1D40208 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC616C0 Name: NlsSectionCType SecurityDescriptor: 0xE1D405F8(69705f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D3F548(692f548) BasedAddress: 0x2DC21CC0 SizeOfSegment: 0x1b9e SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\ctype.nls OBJECT: 0xE1D41FC0(697ffc0) Type: 17 Section Object Header: 0xE1D41FA8 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC616C0 Name: NlsSectionSortkey SecurityDescriptor: 0xE1D405F8(69705f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D41008(697f008) BasedAddress: 0x2EC0ECC8 SizeOfSegment: 0x40004 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\sortkey.nls OBJECT: 0xE1D421C0(695b1c0) Type: 17 Section Object Header: 0xE1D421A8 GrantedAccess: 4 PointerCount: 2 HandleCount: 1 Directory: 0xFCC616C0 Name: NlsSectionSortTbls SecurityDescriptor: 0xE1D405F8(69705f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D40188(6970188) BasedAddress: 0x2EC10CC8 SizeOfSegment: 0x3580 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\sorttbls.nls OBJECT: 0xFCC60CC0(127dcc0) Type: 8 Event Object Header: 0xFCC60CA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC60C80(127dc80) Type: 8 Event Object Header: 0xFCC60C68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC60C40(127dc40) Type: 8 Event Object Header: 0xFCC60C28 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC60C00(127dc00) Type: 8 Event Object Header: 0xFCC60BE8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D4DD20(69d8d20) Type: 18 Key Object Header: 0xE1D4DD08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Intel\IgfxCfg\Display1\DISPLAY\ OBJECT: 0xE131F4A0(1a674a0) Type: 18 Key Object Header: 0xE131F488 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Intel\IgfxCfg\Display1\DISPLAY\ OBJECT: 0xE12B0DC0(19dbdc0) Type: 18 Key Object Header: 0xE12B0DA8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Intel\IgfxCfg\Display1\DISPLAY\ OBJECT: 0xE1D42D50(695bd50) Type: 19 Port Object Header: 0xE1D42D38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC5A500(1277500) Type: 6 Thread Object Header: 0xFCC5A4E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000B8 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCC5A480(1277480) Type: 8 Event Object Header: 0xFCC5A468 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC5A440(1277440) Type: 8 Event Object Header: 0xFCC5A428 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC5A400(1277400) Type: 8 Event Object Header: 0xFCC5A3E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC5A3C0(12773c0) Type: 8 Event Object Header: 0xFCC5A3A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC5A380(1277380) Type: 8 Event Object Header: 0xFCC5A368 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DC2D80(7573d80) Type: 19 Port Object Header: 0xE1DC2D68 GrantedAccess: 1f0001 PointerCount: 93 HandleCount: 1 Directory: 0xFCC90030 Name: ApiPort SecurityDescriptor: 0xE1DC1378(7552378) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD)(A;;0x1f0001;;;RC) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0xFCC62B00 OBJECT: 0xFCA37FC0(1054fc0) Type: 8 Event Object Header: 0xFCA37FA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D64740(756b740) Type: 18 Key Object Header: 0xE1D64728 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\ OBJECT: 0xE1DC8AB0(7662ab0) Type: 19 Port Object Header: 0xE1DC8A98 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA371A0(10541a0) Type: 6 Thread Object Header: 0xFCA37188 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000BC ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA36020(1053020) Type: 8 Event Object Header: 0xFCA36008 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA36CA0(1053ca0) Type: 6 Thread Object Header: 0xFCA36C88 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C0 ThreadsProcess: 0xFCC62B00 OBJECT: 0xE1DC89C0(76629c0) Type: 19 Port Object Header: 0xE1DC89A8 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCC90030 Name: SbApiPort SecurityDescriptor: 0xE131B438(1a3b438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0xFCC62B00 OBJECT: 0xFCA36960(1053960) Type: 6 Thread Object Header: 0xFCA36948 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C4 ThreadsProcess: 0xFCC62B00 OBJECT: 0xE1DC6210(7600210) Type: 19 Port Object Header: 0xE1DC61F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA363A0(10533a0) Type: 6 Thread Object Header: 0xFCA36388 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.0000008C ThreadsProcess: 0xFCA36620 OBJECT: 0xE1DCEE50(76b6e50) Type: 19 Port Object Header: 0xE1DCEE38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA33D60(1050d60) Type: 6 Thread Object Header: 0xFCA33D48 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.000000C8 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFCA33AA0(1050aa0) Type: 8 Event Object Header: 0xFCA33A88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2E8A0(104b8a0) Type: 8 Event Object Header: 0xFCA2E888 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2E120(104b120) Type: 8 Event Object Header: 0xFCA2E108 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2D8B0(104a8b0) Type: 8 Event Object Header: 0xFCA2D898 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 3 Directory: 0xFCC61C10 Name: WinSta0_DesktopSwitch SecurityDescriptor: 0xE132DF38(1a8af38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100000;;;WD) OBJECT: 0xFCA2D588(104a588) Type: 26 File Object Header: 0xFCA2D570 GrantedAccess: 100001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: 0000001c OBJECT: 0xFCA2DB48(104ab48) Type: 26 File Object Header: 0xFCA2DB30 GrantedAccess: 100001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: 0000001d OBJECT: 0xFF28E020(7b2d020) Type: 6 Thread Object Header: 0xFF28E008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000108 ThreadsProcess: 0xFCA36620 OBJECT: 0xFCA2C620(1049620) Type: 6 Thread Object Header: 0xFCA2C608 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000D8 ThreadsProcess: 0xFCA36620 OBJECT: 0xFCA2B020(1048020) Type: 6 Thread Object Header: 0xFCA2B008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000DC ThreadsProcess: 0xFCA36620 OBJECT: 0xFCA2BBC0(1048bc0) Type: 5 Process Object Header: 0xFCA2BBA8 GrantedAccess: 1f0fff PointerCount: 261 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xFF1D9020(1ee9020) Type: 6 Thread Object Header: 0xFF1D9008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000E0 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFCA2B560(1048560) Type: 6 Thread Object Header: 0xFCA2B548 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000E8 ThreadsProcess: 0xFCA36620 OBJECT: 0xFCA2A500(1047500) Type: 5 Process Object Header: 0xFCA2A4E8 GrantedAccess: 1f0fff PointerCount: 126 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xFF27B660(eb3660) Type: 6 Thread Object Header: 0xFF27B648 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000178 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xE1DD6E70(77f7e70) Type: 19 Port Object Header: 0xE1DD6E58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1DFC8F0(77f58f0) Type: 19 Port Object Header: 0xE1DFC8D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA27440(1044440) Type: 8 Event Object Header: 0xFCA27428 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25B80(1042b80) Type: 6 Thread Object Header: 0xFCA25B68 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000F8 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFCA25500(1042500) Type: 6 Thread Object Header: 0xFCA254E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000000FC ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF28F020(79f0020) Type: 6 Thread Object Header: 0xFF28F008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000100 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF28F620(79f0620) Type: 6 Thread Object Header: 0xFF28F608 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000104 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF28A1E0(fc41e0) Type: 6 Thread Object Header: 0xFF28A1C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000118 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF147320(2ce4320) Type: 6 Thread Object Header: 0xFF147308 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000003D8 ThreadsProcess: 0xFF277520 OBJECT: 0xFF28D020(ff6020) Type: 6 Thread Object Header: 0xFF28D008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000110 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF28DBA0(ff6ba0) Type: 6 Thread Object Header: 0xFF28DB88 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000114 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF12E3A0(6643a0) Type: 6 Thread Object Header: 0xFF12E388 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000144 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF288020(8ad020) Type: 6 Thread Object Header: 0xFF288008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000120 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFF1DA020(1f40020) Type: 6 Thread Object Header: 0xFF1DA008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000002D8.000003CC ThreadsProcess: 0xFF1906A0 OBJECT: 0xFF288600(8ad600) Type: 6 Thread Object Header: 0xFF2885E8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.0000012C ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF287AC0(945ac0) Type: 6 Thread Object Header: 0xFF287AA8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000134 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF286980(8aa980) Type: 6 Thread Object Header: 0xFF286968 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000138 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF285DA0(92eda0) Type: 6 Thread Object Header: 0xFF285D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000013C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF284DA0(a93da0) Type: 6 Thread Object Header: 0xFF284D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000140 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xE207DA50(3ee0a50) Type: 19 Port Object Header: 0xE207DA38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.0000020C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF148900(26c9900) Type: 6 Thread Object Header: 0xFF1488E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000148 ThreadsProcess: 0xFF277520 OBJECT: 0xFF284520(a93520) Type: 6 Thread Object Header: 0xFF284508 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000014C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF284260(a93260) Type: 6 Thread Object Header: 0xFF284248 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000150 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1CE3C0(27043c0) Type: 6 Thread Object Header: 0xFF1CE3A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.0000032C ThreadsProcess: 0xFCA36620 OBJECT: 0xFF282940(9de940) Type: 6 Thread Object Header: 0xFF282928 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000158 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27FDA0(a06da0) Type: 6 Thread Object Header: 0xFF27FD88 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000015C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2375E0(646c5e0) Type: 6 Thread Object Header: 0xFF2375C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000250 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1DA020(1f40020) Type: 6 Thread Object Header: 0xFF1DA008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000002D8.000003CC ThreadsProcess: 0xFF1906A0 OBJECT: 0xFF280D20(ae5d20) Type: 6 Thread Object Header: 0xFF280D08 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000168 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27F020(a06020) Type: 6 Thread Object Header: 0xFF27F008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000016C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27E020(aef020) Type: 6 Thread Object Header: 0xFF27E008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000170 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27EDA0(aefda0) Type: 6 Thread Object Header: 0xFF27ED88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000174 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27A460(cd9460) Type: 6 Thread Object Header: 0xFF27A448 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000017C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2797A0(d727a0) Type: 8 Event Object Header: 0xFF279788 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF234C40(28a2c40) Type: 6 Thread Object Header: 0xFF234C28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000258 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF278DA0(dfada0) Type: 6 Thread Object Header: 0xFF278D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000180 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2782E0(dfa2e0) Type: 6 Thread Object Header: 0xFF2782C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000184 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF278760(dfa760) Type: 6 Thread Object Header: 0xFF278748 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000188 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF12A8A0(49328a0) Type: 6 Thread Object Header: 0xFF12A888 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.0000018C ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF277520(dd0520) Type: 5 Process Object Header: 0xFF277508 GrantedAccess: 1f0fff PointerCount: 120 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF276020(dcd020) Type: 6 Thread Object Header: 0xFF276008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000190 ThreadsProcess: 0xFF277520 OBJECT: 0xE1E6F990(ce6990) Type: 19 Port Object Header: 0xE1E6F978 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF276A60(dcda60) Type: 6 Thread Object Header: 0xFF276A48 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000198 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2767A0(dcd7a0) Type: 6 Thread Object Header: 0xFF276788 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000019C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2757C0(dbd7c0) Type: 6 Thread Object Header: 0xFF2757A8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000001A0 ThreadsProcess: 0xFF277520 OBJECT: 0xFF273180(ec5180) Type: 6 Thread Object Header: 0xFF273168 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000001A4 ThreadsProcess: 0xFF277520 OBJECT: 0xFF26F020(f74020) Type: 6 Thread Object Header: 0xFF26F008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000001A8 ThreadsProcess: 0xFF277520 OBJECT: 0xFF2748A0(e3e8a0) Type: 5 Process Object Header: 0xFF274888 GrantedAccess: 1f0fff PointerCount: 48 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: spoolsv.exe OBJECT: 0xFF26ED80(f7ed80) Type: 6 Thread Object Header: 0xFF26ED68 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001AC ThreadsProcess: 0xFF2748A0 OBJECT: 0xE1E744D0(3d74d0) Type: 19 Port Object Header: 0xE1E744B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF26DC40(f2cc40) Type: 6 Thread Object Header: 0xFF26DC28 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001B4 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF26D4A0(f2c4a0) Type: 6 Thread Object Header: 0xFF26D488 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001B8 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF26CDA0(fadda0) Type: 6 Thread Object Header: 0xFF26CD88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001BC ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF151620(1e44620) Type: 6 Thread Object Header: 0xFF151608 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.0000043C ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF26C460(fad460) Type: 6 Thread Object Header: 0xFF26C448 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001C4 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF269BA0(2e5ba0) Type: 5 Process Object Header: 0xFF269B88 GrantedAccess: 1f0fff PointerCount: 21 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avsynmgr.exe OBJECT: 0xFF269860(2e5860) Type: 6 Thread Object Header: 0xFF269848 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.000001C8 ThreadsProcess: 0xFF269BA0 OBJECT: 0xE1E7CBD0(19b3bd0) Type: 19 Port Object Header: 0xE1E7CBB8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF267020(f86020) Type: 6 Thread Object Header: 0xFF267008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.000001D0 ThreadsProcess: 0xFF269BA0 OBJECT: 0xFF267D60(f86d60) Type: 5 Process Object Header: 0xFF267D48 GrantedAccess: 1f0fff PointerCount: 15 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: dfrws2005.exe OBJECT: 0xFF267600(f86600) Type: 6 Thread Object Header: 0xFF2675E8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D8.000001D4 ThreadsProcess: 0xFF267D60 OBJECT: 0xE1E7E150(2fa150) Type: 19 Port Object Header: 0xE1E7E138 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF25F3C0(1b163c0) Type: 6 Thread Object Header: 0xFF25F3A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D8.000001DC ThreadsProcess: 0xFF267D60 OBJECT: 0xE1E86A10(1a2fa10) Type: 19 Port Object Header: 0xE1E869F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF25E980(1d8980) Type: 6 Thread Object Header: 0xFF25E968 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001E4 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF277960(dd0960) Type: 5 Process Object Header: 0xFF277948 GrantedAccess: 1f0fff PointerCount: 122 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF25DB80(18ffb80) Type: 6 Thread Object Header: 0xFF25DB68 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000001E8 ThreadsProcess: 0xFF277960 OBJECT: 0xE1E829D0(1559d0) Type: 19 Port Object Header: 0xE1E829B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF19C020(381c020) Type: 5 Process Object Header: 0xFF19C008 GrantedAccess: 1f0fff PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd2k.exe OBJECT: 0xFF25A020(2272020) Type: 5 Process Object Header: 0xFF25A008 GrantedAccess: 1f0fff PointerCount: 68 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: nc.exe OBJECT: 0xFF25ADA0(2272da0) Type: 6 Thread Object Header: 0xFF25AD88 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001F8.000001F4 ThreadsProcess: 0xFF25A020 OBJECT: 0xFF259C40(26f8c40) Type: 6 Thread Object Header: 0xFF259C28 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000001FC ThreadsProcess: 0xFF277960 OBJECT: 0xFF255020(23a6020) Type: 6 Thread Object Header: 0xFF255008 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001F8.00000200 ThreadsProcess: 0xFF25A020 OBJECT: 0xFF1DB4A0(1dae4a0) Type: 6 Thread Object Header: 0xFF1DB488 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000124 ThreadsProcess: 0xFF277520 OBJECT: 0xFF233D60(6b8ad60) Type: 6 Thread Object Header: 0xFF233D48 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000298 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF2480C0(4b880c0) Type: 6 Thread Object Header: 0xFF2480A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000208 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF24F020(7ac020) Type: 6 Thread Object Header: 0xFF24F008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.0000020C ThreadsProcess: 0xFCC62B00 OBJECT: 0xFF217580(53ca580) Type: 6 Thread Object Header: 0xFF217568 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000210 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF250020(7c7020) Type: 6 Thread Object Header: 0xFF250008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000214 ThreadsProcess: 0xFF277960 OBJECT: 0xFF247760(4bc8760) Type: 6 Thread Object Header: 0xFF247748 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000218 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF228560(4f13560) Type: 6 Thread Object Header: 0xFF228548 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000021C ThreadsProcess: 0xFF277960 OBJECT: 0xFF2461E0(4be51e0) Type: 5 Process Object Header: 0xFF2461C8 GrantedAccess: 1f0fff PointerCount: 82 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: UMGR32.EXE OBJECT: 0xFF245020(4c75020) Type: 6 Thread Object Header: 0xFF245008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000224.00000220 ThreadsProcess: 0xFF2461E0 OBJECT: 0xFF2460E0(4be50e0) Type: 8 Event Object Header: 0xFF2460C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E9FB10(4bf1b10) Type: 19 Port Object Header: 0xE1E9FAF8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF2433E0(55b33e0) Type: 6 Thread Object Header: 0xFF2433C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000224.00000228 ThreadsProcess: 0xFF2461E0 OBJECT: 0xFF241020(54c1020) Type: 5 Process Object Header: 0xFF241008 GrantedAccess: 1f0fff PointerCount: 12 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: regsvc.exe OBJECT: 0xFF241DA0(54c1da0) Type: 6 Thread Object Header: 0xFF241D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000230.0000022C ThreadsProcess: 0xFF241020 OBJECT: 0xE1EA33F0(531a3f0) Type: 19 Port Object Header: 0xE1EA33D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF23ED60(560ad60) Type: 5 Process Object Header: 0xFF23ED48 GrantedAccess: 1f0fff PointerCount: 98 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: MSTask.exe OBJECT: 0xFF237C20(646cc20) Type: 6 Thread Object Header: 0xFF237C08 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000238 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF247020(4bc8020) Type: 6 Thread Object Header: 0xFF247008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000230.0000023C ThreadsProcess: 0xFF241020 OBJECT: 0xFF23D020(56b1020) Type: 6 Thread Object Header: 0xFF23D008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000234 ThreadsProcess: 0xFF23ED60 OBJECT: 0xE1EAAB10(7896b10) Type: 19 Port Object Header: 0xE1EAAAF8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1CB020(2d34020) Type: 5 Process Object Header: 0xFF1CB008 GrantedAccess: 1f0fff PointerCount: 89 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: helix.exe OBJECT: 0xFF2398C0(65e28c0) Type: 6 Thread Object Header: 0xFF2398A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.00000248 ThreadsProcess: 0xFF269BA0 OBJECT: 0xFF238AC0(64a8ac0) Type: 6 Thread Object Header: 0xFF238AA8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.0000024C ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF23E640(560a640) Type: 6 Thread Object Header: 0xFF23E628 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000254 ThreadsProcess: 0xFF277960 OBJECT: 0xFF232540(6c11540) Type: 6 Thread Object Header: 0xFF232528 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000025C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF232A60(6c11a60) Type: 6 Thread Object Header: 0xFF232A48 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000260 ThreadsProcess: 0xFF277960 OBJECT: 0xFF232200(6c11200) Type: 6 Thread Object Header: 0xFF2321E8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000224.00000264 ThreadsProcess: 0xFF2461E0 OBJECT: 0xFF2307C0(7da7c0) Type: 6 Thread Object Header: 0xFF2307A8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000268 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF22CCA0(b6eca0) Type: 6 Thread Object Header: 0xFF22CC88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.0000026C ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF22C220(b6e220) Type: 6 Thread Object Header: 0xFF22C208 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000270 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF22ADA0(4f61da0) Type: 6 Thread Object Header: 0xFF22AD88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000274 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF12E8A0(6648a0) Type: 6 Thread Object Header: 0xFF12E888 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000244 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF161BC0(57f2bc0) Type: 6 Thread Object Header: 0xFF161BA8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000280 ThreadsProcess: 0xFF277520 OBJECT: 0xFF226C80(778c80) Type: 5 Process Object Header: 0xFF226C68 GrantedAccess: 1f0fff PointerCount: 22 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: VsStat.exe OBJECT: 0xFF2269C0(7789c0) Type: 6 Thread Object Header: 0xFF2269A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000028C.00000288 ThreadsProcess: 0xFF226C80 OBJECT: 0xE1ED1D50(6484d50) Type: 19 Port Object Header: 0xE1ED1D38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.0000020C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF24D420(766420) Type: 6 Thread Object Header: 0xFF24D408 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000290 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF21D900(6623900) Type: 6 Thread Object Header: 0xFF21D8E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000002A0 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF1ED9E0(48ca9e0) Type: 6 Thread Object Header: 0xFF1ED9C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000041C.000003A4 ThreadsProcess: 0xFF19C020 OBJECT: 0xFF21B020(4ec9020) Type: 6 Thread Object Header: 0xFF21B008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002A8 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF228020(4f13020) Type: 6 Thread Object Header: 0xFF228008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002AC ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF219800(4571800) Type: 6 Thread Object Header: 0xFF2197E8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002B0 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFF2194E0(45714e0) Type: 6 Thread Object Header: 0xFF2194C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000028C.000002B8 ThreadsProcess: 0xFF226C80 OBJECT: 0xFF1AC4E0(33384e0) Type: 6 Thread Object Header: 0xFF1AC4C8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.000002BC ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF20D520(477e520) Type: 5 Process Object Header: 0xFF20D508 GrantedAccess: 1f0fff PointerCount: 18 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avconsol.exe OBJECT: 0xFF20C020(4ece020) Type: 6 Thread Object Header: 0xFF20C008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002C4.000002C0 ThreadsProcess: 0xFF20D520 OBJECT: 0xE1E8B8F0(280b8f0) Type: 19 Port Object Header: 0xE1E8B8D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.0000020C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF134020(58c7020) Type: 6 Thread Object Header: 0xFF134008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.000002C8 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF1FD720(4859720) Type: 5 Process Object Header: 0xFF1FD708 GrantedAccess: 1f0fff PointerCount: 54 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: WinMgmt.exe OBJECT: 0xFF1FC020(198a020) Type: 6 Thread Object Header: 0xFF1FC008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002D0.000002CC ThreadsProcess: 0xFF1FD720 OBJECT: 0xE1E899B0(1b249b0) Type: 19 Port Object Header: 0xE1E89998 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1376C0(3f2a6c0) Type: 6 Thread Object Header: 0xFF1376A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000003EC ThreadsProcess: 0xFF277960 OBJECT: 0xFF192DA0(3992da0) Type: 6 Thread Object Header: 0xFF192D88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000278 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1EC8A0(4eb98a0) Type: 6 Thread Object Header: 0xFF1EC888 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002D0.000002E8 ThreadsProcess: 0xFF1FD720 OBJECT: 0xFF1FD020(4859020) Type: 6 Thread Object Header: 0xFF1FD008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002EC ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF225FE0(478bfe0) Type: 8 Event Object Header: 0xFF225FC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E8560(1c6e560) Type: 6 Thread Object Header: 0xFF1E8548 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002F4 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1E33E0(4a4a3e0) Type: 6 Thread Object Header: 0xFF1E33C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002F8 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1DC980(1da7980) Type: 6 Thread Object Header: 0xFF1DC968 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002FC ThreadsProcess: 0xFCA36620 OBJECT: 0xFF111020(35d6020) Type: 6 Thread Object Header: 0xFF111008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.000004EC ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF1AF180(30bd180) Type: 6 Thread Object Header: 0xFF1AF168 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000304 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1DB860(1dae860) Type: 6 Thread Object Header: 0xFF1DB848 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000164 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1D5660(2220660) Type: 6 Thread Object Header: 0xFF1D5648 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002C4.0000030C ThreadsProcess: 0xFF20D520 OBJECT: 0xFF211020(4c85020) Type: 6 Thread Object Header: 0xFF211008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.00000308 ThreadsProcess: 0xFF269BA0 OBJECT: 0xFF1D52C0(22202c0) Type: 6 Thread Object Header: 0xFF1D52A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000310 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1EF360(4c48360) Type: 6 Thread Object Header: 0xFF1EF348 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000314 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1D3740(2317740) Type: 6 Thread Object Header: 0xFF1D3728 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000318 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1D0620(22ff620) Type: 6 Thread Object Header: 0xFF1D0608 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000000B0.00000320 ThreadsProcess: 0xFCA36620 OBJECT: 0xE1343200(1acb200) Type: 18 Key Object Header: 0xE13431E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\Control Panel\International\ OBJECT: 0xE12D7FE0(1952fe0) Type: 18 Key Object Header: 0xE12D7FC8 GrantedAccess: 20006 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\Control Panel\International\ OBJECT: 0xFF1D08A0(22ff8a0) Type: 6 Thread Object Header: 0xFF1D0888 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.0000031C ThreadsProcess: 0xFCA36620 OBJECT: 0xFF18C4A0(3a594a0) Type: 6 Thread Object Header: 0xFF18C488 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002D0.00000154 ThreadsProcess: 0xFF1FD720 OBJECT: 0xFF1CF020(22fe020) Type: 6 Thread Object Header: 0xFF1CF008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000324 ThreadsProcess: 0xFF277960 OBJECT: 0xFF1F0E00(487ee00) Type: 8 Event Object Header: 0xFF1F0DE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1392E0(1bc62e0) Type: 6 Thread Object Header: 0xFF1392C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000034C ThreadsProcess: 0xFF277960 OBJECT: 0xFF147B40(2ce4b40) Type: 6 Thread Object Header: 0xFF147B28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.00000488 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF1F0BC0(487ebc0) Type: 8 Event Object Header: 0xFF1F0BA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CE840(2704840) Type: 6 Thread Object Header: 0xFF1CE828 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000338 ThreadsProcess: 0xFF277960 OBJECT: 0xFF1CD020(4703020) Type: 6 Thread Object Header: 0xFF1CD008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000033C ThreadsProcess: 0xFF277960 OBJECT: 0xFF13A800(38ad800) Type: 6 Thread Object Header: 0xFF13A7E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000464 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF1CDA00(4703a00) Type: 5 Process Object Header: 0xFF1CD9E8 GrantedAccess: 1f0fff PointerCount: 152 HandleCount: 5 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Explorer.Exe OBJECT: 0xFF1CD780(4703780) Type: 6 Thread Object Header: 0xFF1CD768 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000344 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xE138B130(28d5130) Type: 19 Port Object Header: 0xE138B118 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1518A0(1e448a0) Type: 6 Thread Object Header: 0xFF151888 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.00000460 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF1898A0(3a7d8a0) Type: 6 Thread Object Header: 0xFF189888 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000398.00000350 ThreadsProcess: 0xFF1A12E0 OBJECT: 0xFF1B2160(2d3d160) Type: 6 Thread Object Header: 0xFF1B2148 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000358 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1B16A0(2ff56a0) Type: 6 Thread Object Header: 0xFF1B1688 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.0000035C ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1AB660(3354660) Type: 6 Thread Object Header: 0xFF1AB648 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000360 ThreadsProcess: 0xFF277960 OBJECT: 0xFF1ED6E0(48ca6e0) Type: 6 Thread Object Header: 0xFF1ED6C8 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002B4 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1A8020(3492020) Type: 6 Thread Object Header: 0xFF1A8008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000368 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF131640(917640) Type: 6 Thread Object Header: 0xFF131628 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.0000036C ThreadsProcess: 0xFF1CDA00 OBJECT: 0xE1FF4870(40b4870) Type: 19 Port Object Header: 0xE1FF4858 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xE1E36750(7a38750) Type: 19 Port Object Header: 0xE1E36738 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF18ADA0(3a7eda0) Type: 6 Thread Object Header: 0xFF18AD88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000354 ThreadsProcess: 0xFF277520 OBJECT: 0xFF1A4860(3588860) Type: 6 Thread Object Header: 0xFF1A4848 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000037C.00000380 ThreadsProcess: 0xFF19CD60 OBJECT: 0xFF1A2900(364e900) Type: 6 Thread Object Header: 0xFF1A28E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000384 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1A2140(364e140) Type: 6 Thread Object Header: 0xFF1A2128 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000388 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF19CD60(381cd60) Type: 5 Process Object Header: 0xFF19CD48 GrantedAccess: 1f0fff PointerCount: 17 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: DragDrop.exe OBJECT: 0xFF1A0740(37c0740) Type: 6 Thread Object Header: 0xFF1A0728 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.0000038C ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1A04C0(37c04c0) Type: 6 Thread Object Header: 0xFF1A04A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000390 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1A12E0(36ee2e0) Type: 5 Process Object Header: 0xFF1A12C8 GrantedAccess: 1f0fff PointerCount: 38 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Apoint.exe OBJECT: 0xFF19F020(37d0020) Type: 6 Thread Object Header: 0xFF19F008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000398.00000394 ThreadsProcess: 0xFF1A12E0 OBJECT: 0xFF19F3E0(37d03e0) Type: 6 Thread Object Header: 0xFF19F3C8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000039C ThreadsProcess: 0xFF277960 OBJECT: 0xE1D642D0(756b2d0) Type: 19 Port Object Header: 0xE1D642B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.0000020C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF19B4C0(384a4c0) Type: 6 Thread Object Header: 0xFF19B4A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000003A0 ThreadsProcess: 0xFF277960 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFF151B40(1e44b40) Type: 5 Process Object Header: 0xFF151B28 GrantedAccess: 1f0fff PointerCount: 10 HandleCount: 3 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: dd.exe OBJECT: 0xFCDBE740(13db740) Type: 8 Event Object Header: 0xFCDBE728 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF189C60(3a7dc60) Type: 6 Thread Object Header: 0xFF189C48 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.000003B4 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1952C0(38eb2c0) Type: 5 Process Object Header: 0xFF1952A8 GrantedAccess: 1f0fff PointerCount: 13 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: HKserv.exe OBJECT: 0xFF194020(38cf020) Type: 6 Thread Object Header: 0xFF194008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003BC.000003B8 ThreadsProcess: 0xFF1952C0 OBJECT: 0xFF194840(38cf840) Type: 6 Thread Object Header: 0xFF194828 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000003C0 ThreadsProcess: 0xFF277960 OBJECT: 0xE2054DB0(3a28db0) Type: 19 Port Object Header: 0xE2054D98 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.0000020C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF192780(3992780) Type: 5 Process Object Header: 0xFF192768 GrantedAccess: 1f0fff PointerCount: 58 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: JogServ2.exe OBJECT: 0xFF18D880(3a3f880) Type: 6 Thread Object Header: 0xFF18D868 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C8.000003C4 ThreadsProcess: 0xFF192780 OBJECT: 0xFF1906A0(3a076a0) Type: 5 Process Object Header: 0xFF190688 GrantedAccess: 1f0fff PointerCount: 7 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: cmd2k.exe OBJECT: 0xFF1A5960(3524960) Type: 6 Thread Object Header: 0xFF1A5948 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.000003D0 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1A2D20(364ed20) Type: 8 Event Object Header: 0xFF1A2D08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF131380(917380) Type: 6 Thread Object Header: 0xFF131368 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000004E4 ThreadsProcess: 0xFF277960 OBJECT: 0xFF188020(3c42020) Type: 5 Process Object Header: 0xFF188008 GrantedAccess: 1f0fff PointerCount: 10 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: alogserv.exe OBJECT: 0xFF188DA0(3c42da0) Type: 6 Thread Object Header: 0xFF188D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003E0.000003DC ThreadsProcess: 0xFF188020 OBJECT: 0xE201E270(3e0e270) Type: 19 Port Object Header: 0xE201E258 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.0000020C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF159520(4882520) Type: 6 Thread Object Header: 0xFF159508 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C8.00000400 ThreadsProcess: 0xFF192780 OBJECT: 0xFF174800(5a45800) Object Header: 0xFF1747E8 GrantedAccess: 1f03ff PointerCount: 0 HandleCount: 0 OBJECT: 0xE1ED33B0(78d3b0) Type: 19 Port Object Header: 0xE1ED3398 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1FFEC50(3da1c50) Type: 19 Port Object Header: 0xE1FFEC38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF185020(3e21020) Type: 6 Thread Object Header: 0xFF185008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003FC.000003E8 ThreadsProcess: 0xFF1827E0 OBJECT: 0xFF184100(3e2f100) Type: 5 Process Object Header: 0xFF1840E8 GrantedAccess: 1f0fff PointerCount: 100 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: tgcmd.exe OBJECT: 0xFF183020(3ec4020) Type: 6 Thread Object Header: 0xFF183008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.000003F0 ThreadsProcess: 0xFF184100 OBJECT: 0xFF1827E0(3f5b7e0) Type: 5 Process Object Header: 0xFF1827C8 GrantedAccess: 1f0fff PointerCount: 12 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Apntex.exe OBJECT: 0xFF1824E0(3f5b4e0) Type: 6 Thread Object Header: 0xFF1824C8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003FC.000003F8 ThreadsProcess: 0xFF1827E0 OBJECT: 0xFF2087A0(6b927a0) Type: 6 Thread Object Header: 0xFF208788 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000004D4 ThreadsProcess: 0xFF277960 OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFF181AC0(4060ac0) Type: 8 Event Object Header: 0xFF181AA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF181A80(4060a80) Type: 8 Event Object Header: 0xFF181A68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF181B08(4060b08) Type: 26 File Object Header: 0xFF181AF0 GrantedAccess: 120089 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\ega.cpi OBJECT: 0xFF1824E0(3f5b4e0) Type: 6 Thread Object Header: 0xFF1824C8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003FC.000003F8 ThreadsProcess: 0xFF1827E0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFF1817C0(40607c0) Type: 6 Thread Object Header: 0xFF1817A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B4.00000404 ThreadsProcess: 0xFCC62B00 OBJECT: 0xFF181740(4060740) Type: 8 Event Object Header: 0xFF181728 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF180BE0(98dbe0) Type: 6 Thread Object Header: 0xFF180BC8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003E0.00000408 ThreadsProcess: 0xFF188020 OBJECT: 0xFF17FDE0(406cde0) Type: 8 Event Object Header: 0xFF17FDC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17FDA0(406cda0) Type: 8 Event Object Header: 0xFF17FD88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17FD60(406cd60) Type: 8 Event Object Header: 0xFF17FD48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF17FD20(406cd20) Type: 8 Event Object Header: 0xFF17FD08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17FCE0(406cce0) Type: 8 Event Object Header: 0xFF17FCC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15FC60(54efc60) Type: 6 Thread Object Header: 0xFF15FC48 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.000003E4 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF162DE0(51d3de0) Type: 8 Event Object Header: 0xFF162DC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 3 SecurityDescriptor: (null) OBJECT: 0xE2044690(4211690) Type: 19 Port Object Header: 0xE2044678 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF138020(1de6020) Type: 6 Thread Object Header: 0xFF138008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000040C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF17AA40(43d4a40) Type: 6 Thread Object Header: 0xFF17AA28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003BC.00000410 ThreadsProcess: 0xFF1952C0 OBJECT: 0xFF13E020(2160020) Type: 6 Thread Object Header: 0xFF13E008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000418 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1F0F00(487ef00) Type: 8 Event Object Header: 0xFF1F0EE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF1738A0(25c58a0) Type: 6 Thread Object Header: 0xFF173888 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000420 ThreadsProcess: 0xFF184100 OBJECT: 0xFF1ED9E0(48ca9e0) Type: 6 Thread Object Header: 0xFF1ED9C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000041C.000003A4 ThreadsProcess: 0xFF19C020 OBJECT: 0xE2047F50(433af50) Type: 19 Port Object Header: 0xE2047F38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.0000020C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF177AC0(5901ac0) Type: 5 Process Object Header: 0xFF177AA8 GrantedAccess: 1f0fff PointerCount: 61 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: PcfMgr.exe OBJECT: 0xFF177740(5901740) Type: 6 Thread Object Header: 0xFF177728 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000424 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF149BA0(54caba0) Type: 6 Thread Object Header: 0xFF149B88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003BC.00000478 ThreadsProcess: 0xFF1952C0 OBJECT: 0xFF16FC20(4591c20) Type: 6 Thread Object Header: 0xFF16FC08 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000042C ThreadsProcess: 0xFF184100 OBJECT: 0xFF16F960(4591960) Type: 6 Thread Object Header: 0xFF16F948 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000430 ThreadsProcess: 0xFF184100 OBJECT: 0xFF16F6A0(45916a0) Type: 6 Thread Object Header: 0xFF16F688 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000434 ThreadsProcess: 0xFF184100 OBJECT: 0xFF16F320(4591320) Type: 6 Thread Object Header: 0xFF16F308 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000438 ThreadsProcess: 0xFF184100 OBJECT: 0xFF12E620(664620) Type: 6 Thread Object Header: 0xFF12E608 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.0000027C ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF1F0F40(487ef40) Type: 8 Event Object Header: 0xFF1F0F28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16A160(51c8160) Type: 6 Thread Object Header: 0xFF16A148 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000444 ThreadsProcess: 0xFF184100 OBJECT: 0xFF139B20(1bc6b20) Type: 6 Thread Object Header: 0xFF139B08 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000004A8 ThreadsProcess: 0xFF277960 OBJECT: 0xFF148020(26c9020) Type: 6 Thread Object Header: 0xFF148008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.0000044C ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF148DA0(26c9da0) Type: 6 Thread Object Header: 0xFF148D88 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.0000047C ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF14D020(1fdf020) Type: 6 Thread Object Header: 0xFF14D008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000454 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF140AA0(3442aa0) Type: 6 Thread Object Header: 0xFF140A88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000049C ThreadsProcess: 0xFF277960 OBJECT: 0xFF13F020(2061020) Type: 6 Thread Object Header: 0xFF13F008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000490 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF145560(27a2560) Type: 6 Thread Object Header: 0xFF145548 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.0000045C ThreadsProcess: 0xFF1CDA00 OBJECT: 0xE1FF9A30(3ce9a30) Type: 19 Port Object Header: 0xE1FF9A18 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000BC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCC86560(12a3560) Type: 8 Event Object Header: 0xFCC86548 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EEDA10(7a67a10) Type: 19 Port Object Header: 0xE1EED9F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B4.000000C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF142020(422c020) Type: 6 Thread Object Header: 0xFF142008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000340 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF133DA0(6673da0) Type: 6 Thread Object Header: 0xFF133D88 GrantedAccess: 1f03ff PointerCount: 3 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.000002E0 ThreadsProcess: 0xFF184100 OBJECT: 0xFF22A020(4f61020) Type: 6 Thread Object Header: 0xFF22A008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000004A4.000003AC ThreadsProcess: 0xFF151B40 OBJECT: 0xFF139020(1bc6020) Type: 6 Thread Object Header: 0xFF139008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C8.000004CC ThreadsProcess: 0xFF192780 OBJECT: 0xFCC60980(127d980) Type: 8 Event Object Header: 0xFCC60968 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF111DA0(35d6da0) Type: 6 Thread Object Header: 0xFF111D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000300 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF111B20(35d6b20) Type: 6 Thread Object Header: 0xFF111B08 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.000004F0 ThreadsProcess: 0xFF1CB020 5. TABLE: 0xFCC61008(127e008): Table: 0xE1DCA000 QuotaProcess: 0xFCA36620 ProcessId: b0 HandleCount: 352 CapturedHandleCount: 352 TableLevel: 2 StrictFIFO: No OBJECT: 0xE132DFD0(1a8afd0) Type: 17 Section Object Header: 0xE132DFB8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1DC9C48(75ebc48) BasedAddress: 0x2E9DAC20 SizeOfSegment: 0x2d000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\winlogon.exe OBJECT: 0xFCC84400(12a1400) Type: 8 Event Object Header: 0xFCC843E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC843C0(12a13c0) Type: 8 Event Object Header: 0xFCC843A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC84380(12a1380) Type: 8 Event Object Header: 0xFCC84368 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFCA33FE0(1050fe0) Type: 8 Event Object Header: 0xFCA33FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DCDF50(7675f50) Type: 19 Port Object Header: 0xE1DCDF38 GrantedAccess: 1f0001 PointerCount: 18 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B0.0000008C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFCA33B20(1050b20) Type: 8 Event Object Header: 0xFCA33B08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DCDE60(7675e60) Type: 18 Key Object Header: 0xE1DCDE48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFCA339C0(10509c0) Type: 8 Event Object Header: 0xFCA339A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFCA33910(1050910) Type: 8 Event Object Header: 0xFCA338F8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC61C10 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFCA331A0(10501a0) Type: 8 Event Object Header: 0xFCA33188 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA33100(1050100) Type: 8 Event Object Header: 0xFCA330E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2CFF0(1049ff0) Type: 8 Event Object Header: 0xFCA2CFD8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCDFD730 Name: NetworkProviderLoad SecurityDescriptor: 0xE133C2D8(1aac2d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;BA) OBJECT: 0xFCA2D7B8(104a7b8) Type: 16 Desktop Object Header: 0xFCA2D7A0 GrantedAccess: f01ff PointerCount: 35 HandleCount: 1 Directory: 0x00000000 Name: Winlogon OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA2C8A0(10498a0) Type: 13 Timer Object Header: 0xFCA2C888 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D42B00(695bb00) Type: 18 Key Object Header: 0xE1D42AE8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Winlogon\Notify\crypt32chain\ OBJECT: 0xE13373C0(1aa53c0) Type: 18 Key Object Header: 0xE13373A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Winlogon\Notify\cryptnet\ OBJECT: 0xE1EBDE10(a10e10) Type: 4 Token Object Header: 0xE1EBDDF8 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,cd57} ParentToken ID: {0,0} Modified ID: {0,7268} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege Enabled 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled OBJECT: 0xE1345660(1ad6660) Type: 18 Key Object Header: 0xE1345648 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Winlogon\Notify\sclgntfy\ OBJECT: 0xFF1D6EB0(202eeb0) Type: 13 Timer Object Header: 0xFF1D6E98 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: userenv: refresh timer for 176:784 SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1333020(1a95020) Type: 18 Key Object Header: 0xE1333008 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\ OBJECT: 0xE1ECB550(1959550) Type: 4 Token Object Header: 0xE1ECB538 GrantedAccess: f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,d46f} ParentToken ID: {0,0} Modified ID: {0,cf31} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege OBJECT: 0xFCA2C620(1049620) Type: 6 Thread Object Header: 0xFCA2C608 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000D8 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF28F3A0(79f03a0) Type: 8 Event Object Header: 0xFF28F388 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2C4E0(10494e0) Type: 8 Event Object Header: 0xFCA2C4C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2C4A0(10494a0) Type: 8 Event Object Header: 0xFCA2C488 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2C460(1049460) Type: 8 Event Object Header: 0xFCA2C448 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2C020(1049020) Type: 25 IoCompletion Object Header: 0xFCA2C008 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 2 Waiting Thread: 0xFCA2B020 Process: 0xFCA36620 APCProcess: 0xFCA36620 OBJECT: 0xFCA2C020(1049020) Type: 25 IoCompletion Object Header: 0xFCA2C008 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 2 Waiting Thread: 0xFCA2B020 Process: 0xFCA36620 APCProcess: 0xFCA36620 OBJECT: 0xFCA2D2C8(104a2c8) Type: 26 File Object Header: 0xFCA2D2B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\InitShutdown OBJECT: 0xFCA2C328(1049328) Type: 26 File Object Header: 0xFCA2C310 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\InitShutdown OBJECT: 0xFCA2C280(1049280) Type: 8 Event Object Header: 0xFCA2C268 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2B020(1048020) Type: 6 Thread Object Header: 0xFCA2B008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000DC ThreadsProcess: 0xFCA36620 OBJECT: 0xFCDA3808(13c0808) Type: 26 File Object Header: 0xFCDA37F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\winlogonrpc OBJECT: 0xFCA2BBC0(1048bc0) Type: 5 Process Object Header: 0xFCA2BBA8 GrantedAccess: 1f0fff PointerCount: 261 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xFCA2A500(1047500) Type: 5 Process Object Header: 0xFCA2A4E8 GrantedAccess: 1f0fff PointerCount: 126 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xFF28EAA0(7b2daa0) Type: 8 Event Object Header: 0xFF28EA88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2B560(1048560) Type: 6 Thread Object Header: 0xFCA2B548 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000000E8 ThreadsProcess: 0xFCA36620 OBJECT: 0xFCA2B420(1048420) Type: 13 Timer Object Header: 0xFCA2B408 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12C0A60(18f3a60) Type: 18 Key Object Header: 0xE12C0A48 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Winlogon\ OBJECT: 0xE12C1D40(18f7d40) Type: 18 Key Object Header: 0xE12C1D28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF28D4E0(ff64e0) Type: 8 Event Object Header: 0xFF28D4C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12D7740(1952740) Type: 18 Key Object Header: 0xE12D7728 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE13440C0(1acc0c0) Type: 18 Key Object Header: 0xE13440A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE133B020(1aab020) Type: 18 Key Object Header: 0xE133B008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF28F3E0(79f03e0) Type: 8 Event Object Header: 0xFF28F3C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28BC40(7c84c40) Type: 10 Mutant Object Header: 0xFF28BC28 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28BC00(7c84c00) Type: 10 Mutant Object Header: 0xFF28BBE8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1327AE0(1a79ae0) Type: 18 Key Object Header: 0xE1327AC8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Winlogon\ OBJECT: 0xE1E4CBD0(908bd0) Type: 19 Port Object Header: 0xE1E4CBB8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B0.0000008C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1384860(288a860) Type: 18 Key Object Header: 0xE1384848 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFF28ABE0(fc4be0) Type: 8 Event Object Header: 0xFF28ABC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E7E0(dc57e0) Type: 8 Event Object Header: 0xFF22E7C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28A1E0(fc41e0) Type: 6 Thread Object Header: 0xFF28A1C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000118 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF289280(85e280) Type: 10 Mutant Object Header: 0xFF289268 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF289360(85e360) Type: 8 Event Object Header: 0xFF289348 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF289240(85e240) Type: 8 Event Object Header: 0xFF289228 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF289200(85e200) Type: 10 Mutant Object Header: 0xFF2891E8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2889E0(8ad9e0) Type: 8 Event Object Header: 0xFF2889C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA363A0(10533a0) Type: 6 Thread Object Header: 0xFCA36388 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.0000008C ThreadsProcess: 0xFCA36620 OBJECT: 0xFF287FE0(945fe0) Type: 8 Event Object Header: 0xFF287FC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: 8b PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFF1D1780(22db780) Type: 8 Event Object Header: 0xFF1D1768 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2802B0(ae52b0) Type: 8 Event Object Header: 0xFF280298 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: AgentExistsEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF286460(8aa460) Type: 8 Event Object Header: 0xFF286448 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28A1E0(fc41e0) Type: 6 Thread Object Header: 0xFF28A1C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000118 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF283FE0(a77fe0) Type: 8 Event Object Header: 0xFF283FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23A4B0(64004b0) Type: 8 Event Object Header: 0xFF23A498 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: AgentToWkssvcEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF28E020(7b2d020) Type: 6 Thread Object Header: 0xFF28E008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000108 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF28D4A0(ff64a0) Type: 8 Event Object Header: 0xFF28D488 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28D408(ff6408) Type: 26 File Object Header: 0xFF28D3F0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF1EF360(4c48360) Type: 6 Thread Object Header: 0xFF1EF348 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000314 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF25FFC0(1b16fc0) Type: 8 Event Object Header: 0xFF25FFA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25FF30(1b16f30) Type: 8 Event Object Header: 0xFF25FF18 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: GuardEventmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D3DEB8(6947eb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xFF256B48(2904b48) Type: 26 File Object Header: 0xFF256B30 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF2564D0(29044d0) Type: 10 Mutant Object Header: 0xFF2564B8 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: GuardMutexmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D3DE38(6947e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x100000;;;WD) OBJECT: 0xFF256AF0(2904af0) Type: 12 Semaphore Object Header: 0xFF256AD8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: GuardSemmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D3DEB8(6947eb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xE1D3DAC0(6947ac0) Type: 17 Section Object Header: 0xE1D3DAA8 GrantedAccess: f0007 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: mmGlobalPnpInfo SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E8C208(6a9208) BasedAddress: 0x00000080 SizeOfSegment: 0x40000 OBJECT: 0xFF24D420(766420) Type: 6 Thread Object Header: 0xFF24D408 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000290 ThreadsProcess: 0xFCA36620 OBJECT: 0xFCA2D8B0(104a8b0) Type: 8 Event Object Header: 0xFCA2D898 GrantedAccess: 100000 PointerCount: 6 HandleCount: 3 Directory: 0xFCC61C10 Name: WinSta0_DesktopSwitch SecurityDescriptor: 0xE132DF38(1a8af38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100000;;;WD) OBJECT: 0xFF24D7E0(7667e0) Type: 25 IoCompletion Object Header: 0xFF24D7C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Waiting Thread: 0xFF24D420 Process: 0xFCA36620 APCProcess: 0xFCA36620 OBJECT: 0xFF24A610(3bd610) Type: 8 Event Object Header: 0xFF24A5F8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: WFP_IDLE_TRIGGER SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF24F720(7ac720) Type: 8 Event Object Header: 0xFF24F708 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF253FE0(651fe0) Type: 8 Event Object Header: 0xFF253FC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF251080(4793080) Type: 10 Mutant Object Header: 0xFF251068 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2510C0(47930c0) Type: 8 Event Object Header: 0xFF2510A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF225808(478b808) Type: 26 File Object Header: 0xFF2257F0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000001\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFF233240(6b8a240) Type: 8 Event Object Header: 0xFF233228 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE136B660(25a3660) Type: 17 Section Object Header: 0xE136B648 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: WDMAUD_Device_Interface_Path SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE12E2128(1977128) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF233530(6b8a530) Type: 8 Event Object Header: 0xFF233518 GrantedAccess: 1f0003 PointerCount: 9 HandleCount: 4 Directory: 0xFCC61C10 Name: mixercallback SecurityDescriptor: 0xE1E59F78(9eef78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xFF225190(478b190) Type: 10 Mutant Object Header: 0xFF225178 GrantedAccess: 1f0001 PointerCount: 9 HandleCount: 8 Directory: 0xFCC61C10 Name: mxrapi SecurityDescriptor: 0xE12A58D8(18c88d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xFF24A640(3bd640) Type: 8 Event Object Header: 0xFF24A628 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF250580(7c7580) Type: 8 Event Object Header: 0xFF250568 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24A220(3bd220) Type: 8 Event Object Header: 0xFF24A208 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24A528(3bd528) Type: 26 File Object Header: 0xFF24A510 GrantedAccess: 160001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\dllcache OBJECT: 0xFF2490C0(468f0c0) Type: 8 Event Object Header: 0xFF2490A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28A470(fc4470) Type: 8 Event Object Header: 0xFF28A458 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 4 Directory: 0xFCC61C10 Name: crypt32LogoffEvent SecurityDescriptor: 0xE1E48458(7c38458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100000;;;WD) OBJECT: 0xFF248020(4b88020) Type: 8 Event Object Header: 0xFF248008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF248DC0(4b88dc0) Type: 10 Mutant Object Header: 0xFF248DA8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF248D80(4b88d80) Type: 8 Event Object Header: 0xFF248D68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF248D40(4b88d40) Type: 10 Mutant Object Header: 0xFF248D28 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF248D00(4b88d00) Type: 8 Event Object Header: 0xFF248CE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF248CC0(4b88cc0) Type: 8 Event Object Header: 0xFF248CA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23D708(56b1708) Type: 26 File Object Header: 0xFF23D6F0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF2839F0(a779f0) Type: 8 Event Object Header: 0xFF2839D8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 1 Directory: 0xFCC61C10 Name: jjCSCSharedEvent_UM_KM SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1DC9A50(75eba50) Type: 4 Token Object Header: 0xE1DC9A38 GrantedAccess: e PointerCount: 16 HandleCount: 1 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,4aaf} ParentToken ID: {0,0} Modified ID: {0,d8ab} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege Enabled 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF23A4F0(64004f0) Type: 8 Event Object Header: 0xFF23A4D8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: WkssvcToAgentStopEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF2813C0(9f93c0) Type: 10 Mutant Object Header: 0xFF2813A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2295A8(4f325a8) Type: 26 File Object Header: 0xFF229590 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ProfMapApi OBJECT: 0xFF2190A8(45710a8) Type: 26 File Object Header: 0xFF219090 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ProfMapApi OBJECT: 0xE1E38C60(7b5fc60) Type: 18 Key Object Header: 0xE1E38C48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xFF219190(4571190) Type: 8 Event Object Header: 0xFF219178 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: winlogon: machine GPO Event 94906 SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF135FE0(5922fe0) Type: 8 Event Object Header: 0xFF135FC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EC9D40(52d7d40) Type: 18 Key Object Header: 0xE1EC9D28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\SystemCertificates\my\ OBJECT: 0xE1EC9CC0(52d7cc0) Type: 18 Key Object Header: 0xE1EC9CA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EnterpriseCertificates\Root\ OBJECT: 0xE12F3E40(199be40) Type: 18 Key Object Header: 0xE12F3E28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\SystemCertificates\Root\ OBJECT: 0xE1E48D80(7c38d80) Type: 17 Section Object Header: 0xE1E48D68 GrantedAccess: f0007 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: WDMAUD_Callbacks SecurityDescriptor: 0xE1DD6D78(77f7d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;DCLC;;;WD) Segment: 0xE12DFF08(1970f08) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE12E89A0(198d9a0) Type: 18 Key Object Header: 0xE12E8988 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\SystemCertificates\ca\ OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: f0007 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF24ABE0(3bdbe0) Type: 8 Event Object Header: 0xFF24ABC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF225190(478b190) Type: 10 Mutant Object Header: 0xFF225178 GrantedAccess: 100000 PointerCount: 9 HandleCount: 8 Directory: 0xFCC61C10 Name: mxrapi SecurityDescriptor: 0xE12A58D8(18c88d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xE12DC160(1966160) Type: 18 Key Object Header: 0xE12DC148 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\SystemCertificates\ca\ OBJECT: 0xE1E69CC0(bc7cc0) Type: 18 Key Object Header: 0xE1E69CA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE12B8840(19bd840) Type: 18 Key Object Header: 0xE12B8828 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EnterpriseCertificates\ca\ OBJECT: 0xE1E892A0(1b242a0) Type: 18 Key Object Header: 0xE1E89288 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\SystemCertificates\Trust\ OBJECT: 0xE1337FE0(1aa5fe0) Type: 18 Key Object Header: 0xE1337FC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE1E90A00(54ba00) Type: 18 Key Object Header: 0xE1E909E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\SystemCertificates\Trust\ OBJECT: 0xE133BF80(1aabf80) Type: 18 Key Object Header: 0xE133BF68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EnterpriseCertificates\Trust\ OBJECT: 0xE13228E0(1a708e0) Type: 18 Key Object Header: 0xE13228C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\SystemCertificates\ca\ OBJECT: 0xE13AC8A0(2b2c8a0) Type: 18 Key Object Header: 0xE13AC888 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE12DF3E0(19703e0) Type: 18 Key Object Header: 0xE12DF3C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\SystemCertificates\ca\ OBJECT: 0xE1331EC0(1a94ec0) Type: 18 Key Object Header: 0xE1331EA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EnterpriseCertificates\ca\ OBJECT: 0xFF21CD80(50add80) Type: 8 Event Object Header: 0xFF21CD68 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 3 SecurityDescriptor: (null) OBJECT: 0xFF21CD40(50add40) Type: 8 Event Object Header: 0xFF21CD28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21CD00(50add00) Type: 8 Event Object Header: 0xFF21CCE8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D08A0(22ff8a0) Type: 6 Thread Object Header: 0xFF1D0888 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.0000031C ThreadsProcess: 0xFCA36620 OBJECT: 0xE1F6BD70(25e3d70) Type: 4 Token Object Header: 0xE1F6BD58 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,d393} ParentToken ID: {0,0} Modified ID: {0,cf31} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege OBJECT: 0xFF237920(646c920) Type: 8 Event Object Header: 0xFF237908 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF237880(646c880) Type: 8 Event Object Header: 0xFF237868 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2378E0(646c8e0) Type: 8 Event Object Header: 0xFF2378C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21C4A0(50ad4a0) Type: 8 Event Object Header: 0xFF21C488 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21C470(50ad470) Type: 8 Event Object Header: 0xFF21C458 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: userenv: Machine Group Policy has been applied SecurityDescriptor: 0xE12A66D8(18c96d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) OBJECT: 0xFF21B020(4ec9020) Type: 6 Thread Object Header: 0xFF21B008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002A8 ThreadsProcess: 0xFCA36620 OBJECT: 0xE1EC9D80(52d7d80) Type: 18 Key Object Header: 0xE1EC9D68 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Policies\MICROSOFT\SystemCertificates\ OBJECT: 0xFF229520(4f32520) Type: 8 Event Object Header: 0xFF229508 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D5930(2220930) Type: 8 Event Object Header: 0xFF1D5918 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: AUTOENRL:TriggerMachineEnrollment SecurityDescriptor: 0xE12A66D8(18c96d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) OBJECT: 0xFF280190(ae5190) Type: 13 Timer Object Header: 0xFF280178 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: AUTOENRL: machine refresh timer for 176:528 SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF21BFA0(4ec9fa0) Type: 8 Event Object Header: 0xFF21BF88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21BF60(4ec9f60) Type: 8 Event Object Header: 0xFF21BF48 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF255520(23a6520) Type: 8 Event Object Header: 0xFF255508 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2738D0(ec58d0) Type: 8 Event Object Header: 0xFF2738B8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: userenv: user policy refresh event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF21BEE0(4ec9ee0) Type: 8 Event Object Header: 0xFF21BEC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21BDE0(4ec9de0) Type: 8 Event Object Header: 0xFF21BDC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF255850(23a6850) Type: 8 Event Object Header: 0xFF255838 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: winlogon: User GPO Event 104810 SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF21BBB0(4ec9bb0) Type: 8 Event Object Header: 0xFF21BB98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: userenv: User Group Policy has been applied SecurityDescriptor: 0xE12A66D8(18c96d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) OBJECT: 0xFF21BD40(4ec9d40) Type: 8 Event Object Header: 0xFF21BD28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF21BC20(4ec9c20) Type: 8 Event Object Header: 0xFF21BC08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21BBE0(4ec9be0) Type: 8 Event Object Header: 0xFF21BBC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21BBB0(4ec9bb0) Type: 8 Event Object Header: 0xFF21BB98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: userenv: User Group Policy has been applied SecurityDescriptor: 0xE12A66D8(18c96d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) OBJECT: 0xE1E69E40(bc7e40) Type: 18 Key Object Header: 0xE1E69E28 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\MICROSOFT\SystemCertificates\ OBJECT: 0xFF21BD40(4ec9d40) Type: 8 Event Object Header: 0xFF21BD28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF21CD80(50add80) Type: 8 Event Object Header: 0xFF21CD68 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 3 SecurityDescriptor: (null) OBJECT: 0xFF21BB00(4ec9b00) Type: 8 Event Object Header: 0xFF21BAE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21BAC0(4ec9ac0) Type: 8 Event Object Header: 0xFF21BAA8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2B8B0(10488b0) Type: 13 Timer Object Header: 0xFCA2B898 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: userenv: refresh timer for 176:796 SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFF21BA20(4ec9a20) Type: 8 Event Object Header: 0xFF21BA08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EC4D50(4766d50) Type: 19 Port Object Header: 0xE1EC4D38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B0.00000154 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF21B8E0(4ec98e0) Type: 8 Event Object Header: 0xFF21B8C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21B8A0(4ec98a0) Type: 8 Event Object Header: 0xFF21B888 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1ECDD70(25b5d70) Type: 4 Token Object Header: 0xE1ECDD58 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,d471} ParentToken ID: {0,0} Modified ID: {0,cf31} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege OBJECT: 0xE1ECD830(25b5830) Type: 4 Token Object Header: 0xE1ECD818 GrantedAccess: 200ee PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1ED1E98(6484e98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;DCLCSWWPDTLORC;;;S-1-5-5-0-52683) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,d6c9} ParentToken ID: {0,0} Modified ID: {0,cf31} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege OBJECT: 0xFF21B800(4ec9800) Type: 8 Event Object Header: 0xFF21B7E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21B6A0(4ec96a0) Type: 8 Event Object Header: 0xFF21B688 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2AA60(7ae7a60) Type: 19 Port Object Header: 0xE1E2AA48 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCD642F0 Name: OLE4 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000000B0.00000290 ClientThread: 0x00000000 ServerProcess: 0xFCA36620 OBJECT: 0xE12C2280(18f9280) Type: 18 Key Object Header: 0xE12C2268 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xFF21B600(4ec9600) Type: 8 Event Object Header: 0xFF21B5E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF21B7C0(4ec97c0) Type: 8 Event Object Header: 0xFF21B7A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21B780(4ec9780) Type: 8 Event Object Header: 0xFF21B768 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2FF20(7b93f20) Type: 18 Key Object Header: 0xE1E2FF08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\MICROSOFT\SystemCertificates\ OBJECT: 0xFF21B600(4ec9600) Type: 8 Event Object Header: 0xFF21B5E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF21CD80(50add80) Type: 8 Event Object Header: 0xFF21CD68 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 3 SecurityDescriptor: (null) OBJECT: 0xFF21B480(4ec9480) Type: 8 Event Object Header: 0xFF21B468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21B300(4ec9300) Type: 8 Event Object Header: 0xFF21B2E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF251030(4793030) Type: 8 Event Object Header: 0xFF251018 GrantedAccess: 1f0003 PointerCount: 10 HandleCount: 4 Directory: 0xFCC61C10 Name: hardwaremixercallback SecurityDescriptor: 0xE1E59F78(9eef78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xE1ECB810(1959810) Type: 4 Token Object Header: 0xE1ECB7F8 GrantedAccess: f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,cf2f} ParentToken ID: {0,0} Modified ID: {0,cf31} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege OBJECT: 0xFF21B5C0(4ec95c0) Type: 8 Event Object Header: 0xFF21B5A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF217580(53ca580) Type: 6 Thread Object Header: 0xFF217568 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000210 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF21B580(4ec9580) Type: 8 Event Object Header: 0xFF21B568 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21B540(4ec9540) Type: 8 Event Object Header: 0xFF21B528 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D6760(202e760) Type: 8 Event Object Header: 0xFF1D6748 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CE3C0(27043c0) Type: 6 Thread Object Header: 0xFF1CE3A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.0000032C ThreadsProcess: 0xFCA36620 OBJECT: 0xFF21B440(4ec9440) Type: 8 Event Object Header: 0xFF21B428 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21B400(4ec9400) Type: 8 Event Object Header: 0xFF21B3E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273BF0(ec5bf0) Type: 8 Event Object Header: 0xFF273BD8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: AUTOENRL:TriggerUserEnrollment SecurityDescriptor: 0xE12A66D8(18c96d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) OBJECT: 0xFF1D7C70(1eebc70) Type: 13 Timer Object Header: 0xFF1D7C58 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: AUTOENRL: user refresh timer for 176:340 SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF23A530(6400530) Type: 8 Event Object Header: 0xFF23A518 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: WkssvcToAgentStartEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF219030(4571030) Type: 8 Event Object Header: 0xFF219018 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: userenv: machine policy refresh event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF21D0C0(66230c0) Type: 8 Event Object Header: 0xFF21D0A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21C470(50ad470) Type: 8 Event Object Header: 0xFF21C458 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: userenv: Machine Group Policy has been applied SecurityDescriptor: 0xE12A66D8(18c96d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) OBJECT: 0xFF1D52C0(22202c0) Type: 6 Thread Object Header: 0xFF1D52A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000310 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1D9B60(1ee9b60) Type: 8 Event Object Header: 0xFF1D9B48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EB7C60(79ac60) Type: 18 Key Object Header: 0xE1EB7C48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFF23E028(560a028) Type: 26 File Object Header: 0xFF23E010 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_adm OBJECT: 0xFF21C568(50ad568) Type: 26 File Object Header: 0xFF21C550 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32 OBJECT: 0xFF1D69B0(202e9b0) Type: 8 Event Object Header: 0xFF1D6998 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: SENS Started Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF217988(53ca988) Type: 26 File Object Header: 0xFF217970 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_adm OBJECT: 0xFF2107C8(658e7c8) Type: 26 File Object Header: 0xFF2107B0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\bin OBJECT: 0xFF218248(4b15248) Type: 26 File Object Header: 0xFF218230 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_aut OBJECT: 0xFF210CC8(658ecc8) Type: 26 File Object Header: 0xFF210CB0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_aut OBJECT: 0xFF210A48(658ea48) Type: 26 File Object Header: 0xFF210A30 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\inetsrv OBJECT: 0xFF210348(658e348) Type: 26 File Object Header: 0xFF210330 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\outlook express OBJECT: 0xFF20F2C8(65f22c8) Type: 26 File Object Header: 0xFF20F2B0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\fonts OBJECT: 0xFF20F5A8(65f25a8) Type: 26 File Object Header: 0xFF20F590 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt OBJECT: 0xFF20E028(45b4028) Type: 26 File Object Header: 0xFF20E010 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\inf OBJECT: 0xFF20EB68(45b4b68) Type: 26 File Object Header: 0xFF20EB50 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\servsupp OBJECT: 0xFF20EE48(45b4e48) Type: 26 File Object Header: 0xFF20EE30 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\drivers OBJECT: 0xFF20E488(45b4488) Type: 26 File Object Header: 0xFF20E470 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\microsoft frontpage\version3.0\bin OBJECT: 0xFCD27A08(1344a08) Type: 26 File Object Header: 0xFCD279F0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\winlogonrpc OBJECT: 0xFF20E928(45b4928) Type: 26 File Object Header: 0xFF20E910 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\bots\vinavbar OBJECT: 0xFF20DF88(477ef88) Type: 26 File Object Header: 0xFF20DF70 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\isapi OBJECT: 0xFF20CF48(4ecef48) Type: 26 File Object Header: 0xFF20CF30 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\_vti_bin OBJECT: 0xFF20D968(477e968) Type: 26 File Object Header: 0xFF20D950 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\bin\1033 OBJECT: 0xFF20D8C8(477e8c8) Type: 26 File Object Header: 0xFF20D8B0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\speechengines\tts OBJECT: 0xFF20A408(7df0408) Type: 26 File Object Header: 0xFF20A3F0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\speech OBJECT: 0xFF204768(4dfb768) Type: 26 File Object Header: 0xFF204750 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\windows media player OBJECT: 0xFF206568(515e568) Type: 26 File Object Header: 0xFF206550 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\dao OBJECT: 0xFF203028(519e028) Type: 26 File Object Header: 0xFF203010 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\system\msadc OBJECT: 0xFF248688(4b88688) Type: 26 File Object Header: 0xFF248670 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\system\ado OBJECT: 0xFF218448(4b15448) Type: 26 File Object Header: 0xFF218430 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\system\ole db OBJECT: 0xFF1FF3C8(4f7b3c8) Type: 26 File Object Header: 0xFF1FF3B0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\msagent OBJECT: 0xFF23AF88(6400f88) Type: 26 File Object Header: 0xFF23AF70 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\twain_32\miitwain OBJECT: 0xFF1FBB08(4abdb08) Type: 26 File Object Header: 0xFF1FBAF0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system OBJECT: 0xFF1FF148(4f7b148) Type: 26 File Object Header: 0xFF1FF130 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\msagent\intl OBJECT: 0xFF1FB6E8(4abd6e8) Type: 26 File Object Header: 0xFF1FB6D0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\help OBJECT: 0xFF1F5B88(1c7bb88) Type: 26 File Object Header: 0xFF1F5B70 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\netmeeting OBJECT: 0xFF1F1D28(1d42d28) Type: 26 File Object Header: 0xFF1F1D10 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\triedit OBJECT: 0xFF1F48E8(1d048e8) Type: 26 File Object Header: 0xFF1F48D0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\wbem OBJECT: 0xFF1F4748(1d04748) Type: 26 File Object Header: 0xFF1F4730 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\com OBJECT: 0xFF1F4028(1d04028) Type: 26 File Object Header: 0xFF1F4010 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\setup OBJECT: 0xFF1F1C88(1d42c88) Type: 26 File Object Header: 0xFF1F1C70 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\windows nt OBJECT: 0xFF1F1BE8(1d42be8) Type: 26 File Object Header: 0xFF1F1BD0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\drivers\disdn OBJECT: 0xFF1F1988(1d42988) Type: 26 File Object Header: 0xFF1F1970 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\os2\dll OBJECT: 0xFF1F1A28(1d42a28) Type: 26 File Object Header: 0xFF1F1A10 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\system OBJECT: 0xFF1F18E8(1d428e8) Type: 26 File Object Header: 0xFF1F18D0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\twain_32\fjscan\fcpa OBJECT: 0xFF1FB348(4abd348) Type: 26 File Object Header: 0xFF1FB330 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\export OBJECT: 0xFF1F1208(1d42208) Type: 26 File Object Header: 0xFF1F11F0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\mui\0009 OBJECT: 0xFF1F5028(1c7b028) Type: 26 File Object Header: 0xFF1F5010 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\admcgi\scripts OBJECT: 0xFF1F53A8(1c7b3a8) Type: 26 File Object Header: 0xFF1F5390 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\web server extensions\40\admisapi\scripts OBJECT: 0xFF1F1448(1d42448) Type: 26 File Object Header: 0xFF1F1430 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\internet explorer OBJECT: 0xFF1EF168(4c48168) Type: 26 File Object Header: 0xFF1EF150 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\msinfo OBJECT: 0xFF1EF028(4c48028) Type: 26 File Object Header: 0xFF1EF010 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\internet explorer\connection wizard OBJECT: 0xFF1EEA68(1cc0a68) Type: 26 File Object Header: 0xFF1EEA50 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee} OBJECT: 0xFF1F0F88(487ef88) Type: 26 File Object Header: 0xFF1F0F70 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\twain_32\logiscan OBJECT: 0xFF1F0028(487e028) Type: 26 File Object Header: 0xFF1F0010 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\mww32\manager OBJECT: 0xFF1EED08(1cc0d08) Type: 26 File Object Header: 0xFF1EECF0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\mww32\modem OBJECT: 0xFF1FF0A8(4f7b0a8) Type: 26 File Object Header: 0xFF1FF090 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\npp OBJECT: 0xFF1EB2E8(49a72e8) Type: 26 File Object Header: 0xFF1EB2D0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\apppatch OBJECT: 0xFF1EDCE8(48cace8) Type: 26 File Object Header: 0xFF1EDCD0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\rocket OBJECT: 0xFF2035A8(519e5a8) Type: 26 File Object Header: 0xFF203590 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\windows nt\pinball OBJECT: 0xFF1EB5C8(49a75c8) Type: 26 File Object Header: 0xFF1EB5B0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\rpcproxy OBJECT: 0xFF1EACC8(17dcc8) Type: 26 File Object Header: 0xFF1EACB0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\spool\prtprocs\w32x86 OBJECT: 0xFF1E7E68(1c86e68) Type: 26 File Object Header: 0xFF1E7E50 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\common files\microsoft shared\vgx OBJECT: 0xFF1E9028(4a3e028) Type: 26 File Object Header: 0xFF1E9010 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\spool\drivers\color OBJECT: 0xFF1E4408(4d3c408) Type: 26 File Object Header: 0xFF1E43F0 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\windows nt\accessories\imagevue OBJECT: 0xFF1E33E0(4a4a3e0) Type: 6 Thread Object Header: 0xFF1E33C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002F8 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF229088(4f32088) Type: 26 File Object Header: 0xFF229070 GrantedAccess: 160001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\windows nt\accessories OBJECT: 0xFF1E9680(4a3e680) Type: 8 Event Object Header: 0xFF1E9668 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E94C0(4a3e4c0) Type: 8 Event Object Header: 0xFF1E94A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF229360(4f32360) Type: 8 Event Object Header: 0xFF229348 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FC520(198a520) Type: 8 Event Object Header: 0xFF1FC508 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EAF40(17df40) Type: 8 Event Object Header: 0xFF1EAF28 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EAF00(17df00) Type: 8 Event Object Header: 0xFF1EAEE8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E3BE0(4a4abe0) Type: 8 Event Object Header: 0xFF1E3BC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E3BA0(4a4aba0) Type: 8 Event Object Header: 0xFF1E3B88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E3B60(4a4ab60) Type: 8 Event Object Header: 0xFF1E3B48 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E3B20(4a4ab20) Type: 8 Event Object Header: 0xFF1E3B08 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E3AE0(4a4aae0) Type: 8 Event Object Header: 0xFF1E3AC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E3AA0(4a4aaa0) Type: 8 Event Object Header: 0xFF1E3A88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E2B00(1d6db00) Type: 8 Event Object Header: 0xFF1E2AE8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E2920(1d6d920) Type: 8 Event Object Header: 0xFF1E2908 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E2740(1d6d740) Type: 8 Event Object Header: 0xFF1E2728 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E2560(1d6d560) Type: 8 Event Object Header: 0xFF1E2548 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E2380(1d6d380) Type: 8 Event Object Header: 0xFF1E2368 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E1020(1d77020) Type: 8 Event Object Header: 0xFF1E1008 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E1E40(1d77e40) Type: 8 Event Object Header: 0xFF1E1E28 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E1C60(1d77c60) Type: 8 Event Object Header: 0xFF1E1C48 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E1A80(1d77a80) Type: 8 Event Object Header: 0xFF1E1A68 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E18A0(1d778a0) Type: 8 Event Object Header: 0xFF1E1888 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E16C0(1d776c0) Type: 8 Event Object Header: 0xFF1E16A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E14E0(1d774e0) Type: 8 Event Object Header: 0xFF1E14C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E1300(1d77300) Type: 8 Event Object Header: 0xFF1E12E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E1120(1d77120) Type: 8 Event Object Header: 0xFF1E1108 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E10E0(1d770e0) Type: 8 Event Object Header: 0xFF1E10C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E10A0(1d770a0) Type: 8 Event Object Header: 0xFF1E1088 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E0CA0(1e00ca0) Type: 8 Event Object Header: 0xFF1E0C88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E0AC0(1e00ac0) Type: 8 Event Object Header: 0xFF1E0AA8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E08E0(1e008e0) Type: 8 Event Object Header: 0xFF1E08C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E0700(1e00700) Type: 8 Event Object Header: 0xFF1E06E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E0520(1e00520) Type: 8 Event Object Header: 0xFF1E0508 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E0340(1e00340) Type: 8 Event Object Header: 0xFF1E0328 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E0300(1e00300) Type: 8 Event Object Header: 0xFF1E02E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E02C0(1e002c0) Type: 8 Event Object Header: 0xFF1E02A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E0280(1e00280) Type: 8 Event Object Header: 0xFF1E0268 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E0240(1e00240) Type: 8 Event Object Header: 0xFF1E0228 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E0200(1e00200) Type: 8 Event Object Header: 0xFF1E01E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DF7C0(1d897c0) Type: 8 Event Object Header: 0xFF1DF7A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DF5E0(1d895e0) Type: 8 Event Object Header: 0xFF1DF5C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DF400(1d89400) Type: 8 Event Object Header: 0xFF1DF3E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DF220(1d89220) Type: 8 Event Object Header: 0xFF1DF208 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DF1E0(1d891e0) Type: 8 Event Object Header: 0xFF1DF1C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DEE40(1d94e40) Type: 8 Event Object Header: 0xFF1DEE28 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DEC60(1d94c60) Type: 8 Event Object Header: 0xFF1DEC48 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DEA80(1d94a80) Type: 8 Event Object Header: 0xFF1DEA68 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DE8A0(1d948a0) Type: 8 Event Object Header: 0xFF1DE888 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DE6C0(1d946c0) Type: 8 Event Object Header: 0xFF1DE6A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DE4E0(1d944e0) Type: 8 Event Object Header: 0xFF1DE4C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DE300(1d94300) Type: 8 Event Object Header: 0xFF1DE2E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DE2C0(1d942c0) Type: 8 Event Object Header: 0xFF1DE2A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DE280(1d94280) Type: 8 Event Object Header: 0xFF1DE268 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DE240(1d94240) Type: 8 Event Object Header: 0xFF1DE228 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DE200(1d94200) Type: 8 Event Object Header: 0xFF1DE1E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DD960(1d9d960) Type: 8 Event Object Header: 0xFF1DD948 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DD780(1d9d780) Type: 8 Event Object Header: 0xFF1DD768 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DD5A0(1d9d5a0) Type: 8 Event Object Header: 0xFF1DD588 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DD3C0(1d9d3c0) Type: 8 Event Object Header: 0xFF1DD3A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DD1E0(1d9d1e0) Type: 8 Event Object Header: 0xFF1DD1C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DCFE0(1da7fe0) Type: 8 Event Object Header: 0xFF1DCFC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF203648(519e648) Type: 26 File Object Header: 0xFF203630 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\SfcApi OBJECT: 0xFF1DCC08(1da7c08) Type: 26 File Object Header: 0xFF1DCBF0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\SfcApi OBJECT: 0xFF1DC980(1da7980) Type: 6 Thread Object Header: 0xFF1DC968 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.000002FC ThreadsProcess: 0xFCA36620 OBJECT: 0xE1EC8830(4da3830) Type: 19 Port Object Header: 0xE1EC8818 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000B0.00000154 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDBEF88(13dbf88) Type: 26 File Object Header: 0xFCDBEF70 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32 OBJECT: 0xFF1D0620(22ff620) Type: 6 Thread Object Header: 0xFF1D0608 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000000B0.00000320 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF200680(4dd8680) Type: 8 Event Object Header: 0xFF200668 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF200740(4dd8740) Type: 8 Event Object Header: 0xFF200728 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCDBFE28(13dce28) Type: 26 File Object Header: 0xFCDBFE10 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF1A74C0(34bf4c0) Type: 8 Event Object Header: 0xFF1A74A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF200D80(4dd8d80) Type: 8 Event Object Header: 0xFF200D68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF211B40(4c85b40) Type: 10 Mutant Object Header: 0xFF211B28 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF1FFB20(4f7bb20) Type: 8 Event Object Header: 0xFF1FFB08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24D420(766420) Type: 6 Thread Object Header: 0xFF24D408 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000B0.00000290 ThreadsProcess: 0xFCA36620 OBJECT: 0xFF1E6C80(507fc80) Type: 8 Event Object Header: 0xFF1E6C68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 6. TABLE: 0xFCA2D348(104a348): Table: 0xE1E22000 QuotaProcess: 0xFCA2BBC0 ProcessId: e4 HandleCount: 483 CapturedHandleCount: 483 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1337270(1aa5270) Type: 17 Section Object Header: 0xE1337258 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1DFD008(7877008) BasedAddress: 0x30F61420 SizeOfSegment: 0x18000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\services.exe OBJECT: 0xFCA2B4E0(10484e0) Type: 8 Event Object Header: 0xFCA2B4C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2B3E0(10483e0) Type: 8 Event Object Header: 0xFCA2B3C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2B380(1048380) Type: 8 Event Object Header: 0xFCA2B368 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFCA2B2E8(10482e8) Type: 26 File Object Header: 0xFCA2B2D0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFCA28380(1045380) Type: 8 Event Object Header: 0xFCA28368 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1DFC9D0(77f59d0) Type: 19 Port Object Header: 0xE1DFC9B8 GrantedAccess: 1f0001 PointerCount: 32 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.000000E0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1363440(22e5440) Type: 18 Key Object Header: 0xE1363428 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFCA28220(1045220) Type: 8 Event Object Header: 0xFCA28208 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA28180(1045180) Type: 8 Event Object Header: 0xFCA28168 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA28140(1045140) Type: 8 Event Object Header: 0xFCA28128 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF284520(a93520) Type: 6 Thread Object Header: 0xFF284508 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000014C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFCA272B8(10442b8) Type: 16 Desktop Object Header: 0xFCA272A0 GrantedAccess: f01ff PointerCount: 296 HandleCount: 8 Directory: 0x00000000 Name: Default OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation Object Header: 0xFCA28940 GrantedAccess: f037f PointerCount: 25 HandleCount: 15 Directory: 0xFCC5FD10 Name: Service-0x0-3e7$ OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation Object Header: 0xFCA28940 GrantedAccess: f037f PointerCount: 25 HandleCount: 15 Directory: 0xFCC5FD10 Name: Service-0x0-3e7$ OBJECT: 0xFCA26F40(1043f40) Type: 8 Event Object Header: 0xFCA26F28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12D9A40(195fa40) Type: 18 Key Object Header: 0xE12D9A28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\ OBJECT: 0xE12BD8C0(18e48c0) Type: 18 Key Object Header: 0xE12BD8A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ OBJECT: 0xE13634C0(22e54c0) Type: 18 Key Object Header: 0xE13634A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CLASS\ OBJECT: 0xFCA26F00(1043f00) Type: 8 Event Object Header: 0xFCA26EE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26EC0(1043ec0) Type: 10 Mutant Object Header: 0xFCA26EA8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26E80(1043e80) Type: 8 Event Object Header: 0xFCA26E68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26E40(1043e40) Type: 10 Mutant Object Header: 0xFCA26E28 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26E00(1043e00) Type: 8 Event Object Header: 0xFCA26DE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26DC0(1043dc0) Type: 10 Mutant Object Header: 0xFCA26DA8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26D80(1043d80) Type: 8 Event Object Header: 0xFCA26D68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26D40(1043d40) Type: 10 Mutant Object Header: 0xFCA26D28 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26D00(1043d00) Type: 8 Event Object Header: 0xFCA26CE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26CC0(1043cc0) Type: 10 Mutant Object Header: 0xFCA26CA8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26C80(1043c80) Type: 8 Event Object Header: 0xFCA26C68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26C40(1043c40) Type: 10 Mutant Object Header: 0xFCA26C28 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26C00(1043c00) Type: 8 Event Object Header: 0xFCA26BE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26BC0(1043bc0) Type: 10 Mutant Object Header: 0xFCA26BA8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26B80(1043b80) Type: 8 Event Object Header: 0xFCA26B68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26B40(1043b40) Type: 10 Mutant Object Header: 0xFCA26B28 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26B00(1043b00) Type: 8 Event Object Header: 0xFCA26AE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26AC0(1043ac0) Type: 10 Mutant Object Header: 0xFCA26AA8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26A80(1043a80) Type: 8 Event Object Header: 0xFCA26A68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26A40(1043a40) Type: 10 Mutant Object Header: 0xFCA26A28 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26A00(1043a00) Type: 8 Event Object Header: 0xFCA269E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA269C0(10439c0) Type: 10 Mutant Object Header: 0xFCA269A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26980(1043980) Type: 8 Event Object Header: 0xFCA26968 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26940(1043940) Type: 10 Mutant Object Header: 0xFCA26928 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26900(1043900) Type: 8 Event Object Header: 0xFCA268E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA268C0(10438c0) Type: 10 Mutant Object Header: 0xFCA268A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26880(1043880) Type: 8 Event Object Header: 0xFCA26868 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26840(1043840) Type: 10 Mutant Object Header: 0xFCA26828 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26800(1043800) Type: 8 Event Object Header: 0xFCA267E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA267C0(10437c0) Type: 10 Mutant Object Header: 0xFCA267A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26780(1043780) Type: 8 Event Object Header: 0xFCA26768 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26740(1043740) Type: 10 Mutant Object Header: 0xFCA26728 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26700(1043700) Type: 8 Event Object Header: 0xFCA266E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA266C0(10436c0) Type: 10 Mutant Object Header: 0xFCA266A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26680(1043680) Type: 8 Event Object Header: 0xFCA26668 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26640(1043640) Type: 10 Mutant Object Header: 0xFCA26628 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26600(1043600) Type: 8 Event Object Header: 0xFCA265E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA265C0(10435c0) Type: 10 Mutant Object Header: 0xFCA265A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26580(1043580) Type: 8 Event Object Header: 0xFCA26568 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26540(1043540) Type: 10 Mutant Object Header: 0xFCA26528 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26500(1043500) Type: 8 Event Object Header: 0xFCA264E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA264C0(10434c0) Type: 10 Mutant Object Header: 0xFCA264A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26480(1043480) Type: 8 Event Object Header: 0xFCA26468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26440(1043440) Type: 10 Mutant Object Header: 0xFCA26428 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26400(1043400) Type: 8 Event Object Header: 0xFCA263E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA263C0(10433c0) Type: 10 Mutant Object Header: 0xFCA263A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26380(1043380) Type: 8 Event Object Header: 0xFCA26368 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26340(1043340) Type: 10 Mutant Object Header: 0xFCA26328 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26300(1043300) Type: 8 Event Object Header: 0xFCA262E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA262C0(10432c0) Type: 10 Mutant Object Header: 0xFCA262A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26280(1043280) Type: 8 Event Object Header: 0xFCA26268 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26240(1043240) Type: 10 Mutant Object Header: 0xFCA26228 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26200(1043200) Type: 8 Event Object Header: 0xFCA261E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA261C0(10431c0) Type: 10 Mutant Object Header: 0xFCA261A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26180(1043180) Type: 8 Event Object Header: 0xFCA26168 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26140(1043140) Type: 10 Mutant Object Header: 0xFCA26128 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26100(1043100) Type: 8 Event Object Header: 0xFCA260E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA260C0(10430c0) Type: 10 Mutant Object Header: 0xFCA260A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26080(1043080) Type: 8 Event Object Header: 0xFCA26068 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25020(1042020) Type: 10 Mutant Object Header: 0xFCA25008 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25FE0(1042fe0) Type: 8 Event Object Header: 0xFCA25FC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25FA0(1042fa0) Type: 10 Mutant Object Header: 0xFCA25F88 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25F60(1042f60) Type: 8 Event Object Header: 0xFCA25F48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25F20(1042f20) Type: 10 Mutant Object Header: 0xFCA25F08 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFCA33910(1050910) Type: 8 Event Object Header: 0xFCA338F8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC61C10 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE1362200(22bc200) Type: 18 Key Object Header: 0xE13621E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\ OBJECT: 0xE1363500(22e5500) Type: 18 Key Object Header: 0xE13634E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\ OBJECT: 0xE1362240(22bc240) Type: 18 Key Object Header: 0xE1362228 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\ OBJECT: 0xE1E27780(798a780) Type: 18 Key Object Header: 0xE1E27768 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\Order\ OBJECT: 0xFCA25810(1042810) Type: 8 Event Object Header: 0xFCA257F8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: SC_AutoStartComplete SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFCA25B40(1042b40) Type: 8 Event Object Header: 0xFCA25B28 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25500(1042500) Type: 6 Thread Object Header: 0xFCA254E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000000FC ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFCA25330(1042330) Type: 8 Event Object Header: 0xFCA25318 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: SvcctrlStartEvent_A3752DX SecurityDescriptor: 0xE1E294B8(7a844b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-18 G: S-1-5-18 D:(A;;0x100000;;;WD)(A;;0x1f0003;;;SY) OBJECT: 0xFCA253C0(10423c0) Type: 13 Timer Object Header: 0xFCA253A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25240(1042240) Type: 12 Semaphore Object Header: 0xFCA25228 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25280(1042280) Type: 10 Mutant Object Header: 0xFCA25268 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25200(1042200) Type: 12 Semaphore Object Header: 0xFCA251E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA251C0(10421c0) Type: 12 Semaphore Object Header: 0xFCA251A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25180(1042180) Type: 12 Semaphore Object Header: 0xFCA25168 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25140(1042140) Type: 12 Semaphore Object Header: 0xFCA25128 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25100(1042100) Type: 12 Semaphore Object Header: 0xFCA250E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1333320(1a95320) Type: 18 Key Object Header: 0xE1333308 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder\ OBJECT: 0xE1E4CA10(908a10) Type: 19 Port Object Header: 0xE1E4C9F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.000000E0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA250A0(10420a0) Type: 8 Event Object Header: 0xFCA25088 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2888A0(8ad8a0) Type: 8 Event Object Header: 0xFF288888 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288360(8ad360) Type: 8 Event Object Header: 0xFF288348 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF288320(8ad320) Type: 8 Event Object Header: 0xFF288308 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2882C0(8ad2c0) Type: 25 IoCompletion Object Header: 0xFF2882A8 GrantedAccess: 1f0003 PointerCount: 46 HandleCount: 2 Waiting Thread: 0xFF284DA0 Process: 0xFCA2BBC0 APCProcess: 0xFCA2BBC0 Waiting Thread: 0xFF285DA0 Process: 0xFCA2BBC0 APCProcess: 0xFCA2BBC0 Waiting Thread: 0xFF232540 Process: 0xFCA2BBC0 APCProcess: 0xFCA2BBC0 Waiting Thread: 0xFF228020 Process: 0xFCA2BBC0 APCProcess: 0xFCA2BBC0 Waiting Thread: 0xFF219800 Process: 0xFCA2BBC0 APCProcess: 0xFCA2BBC0 OBJECT: 0xFF2882C0(8ad2c0) Type: 25 IoCompletion Object Header: 0xFF2882A8 GrantedAccess: 1f0003 PointerCount: 46 HandleCount: 2 Waiting Thread: 0xFF284DA0 Process: 0xFCA2BBC0 APCProcess: 0xFCA2BBC0 Waiting Thread: 0xFF285DA0 Process: 0xFCA2BBC0 APCProcess: 0xFCA2BBC0 Waiting Thread: 0xFF232540 Process: 0xFCA2BBC0 APCProcess: 0xFCA2BBC0 Waiting Thread: 0xFF228020 Process: 0xFCA2BBC0 APCProcess: 0xFCA2BBC0 Waiting Thread: 0xFF219800 Process: 0xFCA2BBC0 APCProcess: 0xFCA2BBC0 OBJECT: 0xFF280100(ae5100) Type: 8 Event Object Header: 0xFF2800E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D55E0(22205e0) Type: 8 Event Object Header: 0xFF1D55C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2871A0(9451a0) Type: 8 Event Object Header: 0xFF287188 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF287080(945080) Type: 8 Event Object Header: 0xFF287068 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28AD10(fc4d10) Type: 8 Event Object Header: 0xFF28ACF8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: ScNetDrvMsg SecurityDescriptor: 0xE13855F8(288b5f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;DC;;;WD)(A;;0x1f0003;;;SY) OBJECT: 0xFF28ACC0(fc4cc0) Type: 8 Event Object Header: 0xFF28ACA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E4E040(943040) Type: 19 Port Object Header: 0xE1E4E028 GrantedAccess: 1f0001 PointerCount: 12 HandleCount: 1 Directory: 0xFCD642F0 Name: ntsvcs SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000000E4.000000E0 ClientThread: 0x00000000 ServerProcess: 0xFCA2BBC0 OBJECT: 0xFF289860(85e860) Type: 8 Event Object Header: 0xFF289848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF285DA0(92eda0) Type: 6 Thread Object Header: 0xFF285D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000013C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF287108(945108) Type: 26 File Object Header: 0xFF2870F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF28AD48(fc4d48) Type: 26 File Object Header: 0xFF28AD30 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF28B400(7c84400) Type: 8 Event Object Header: 0xFF28B3E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF284DA0(a93da0) Type: 6 Thread Object Header: 0xFF284D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000140 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xE1E4D490(900490) Type: 19 Port Object Header: 0xE1E4D478 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.000000E0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF13E020(2160020) Type: 6 Thread Object Header: 0xFF13E008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000418 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2849E0(a939e0) Type: 13 Timer Object Header: 0xFF2849C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2858A0(92e8a0) Type: 8 Event Object Header: 0xFF285888 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF284C40(a93c40) Type: 8 Event Object Header: 0xFF284C28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF286748(8aa748) Type: 26 File Object Header: 0xFF286730 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\scerpc OBJECT: 0xFF2879E8(9459e8) Type: 26 File Object Header: 0xFF2879D0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\scerpc OBJECT: 0xFF284520(a93520) Type: 6 Thread Object Header: 0xFF284508 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000014C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF284D40(a93d40) Type: 25 IoCompletion Object Header: 0xFF284D28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Waiting Thread: 0xFF284260 Process: 0xFCA2BBC0 APCProcess: 0xFCA2BBC0 OBJECT: 0xFF284260(a93260) Type: 6 Thread Object Header: 0xFF284248 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000150 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF283F60(a77f60) Type: 8 Event Object Header: 0xFF283F48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF283F20(a77f20) Type: 8 Event Object Header: 0xFF283F08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF285C28(92ec28) Type: 26 File Object Header: 0xFF285C10 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF283D80(a77d80) Type: 8 Event Object Header: 0xFF283D68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF287E28(945e28) Type: 26 File Object Header: 0xFF287E10 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF282C20(9dec20) Type: 8 Event Object Header: 0xFF282C08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282FE0(9defe0) Type: 8 Event Object Header: 0xFF282FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12EDB20(199cb20) Type: 18 Key Object Header: 0xE12EDB08 GrantedAccess: 2 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent\ OBJECT: 0xFF283228(a77228) Type: 26 File Object Header: 0xFF283210 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe1 OBJECT: 0xFF283108(a77108) Type: 26 File Object Header: 0xFF2830F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe1 OBJECT: 0xFF27C980(b6c980) Type: 8 Event Object Header: 0xFF27C968 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282940(9de940) Type: 6 Thread Object Header: 0xFF282928 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000158 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2816A8(9f96a8) Type: 26 File Object Header: 0xFF281690 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xE1E65A70(b68a70) Type: 19 Port Object Header: 0xE1E65A58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.00000148 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF280FE0(ae5fe0) Type: 12 Semaphore Object Header: 0xFF280FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12DE980(196f980) Type: 18 Key Object Header: 0xE12DE968 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\ OBJECT: 0xFF280500(ae5500) Type: 12 Semaphore Object Header: 0xFF2804E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF280B80(ae5b80) Type: 12 Semaphore Object Header: 0xFF280B68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF280AE8(ae5ae8) Type: 26 File Object Header: 0xFF280AD0 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\config\AppEvent.Evt OBJECT: 0xE12E8630(198d630) Type: 17 Section Object Header: 0xE12E8618 GrantedAccess: 17 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE134CB08(1af0b08) BasedAddress: 0x08A0D4C8 SizeOfSegment: 0x100000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\config\AppEvent.Evt OBJECT: 0xFF280980(ae5980) Type: 12 Semaphore Object Header: 0xFF280968 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF280940(ae5940) Type: 12 Semaphore Object Header: 0xFF280928 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2808A8(ae58a8) Type: 26 File Object Header: 0xFF280890 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\config\SecEvent.Evt OBJECT: 0xE12E46D0(197d6d0) Type: 17 Section Object Header: 0xE12E46B8 GrantedAccess: 17 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1E64BE8(9cbbe8) BasedAddress: 0x08A084C0 SizeOfSegment: 0x100000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\config\SecEvent.Evt OBJECT: 0xFF282420(9de420) Type: 12 Semaphore Object Header: 0xFF282408 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2823E0(9de3e0) Type: 12 Semaphore Object Header: 0xFF2823C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF280468(ae5468) Type: 26 File Object Header: 0xFF280450 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\config\SysEvent.Evt OBJECT: 0xE1372B50(27f3b50) Type: 17 Section Object Header: 0xE1372B38 GrantedAccess: 17 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE134CBA8(1af0ba8) BasedAddress: 0x089FD4D0 SizeOfSegment: 0x100000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\config\SysEvent.Evt OBJECT: 0xFF280FA0(ae5fa0) Type: 12 Semaphore Object Header: 0xFF280F88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF280D20(ae5d20) Type: 6 Thread Object Header: 0xFF280D08 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000168 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF280CA0(ae5ca0) Type: 8 Event Object Header: 0xFF280C88 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27C920(b6c920) Type: 8 Event Object Header: 0xFF27C908 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E64780(9cb780) Type: 19 Port Object Header: 0xE1E64768 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCE00850 Name: ErrorLogPort SecurityDescriptor: 0xE131B438(1a3b438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000E4.00000168 ClientThread: 0x00000000 ServerProcess: 0xFCA2BBC0 OBJECT: 0xFF27F020(a06020) Type: 6 Thread Object Header: 0xFF27F008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000016C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27ED60(aefd60) Type: 8 Event Object Header: 0xFF27ED48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27BB20(eb3b20) Type: 8 Event Object Header: 0xFF27BB08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27BAE0(eb3ae0) Type: 10 Mutant Object Header: 0xFF27BAC8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2848E0(a938e0) Type: 8 Event Object Header: 0xFF2848C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12C7E60(1911e60) Type: 18 Key Object Header: 0xE12C7E48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE12F28E0(19b68e0) Type: 18 Key Object Header: 0xE12F28C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF284860(a93860) Type: 8 Event Object Header: 0xFF284848 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27C600(b6c600) Type: 8 Event Object Header: 0xFF27C5E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12ED160(199c160) Type: 18 Key Object Header: 0xE12ED148 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE12FA620(1a03620) Type: 18 Key Object Header: 0xE12FA608 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF27C560(b6c560) Type: 8 Event Object Header: 0xFF27C548 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12DFB20(1970b20) Type: 18 Key Object Header: 0xE12DFB08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF27C4C0(b6c4c0) Type: 8 Event Object Header: 0xFF27C4A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12E8460(198d460) Type: 18 Key Object Header: 0xE12E8448 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF27C420(b6c420) Type: 8 Event Object Header: 0xFF27C408 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12E78C0(198b8c0) Type: 18 Key Object Header: 0xE12E78A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF27C380(b6c380) Type: 8 Event Object Header: 0xFF27C368 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27C2E0(b6c2e0) Type: 8 Event Object Header: 0xFF27C2C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12EA700(1994700) Type: 18 Key Object Header: 0xE12EA6E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF27C240(b6c240) Type: 8 Event Object Header: 0xFF27C228 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12C2B20(18f9b20) Type: 18 Key Object Header: 0xE12C2B08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF27C1A0(b6c1a0) Type: 8 Event Object Header: 0xFF27C188 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12DCCC0(1966cc0) Type: 18 Key Object Header: 0xE12DCCA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF27B020(eb3020) Type: 8 Event Object Header: 0xFF27B008 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27C648(b6c648) Type: 26 File Object Header: 0xFF27C630 GrantedAccess: 120089 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: f0005 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE12FBC80(19efc80) Type: 18 Key Object Header: 0xE12FBC68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF27BAA0(eb3aa0) Type: 8 Event Object Header: 0xFF27BA88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27BA60(eb3a60) Type: 10 Mutant Object Header: 0xFF27BA48 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12F2B00(19b6b00) Type: 18 Key Object Header: 0xE12F2AE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xFF27BA20(eb3a20) Type: 8 Event Object Header: 0xFF27BA08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B9E0(eb39e0) Type: 10 Mutant Object Header: 0xFF27B9C8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B9A0(eb39a0) Type: 12 Semaphore Object Header: 0xFF27B988 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B960(eb3960) Type: 12 Semaphore Object Header: 0xFF27B948 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B920(eb3920) Type: 8 Event Object Header: 0xFF27B908 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B8E0(eb38e0) Type: 8 Event Object Header: 0xFF27B8C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B5E0(eb35e0) Type: 12 Semaphore Object Header: 0xFF27B5C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B5A0(eb35a0) Type: 12 Semaphore Object Header: 0xFF27B588 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12E2420(1977420) Type: 18 Key Object Header: 0xE12E2408 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF27B560(eb3560) Type: 8 Event Object Header: 0xFF27B548 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27BB70(eb3b70) Type: 10 Mutant Object Header: 0xFF27BB58 GrantedAccess: 1f0001 PointerCount: 11 HandleCount: 10 Directory: 0xFCC61C10 Name: RasPbFile SecurityDescriptor: 0xE1E6B558(cb1558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF27B4A0(eb34a0) Type: 8 Event Object Header: 0xFF27B488 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B460(eb3460) Type: 8 Event Object Header: 0xFF27B448 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B420(eb3420) Type: 8 Event Object Header: 0xFF27B408 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B3E0(eb33e0) Type: 12 Semaphore Object Header: 0xFF27B3C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B3A0(eb33a0) Type: 12 Semaphore Object Header: 0xFF27B388 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B360(eb3360) Type: 8 Event Object Header: 0xFF27B348 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27B2C8(eb32c8) Type: 26 File Object Header: 0xFF27B2B0 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF27B268 (eb3268) OBJECT: 0xFF27B1E8(eb31e8) Type: 26 File Object Header: 0xFF27B1D0 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF27B188 (eb3188) OBJECT: 0xFF27B108(eb3108) Type: 26 File Object Header: 0xFF27B0F0 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF27A028(cd9028) Type: 26 File Object Header: 0xFF27A010 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF27AF88(cd9f88) Type: 26 File Object Header: 0xFF27AF70 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE12B8700(19bd700) Type: 18 Key Object Header: 0xE12B86E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xE12C8DC0(1917dc0) Type: 18 Key Object Header: 0xE12C8DA8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE12CE8E0(192a8e0) Type: 18 Key Object Header: 0xE12CE8C8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE12F8BE0(19cabe0) Type: 18 Key Object Header: 0xE12F8BC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xFF27A9C0(cd99c0) Type: 8 Event Object Header: 0xFF27A9A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27FDA0(a06da0) Type: 6 Thread Object Header: 0xFF27FD88 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000015C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27A8E0(cd98e0) Type: 8 Event Object Header: 0xFF27A8C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12DB460(1965460) Type: 18 Key Object Header: 0xE12DB448 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF27A840(cd9840) Type: 8 Event Object Header: 0xFF27A828 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12DCE20(1966e20) Type: 18 Key Object Header: 0xE12DCE08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xFF27A7A0(cd97a0) Type: 8 Event Object Header: 0xFF27A788 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27FDA0(a06da0) Type: 6 Thread Object Header: 0xFF27FD88 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000015C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xE12C1720(18f7720) Type: 18 Key Object Header: 0xE12C1708 GrantedAccess: f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\ OBJECT: 0xE12E59C0(19859c0) Type: 18 Key Object Header: 0xE12E59A8 GrantedAccess: f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE12E4D20(197dd20) Type: 18 Key Object Header: 0xE12E4D08 GrantedAccess: f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\ OBJECT: 0xE12E4CE0(197dce0) Type: 18 Key Object Header: 0xE12E4CC8 GrantedAccess: f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ OBJECT: 0xFF27A2C0(cd92c0) Type: 13 Timer Object Header: 0xFF27A2A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27A280(cd9280) Type: 8 Event Object Header: 0xFF27A268 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27A240(cd9240) Type: 8 Event Object Header: 0xFF27A228 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27A1D0(cd91d0) Type: 8 Event Object Header: 0xFF27A1B8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: DHCPNEWIPADDRESS SecurityDescriptor: 0xE13AD9D8(2b2a9d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100002;;;WD) OBJECT: 0xFF27A200(cd9200) Type: 8 Event Object Header: 0xFF27A1E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27A128(cd9128) Type: 26 File Object Header: 0xFF27A110 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\DhcpClient OBJECT: 0xFF27E9E0(aef9e0) Type: 8 Event Object Header: 0xFF27E9C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF27E800(aef800) Type: 8 Event Object Header: 0xFF27E7E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27A760(cd9760) Type: 8 Event Object Header: 0xFF27A748 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27A720(cd9720) Type: 8 Event Object Header: 0xFF27A708 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27A6E0(cd96e0) Type: 8 Event Object Header: 0xFF27A6C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27EDA0(aefda0) Type: 6 Thread Object Header: 0xFF27ED88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000174 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27A460(cd9460) Type: 6 Thread Object Header: 0xFF27A448 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000017C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF279028(d72028) Type: 26 File Object Header: 0xFF279010 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF27A3C8 (cd93c8) OBJECT: 0xFF27A928(cd9928) Type: 26 File Object Header: 0xFF27A910 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBt_Wins_Export OBJECT: 0xFF279708(d72708) Type: 26 File Object Header: 0xFF2796F0 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NetBt_Wins_Export OBJECT: 0xFF278020(dfa020) Type: 8 Event Object Header: 0xFF278008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278DA0(dfada0) Type: 6 Thread Object Header: 0xFF278D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000180 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xE12E1A40(1975a40) Type: 18 Key Object Header: 0xE12E1A28 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters\ OBJECT: 0xFF279940(d72940) Type: 8 Event Object Header: 0xFF279928 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF279900(d72900) Type: 8 Event Object Header: 0xFF2798E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2798C0(d728c0) Type: 8 Event Object Header: 0xFF2798A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27A3A0(cd93a0) Type: 8 Event Object Header: 0xFF27A388 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF279B28(d72b28) Type: 26 File Object Header: 0xFF279B10 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF279340(d72340) Type: 8 Event Object Header: 0xFF279328 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF279C20(d72c20) Type: 8 Event Object Header: 0xFF279C08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278AE0(dfaae0) Type: 8 Event Object Header: 0xFF278AC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2782E0(dfa2e0) Type: 6 Thread Object Header: 0xFF2782C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000184 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF279508(d72508) Type: 26 File Object Header: 0xFF2794F0 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF278A48 (dfaa48) Unknown1: 0x00000001 (1) Unknown2: 0xff278a68 OBJECT: 0xFF278248(dfa248) Type: 26 File Object Header: 0xFF278230 GrantedAccess: 100001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\drivers\etc OBJECT: 0xFF278A20(dfaa20) Type: 8 Event Object Header: 0xFF278A08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27E020(aef020) Type: 6 Thread Object Header: 0xFF27E008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000170 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2789E0(dfa9e0) Type: 8 Event Object Header: 0xFF2789C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278120(dfa120) Type: 8 Event Object Header: 0xFF278108 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278760(dfa760) Type: 6 Thread Object Header: 0xFF278748 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000188 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2780E0(dfa0e0) Type: 8 Event Object Header: 0xFF2780C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2786E0(dfa6e0) Type: 8 Event Object Header: 0xFF2786C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278720(dfa720) Type: 8 Event Object Header: 0xFF278708 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2786A0(dfa6a0) Type: 8 Event Object Header: 0xFF278688 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278670(dfa670) Type: 8 Event Object Header: 0xFF278658 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: PnP_No_Pending_Install_Events SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF279110(d72110) Type: 10 Mutant Object Header: 0xFF2790F8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: PnP_Init_Mutex SecurityDescriptor: 0xE1398218(29b8218) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF277488(dd0488) Type: 26 File Object Header: 0xFF277470 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe2 OBJECT: 0xFF277520(dd0520) Type: 5 Process Object Header: 0xFF277508 GrantedAccess: 1f0fff PointerCount: 120 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF269BA0(2e5ba0) Type: 5 Process Object Header: 0xFF269B88 GrantedAccess: 1f0fff PointerCount: 21 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avsynmgr.exe OBJECT: 0xFF270CA8(fb0ca8) Type: 26 File Object Header: 0xFF270C90 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF26DF20(f2cf20) Type: 8 Event Object Header: 0xFF26DF08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2748A0(e3e8a0) Type: 5 Process Object Header: 0xFF274888 GrantedAccess: 1f0fff PointerCount: 48 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: spoolsv.exe OBJECT: 0xFF26ECA8(f7eca8) Type: 26 File Object Header: 0xFF26EC90 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe3 OBJECT: 0xFF268768(2a7768) Type: 26 File Object Header: 0xFF268750 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF275D20(dbdd20) Type: 8 Event Object Header: 0xFF275D08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF269748(2e5748) Type: 26 File Object Header: 0xFF269730 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe4 OBJECT: 0xFF268680(2a7680) Type: 8 Event Object Header: 0xFF268668 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25F940(1b16940) Type: 8 Event Object Header: 0xFF25F928 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF267D60(f86d60) Type: 5 Process Object Header: 0xFF267D48 GrantedAccess: 1f0fff PointerCount: 15 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: dfrws2005.exe OBJECT: 0xFF260F88(228f88) Type: 26 File Object Header: 0xFF260F70 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe5 OBJECT: 0xFF25FBA8(1b16ba8) Type: 26 File Object Header: 0xFF25FB90 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF25A8C0(22728c0) Type: 8 Event Object Header: 0xFF25A8A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25A448(2272448) Type: 26 File Object Header: 0xFF25A430 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF277960(dd0960) Type: 5 Process Object Header: 0xFF277948 GrantedAccess: 1f0fff PointerCount: 122 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF25D4A8(18ff4a8) Type: 26 File Object Header: 0xFF25D490 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe6 OBJECT: 0xFF2591E0(26f81e0) Type: 8 Event Object Header: 0xFF2591C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25E980(1d8980) Type: 6 Thread Object Header: 0xFF25E968 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000001E4 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2591A0(26f81a0) Type: 8 Event Object Header: 0xFF259188 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E874B0(7334b0) Type: 19 Port Object Header: 0xE1E87498 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.00000144 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1E86570(1a2f570) Type: 19 Port Object Header: 0xE1E86558 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.000001E4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF259120(26f8120) Type: 8 Event Object Header: 0xFF259108 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2590C0(26f80c0) Type: 8 Event Object Header: 0xFF2590A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF258CE8(289ace8) Type: 26 File Object Header: 0xFF258CD0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF258F88(289af88) Type: 26 File Object Header: 0xFF258F70 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF2511B0(47931b0) Type: 8 Event Object Header: 0xFF251198 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: DmAdminStop SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF251230(4793230) Type: 8 Event Object Header: 0xFF251218 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: DmioLoaded SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF2511F0(47931f0) Type: 8 Event Object Header: 0xFF2511D8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: ReSyncKernel SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF256D08(2904d08) Type: 26 File Object Header: 0xFF256CF0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF25FF60(1b16f60) Type: 8 Event Object Header: 0xFF25FF48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF251170(4793170) Type: 8 Event Object Header: 0xFF251158 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: LDMAdmin SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFCE02410(141f410) Type: 8 Event Object Header: 0xFCE023F8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCD59990 Name: VxKernel2VoldEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF251AA0(4793aa0) Type: 8 Event Object Header: 0xFF251A88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2461E0(4be51e0) Type: 5 Process Object Header: 0xFF2461C8 GrantedAccess: 1f0fff PointerCount: 82 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: UMGR32.EXE OBJECT: 0xFF243B48(55b3b48) Type: 26 File Object Header: 0xFF243B30 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF248428(4b88428) Type: 26 File Object Header: 0xFF248410 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe0 OBJECT: 0xFF2431E0(55b31e0) Type: 8 Event Object Header: 0xFF2431C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF245F88(4c75f88) Type: 26 File Object Header: 0xFF245F70 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe7 OBJECT: 0xFF241CC8(54c1cc8) Type: 26 File Object Header: 0xFF241CB0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe8 OBJECT: 0xFF241020(54c1020) Type: 5 Process Object Header: 0xFF241008 GrantedAccess: 1f0fff PointerCount: 12 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: regsvc.exe OBJECT: 0xFF23ED60(560ad60) Type: 5 Process Object Header: 0xFF23ED48 GrantedAccess: 1f0fff PointerCount: 98 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: MSTask.exe OBJECT: 0xFF2600C0(2280c0) Type: 8 Event Object Header: 0xFF2600A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2400C0(63f30c0) Type: 8 Event Object Header: 0xFF2400A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23E408(560a408) Type: 26 File Object Header: 0xFF23E3F0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe9 OBJECT: 0xFF23B5E0(56865e0) Type: 8 Event Object Header: 0xFF23B5C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF246B00(4be5b00) Type: 8 Event Object Header: 0xFF246AE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2375E0(646c5e0) Type: 6 Thread Object Header: 0xFF2375C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000250 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF23B570(5686570) Type: 8 Event Object Header: 0xFF23B558 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: PS_SERVICE_STARTED SecurityDescriptor: 0xE132DF38(1a8af38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100000;;;WD) OBJECT: 0xFF246820(4be5820) Type: 12 Semaphore Object Header: 0xFF246808 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2468E0(4be58e0) Type: 8 Event Object Header: 0xFF2468C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2480C0(4b880c0) Type: 6 Thread Object Header: 0xFF2480A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000208 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2467E0(4be57e0) Type: 12 Semaphore Object Header: 0xFF2467C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2467A0(4be57a0) Type: 12 Semaphore Object Header: 0xFF246788 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2466A0(4be56a0) Type: 12 Semaphore Object Header: 0xFF246688 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF246660(4be5660) Type: 8 Event Object Header: 0xFF246648 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2188C0(4b158c0) Type: 8 Event Object Header: 0xFF2188A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DB860(1dae860) Type: 6 Thread Object Header: 0xFF1DB848 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000164 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xE1EAC9F0(58409f0) Type: 19 Port Object Header: 0xE1EAC9D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.00000210 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF24D848(766848) Type: 26 File Object Header: 0xFF24D830 GrantedAccess: 100000 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: LanmanRedirector OBJECT: 0xFF237F68(646cf68) Type: 26 File Object Header: 0xFF237F50 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF23A728(6400728) Type: 26 File Object Header: 0xFF23A710 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF232828(6c11828) Type: 26 File Object Header: 0xFF232810 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF28A470(fc4470) Type: 8 Event Object Header: 0xFF28A458 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 4 Directory: 0xFCC61C10 Name: crypt32LogoffEvent SecurityDescriptor: 0xE1E48458(7c38458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100000;;;WD) OBJECT: 0xE1EB8730(6b5b730) Type: 19 Port Object Header: 0xE1EB8718 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.00000144 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF2359E8(77999e8) Type: 26 File Object Header: 0xFF2359D0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF2340C0(28a20c0) Type: 8 Event Object Header: 0xFF2340A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2327C0(6c117c0) Type: 8 Event Object Header: 0xFF2327A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232CE0(6c11ce0) Type: 8 Event Object Header: 0xFF232CC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232540(6c11540) Type: 6 Thread Object Header: 0xFF232528 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000025C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF22EA28(dc5a28) Type: 26 File Object Header: 0xFF22EA10 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF230F08(7daf08) Type: 26 File Object Header: 0xFF230EF0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF230DA0(7dada0) Type: 8 Event Object Header: 0xFF230D88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22A900(4f61900) Type: 8 Event Object Header: 0xFF22A8E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EBFF50(21ebf50) Type: 19 Port Object Header: 0xE1EBFF38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.0000021C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF244028(51e5028) Type: 26 File Object Header: 0xFF244010 GrantedAccess: 100000 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: LanmanDatagramReceiver OBJECT: 0xFF23A460(6400460) Type: 12 Semaphore Object Header: 0xFF23A448 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E980(dc5980) Type: 8 Event Object Header: 0xFF22E968 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF237EA0(646cea0) Type: 25 IoCompletion Object Header: 0xFF237E88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Waiting Thread: 0xFF2375E0 Process: 0xFCA2BBC0 APCProcess: 0xFCA2BBC0 OBJECT: 0xFF22A380(4f61380) Type: 8 Event Object Header: 0xFF22A368 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23F028(5849028) Type: 26 File Object Header: 0xFF23F010 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\SecondaryLogon OBJECT: 0xFF2363C8(77743c8) Type: 26 File Object Header: 0xFF2363B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF21D460(6623460) Type: 12 Semaphore Object Header: 0xFF21D448 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21D8C0(66238c0) Type: 8 Event Object Header: 0xFF21D8A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF228320(4f13320) Type: 8 Event Object Header: 0xFF228308 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF221028(47bc028) Type: 26 File Object Header: 0xFF221010 GrantedAccess: f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: LanmanServer OBJECT: 0xFF225680(478b680) Type: 8 Event Object Header: 0xFF225668 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF23A4F0(64004f0) Type: 8 Event Object Header: 0xFF23A4D8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: WkssvcToAgentStopEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF23A530(6400530) Type: 8 Event Object Header: 0xFF23A518 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: WkssvcToAgentStartEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF23A4B0(64004b0) Type: 8 Event Object Header: 0xFF23A498 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: AgentToWkssvcEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF21D890(6623890) Type: 8 Event Object Header: 0xFF21D878 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: wkssvc: MUP finished initializing event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF21D700(6623700) Type: 12 Semaphore Object Header: 0xFF21D6E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21D020(6623020) Type: 8 Event Object Header: 0xFF21D008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21D740(6623740) Type: 12 Semaphore Object Header: 0xFF21D728 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF237960(646c960) Type: 8 Event Object Header: 0xFF237948 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xE1E2DB40(79afb40) Type: 19 Port Object Header: 0xE1E2DB28 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 1 Directory: 0xFCE00850 Name: XactSrvLpcPort SecurityDescriptor: 0xE131B438(1a3b438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000E4.00000208 ClientThread: 0x00000000 ServerProcess: 0xFCA2BBC0 OBJECT: 0xFF21B360(4ec9360) Type: 8 Event Object Header: 0xFF21B348 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EF5AF0(558af0) Type: 19 Port Object Header: 0xE1EF5AD8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.00000208 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF228020(4f13020) Type: 6 Thread Object Header: 0xFF228008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002AC ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF21BE20(4ec9e20) Type: 13 Timer Object Header: 0xFF21BE08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD67A10(1384a10) Type: 8 Event Object Header: 0xFCD679F8 GrantedAccess: 100003 PointerCount: 5 HandleCount: 2 Directory: 0xFCE00850 Name: LanmanServerAnnounceEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFCC63908(1280908) Type: 26 File Object Header: 0xFCC638F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF21AE60(574de60) Type: 8 Event Object Header: 0xFF21AE48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21AEE8(574dee8) Type: 26 File Object Header: 0xFF21AED0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF21AD88(574dd88) Type: 26 File Object Header: 0xFF21AD70 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xE1F55C70(220ac70) Type: 4 Token Object Header: 0xE1F55C58 GrantedAccess: c PointerCount: 2 HandleCount: 2 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x8 Token ID: {0,c2bd} ParentToken ID: {0,0} Modified ID: {0,c2bf} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default 5 0x4 SeLockMemoryPrivilege Default 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default 9 0x16 SeCreatePermanentPrivilege Default 10 0x20 SeDebugPrivilege Default 11 0x21 SeAuditPrivilege Default 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege OBJECT: 0xFF219B08(4571b08) Type: 26 File Object Header: 0xFF219AF0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF219AC0(4571ac0) Type: 8 Event Object Header: 0xFF219AA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF219A80(4571a80) Type: 8 Event Object Header: 0xFF219A68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF219800(4571800) Type: 6 Thread Object Header: 0xFF2197E8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002B0 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF2283E0(4f133e0) Type: 8 Event Object Header: 0xFF2283C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE20538B0(3a278b0) Type: 19 Port Object Header: 0xE2053898 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.00000168 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF219240(4571240) Type: 8 Event Object Header: 0xFF219228 GrantedAccess: 100003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF219280(4571280) Type: 8 Event Object Header: 0xFF219268 GrantedAccess: 100003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E79C60(38dc60) Type: 18 Key Object Header: 0xE1E79C48 GrantedAccess: 10 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters\ OBJECT: 0xE1E78B20(f6cb20) Type: 18 Key Object Header: 0xE1E78B08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Parameters\ OBJECT: 0xFF2191C0(45711c0) Type: 8 Event Object Header: 0xFF2191A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF164500(4873500) Type: 8 Event Object Header: 0xFF1644E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF203720(519e720) Type: 8 Event Object Header: 0xFF203708 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF159EE8(4882ee8) Type: 26 File Object Header: 0xFF159ED0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\WMIEP_1ec OBJECT: 0xFF284520(a93520) Type: 6 Thread Object Header: 0xFF284508 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000014C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1D5620(2220620) Type: 12 Semaphore Object Header: 0xFF1D5608 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A2CA0(364eca0) Type: 12 Semaphore Object Header: 0xFF1A2C88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12A1B40(18a8b40) Type: 18 Key Object Header: 0xE12A1B28 GrantedAccess: f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D}\ OBJECT: 0xFF192DA0(3992da0) Type: 6 Thread Object Header: 0xFF192D88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000278 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF28A680(fc4680) Type: 13 Timer Object Header: 0xFF28A668 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF172C00(b67c00) Type: 13 Timer Object Header: 0xFF172BE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A2DA0(364eda0) Type: 12 Semaphore Object Header: 0xFF1A2D88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF138020(1de6020) Type: 6 Thread Object Header: 0xFF138008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.0000040C ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF204920(4dfb920) Type: 13 Timer Object Header: 0xFF204908 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CAA60(2d33a60) Type: 13 Timer Object Header: 0xFF1CAA48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2016A0(4f556a0) Type: 8 Event Object Header: 0xFF201688 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF192DA0(3992da0) Type: 6 Thread Object Header: 0xFF192D88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.00000278 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF27FA60(a06a60) Type: 8 Event Object Header: 0xFF27FA48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FD720(4859720) Type: 5 Process Object Header: 0xFF1FD708 GrantedAccess: 1f0fff PointerCount: 54 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: WinMgmt.exe OBJECT: 0xFF1FE728(5486728) Type: 26 File Object Header: 0xFF1FE710 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe10 OBJECT: 0xFF1ECCE8(4eb9ce8) Type: 26 File Object Header: 0xFF1ECCD0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF1ECE80(4eb9e80) Type: 8 Event Object Header: 0xFF1ECE68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F42020(4f94020) Type: 18 Key Object Header: 0xE1F42008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Browser\Parameters\ OBJECT: 0xFF1E9F40(4a3ef40) Type: 8 Event Object Header: 0xFF1E9F28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1809C8(98d9c8) Type: 26 File Object Header: 0xFF1809B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF1EB0A0(49a70a0) Type: 8 Event Object Header: 0xFF1EB088 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FD020(4859020) Type: 6 Thread Object Header: 0xFF1FD008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002EC ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1E9F00(4a3ef00) Type: 8 Event Object Header: 0xFF1E9EE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF13DC68(20eec68) Type: 26 File Object Header: 0xFF13DC50 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF1923A0(39923a0) Type: 8 Event Object Header: 0xFF192388 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E9F88(4a3ef88) Type: 26 File Object Header: 0xFF1E9F70 GrantedAccess: 100000 PointerCount: 5 HandleCount: 1 SecurityDescriptor: (null) Path: LanmanDatagramReceiver OBJECT: 0xFF1EAB60(17db60) Type: 12 Semaphore Object Header: 0xFF1EAB48 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E91C0(4a3e1c0) Type: 8 Event Object Header: 0xFF1E91A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EAAA0(17daa0) Type: 13 Timer Object Header: 0xFF1EAA88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E90E0(4a3e0e0) Type: 12 Semaphore Object Header: 0xFF1E90C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EBD20(49a7d20) Type: 12 Semaphore Object Header: 0xFF1EBD08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EBC60(49a7c60) Type: 8 Event Object Header: 0xFF1EBC48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E9128(4a3e128) Type: 26 File Object Header: 0xFF1E9110 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: Netbios OBJECT: 0xFF1EBC20(49a7c20) Type: 8 Event Object Header: 0xFF1EBC08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21A4E0(574d4e0) Type: 8 Event Object Header: 0xFF21A4C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21A4A0(574d4a0) Type: 8 Event Object Header: 0xFF21A488 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21A460(574d460) Type: 8 Event Object Header: 0xFF21A448 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21A340(574d340) Type: 12 Semaphore Object Header: 0xFF21A328 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E8560(1c6e560) Type: 6 Thread Object Header: 0xFF1E8548 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002F4 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF21A300(574d300) Type: 12 Semaphore Object Header: 0xFF21A2E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EFB88(4c48b88) Type: 26 File Object Header: 0xFF1EFB70 GrantedAccess: 1f01ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF1EFA48 (4c48a48) Type: 0xafd1 Process: 0xFCA2BBC0 services.exe EndpointLinks: {0xFF22CAD8:FF1EA638} AfdTransportAddress: 0xFF2342E8 (28a22e8) DeviceString: \Device\Udp OBJECT: 0xFF1E7028(1c86028) Type: 26 File Object Header: 0xFF1E7010 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF21A388(574d388) Type: 26 File Object Header: 0xFF21A370 GrantedAccess: 160089 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: Mailslot\messngr OBJECT: 0xFF13DB68(20eeb68) Type: 26 File Object Header: 0xFF13DB50 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF1E5240(626240) Type: 8 Event Object Header: 0xFF1E5228 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E86490(1a2f490) Type: 19 Port Object Header: 0xE1E86478 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.000002B4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1EF9C8(4c489c8) Type: 26 File Object Header: 0xFF1EF9B0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1EF968 (4c48968) Unknown2: 0x1000 Address Object: 0xFF1E5968 (626968) Local Address: 0x0:204 0.0.0.0:1026 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF1E4E80(4d3ce80) Type: 12 Semaphore Object Header: 0xFF1E4E68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E4EC0(4d3cec0) Type: 12 Semaphore Object Header: 0xFF1E4EA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E4DE0(4d3cde0) Type: 8 Event Object Header: 0xFF1E4DC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF219800(4571800) Type: 6 Thread Object Header: 0xFF2197E8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000E4.000002B0 ThreadsProcess: 0xFCA2BBC0 OBJECT: 0xFF1E57A8(6267a8) Type: 26 File Object Header: 0xFF1E5790 GrantedAccess: 160089 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\Winsock2\CatalogChangeListener-e4-0 OBJECT: 0xFF1FC740(198a740) Type: 20 WaitablePort Object Header: 0xFF1FC728 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCDFD730 Name: TRKWKS_PORT OBJECT: 0xE12BFB00(18ecb00) Type: 18 Key Object Header: 0xE12BFAE8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASADHLP\ OBJECT: 0xFCDF8A10(1415a10) Type: 8 Event Object Header: 0xFCDF89F8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCDFD730 Name: TRKWKS_EVENT SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF28A540(fc4540) Type: 8 Event Object Header: 0xFF28A528 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF280020(ae5020) Type: 8 Event Object Header: 0xFF280008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD27F48(1344f48) Type: 26 File Object Header: 0xFCD27F30 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: WMIServiceDevice OBJECT: 0xFF280420(ae5420) Type: 8 Event Object Header: 0xFF280408 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F55C70(220ac70) Type: 4 Token Object Header: 0xE1F55C58 GrantedAccess: f01ff PointerCount: 2 HandleCount: 2 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x8 Token ID: {0,c2bd} ParentToken ID: {0,0} Modified ID: {0,c2bf} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default 5 0x4 SeLockMemoryPrivilege Default 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default 9 0x16 SeCreatePermanentPrivilege Default 10 0x20 SeDebugPrivilege Default 11 0x21 SeAuditPrivilege Default 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege OBJECT: 0xFF18E340(3ac0340) Type: 8 Event Object Header: 0xFF18E328 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCDA4368(13c1368) Type: 26 File Object Header: 0xFCDA4350 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF280140(ae5140) Type: 8 Event Object Header: 0xFF280128 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EBC750(e2f750) Type: 4 Token Object Header: 0xE1EBC738 GrantedAccess: f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: 0xE136F598(278b598) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,d89c} ParentToken ID: {0,0} Modified ID: {0,dcb0} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF1A9840(339b840) Type: 8 Event Object Header: 0xFF1A9828 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A87A8(34927a8) Type: 26 File Object Header: 0xFF1A8790 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF1CF360(22fe360) Type: 5 Process Object Header: 0xFF1CF348 GrantedAccess: 1f0fff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: userinit.exe OBJECT: 0xFF22A4A0(4f614a0) Type: 8 Event Object Header: 0xFF22A488 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19A660(385c660) Type: 8 Event Object Header: 0xFF19A648 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD6C5C8(13895c8) Type: 26 File Object Header: 0xFCD6C5B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF1CBAC8(2d34ac8) Type: 26 File Object Header: 0xFF1CBAB0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF162E28(51d3e28) Type: 26 File Object Header: 0xFF162E10 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF1CF8A0(22fe8a0) Type: 8 Event Object Header: 0xFF1CF888 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF155B80(53cfb80) Type: 8 Event Object Header: 0xFF155B68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16A4E0(51c84e0) Type: 8 Event Object Header: 0xFF16A4C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE208BDB0(512bdb0) Type: 19 Port Object Header: 0xE208BD98 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000E4.00000148 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF14AAE8(2e68ae8) Type: 26 File Object Header: 0xFF14AAD0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF180920(98d920) Type: 8 Event Object Header: 0xFF180908 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF152E60(21cee60) Type: 8 Event Object Header: 0xFF152E48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF149B08(54cab08) Type: 26 File Object Header: 0xFF149AF0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF15E0A0(64300a0) Type: 8 Event Object Header: 0xFF15E088 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 7. TABLE: 0xFCA2A468(1047468): Table: 0xE1E24000 QuotaProcess: 0xFCA2A500 ProcessId: f0 HandleCount: 266 CapturedHandleCount: 266 TableLevel: 2 StrictFIFO: No OBJECT: 0xE13380F0(1aa60f0) Type: 17 Section Object Header: 0xE13380D8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE13316A8(1a946a8) BasedAddress: 0x30F77C30 SizeOfSegment: 0xa000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\lsass.exe OBJECT: 0xFCA29020(1046020) Type: 8 Event Object Header: 0xFCA29008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA29FE0(1046fe0) Type: 8 Event Object Header: 0xFCA29FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA29FA0(1046fa0) Type: 8 Event Object Header: 0xFCA29F88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFCA29F08(1046f08) Type: 26 File Object Header: 0xFCA29EF0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFCA28660(1045660) Type: 8 Event Object Header: 0xFCA28648 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1DFC230(77f5230) Type: 19 Port Object Header: 0xE1DFC218 GrantedAccess: 1f0001 PointerCount: 15 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.000000EC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFCA28500(1045500) Type: 8 Event Object Header: 0xFCA284E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1362100(22bc100) Type: 18 Key Object Header: 0xE13620E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF27E9E0(aef9e0) Type: 8 Event Object Header: 0xFF27E9C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation Object Header: 0xFCA28940 GrantedAccess: f016e PointerCount: 25 HandleCount: 15 Directory: 0xFCC5FD10 Name: Service-0x0-3e7$ OBJECT: 0xFCA272B8(10442b8) Type: 16 Desktop Object Header: 0xFCA272A0 GrantedAccess: f00cf PointerCount: 296 HandleCount: 8 Directory: 0x00000000 Name: Default OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation Object Header: 0xFCA28940 GrantedAccess: f016e PointerCount: 25 HandleCount: 15 Directory: 0xFCC5FD10 Name: Service-0x0-3e7$ OBJECT: 0xFCA270A0(10440a0) Type: 8 Event Object Header: 0xFCA27088 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA26020(1043020) Type: 8 Event Object Header: 0xFCA26008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF2503C8(7c73c8) Type: 26 File Object Header: 0xFF2503B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe0 OBJECT: 0xFCA32300(104f300) Type: 8 Event Object Header: 0xFCA322E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E27B40(798ab40) Type: 18 Key Object Header: 0xE1E27B28 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msapsspc.dll\ OBJECT: 0xE1E29AE0(7a84ae0) Type: 18 Key Object Header: 0xE1E29AC8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\digest.dll\ OBJECT: 0xE1E362E0(7a382e0) Type: 18 Key Object Header: 0xE1E362C8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\msnsspc.dll\ OBJECT: 0xFF28F9A0(79f09a0) Type: 12 Semaphore Object Header: 0xFF28F988 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28F020(79f0020) Type: 6 Thread Object Header: 0xFF28F008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000100 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF28FF00(79f0f00) Type: 13 Timer Object Header: 0xFF28FEE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28F960(79f0960) Type: 8 Event Object Header: 0xFF28F948 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E38DC0(7b5fdc0) Type: 19 Port Object Header: 0xE1E38DA8 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 1 Directory: 0xFCE00850 Name: SeLsaCommandPort SecurityDescriptor: 0xE131B438(1a3b438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000F0.000000EC ClientThread: 0x00000000 ServerProcess: 0xFCA2A500 OBJECT: 0xFCC83470(12a0470) Type: 8 Event Object Header: 0xFCC83458 GrantedAccess: 2 PointerCount: 2 HandleCount: 1 Directory: 0xFCE00850 Name: SeLsaInitEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE131B350(1a3b350) Type: 19 Port Object Header: 0xE131B338 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.000000EC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1E38CD0(7b5fcd0) Type: 19 Port Object Header: 0xE1E38CB8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.000000EC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF28F5A0(79f05a0) Type: 12 Semaphore Object Header: 0xFF28F588 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28F560(79f0560) Type: 12 Semaphore Object Header: 0xFF28F548 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE130D360(1a30360) Type: 18 Key Object Header: 0xE130D348 GrantedAccess: 6001d PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SECURITY\ OBJECT: 0xE13084A0(1a164a0) Type: 18 Key Object Header: 0xE1308488 GrantedAccess: 3001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SECURITY\RXACT\ OBJECT: 0xFF28F520(79f0520) Type: 8 Event Object Header: 0xFF28F508 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28F4E0(79f04e0) Type: 8 Event Object Header: 0xFF28F4C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28F4A0(79f04a0) Type: 8 Event Object Header: 0xFF28F488 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28F460(79f0460) Type: 8 Event Object Header: 0xFF28F448 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2A0E0(10470e0) Type: 6 Thread Object Header: 0xFCA2A0C8 GrantedAccess: 1f03ff PointerCount: 2 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000EC ThreadsProcess: 0xFCA2A500 OBJECT: 0xE1E360E0(7a380e0) Type: 18 Key Object Header: 0xE1E360C8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SECURITY\Policy\ OBJECT: 0xFF28D020(ff6020) Type: 6 Thread Object Header: 0xFF28D008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000110 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF28E340(7b2d340) Type: 13 Timer Object Header: 0xFF28E328 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12CBA00(1942a00) Type: 18 Key Object Header: 0xE12CB9E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\ OBJECT: 0xFF28E300(7b2d300) Type: 12 Semaphore Object Header: 0xFF28E2E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12D35C0(19635c0) Type: 18 Key Object Header: 0xE12D35A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\DS\ObjectNames\ OBJECT: 0xE134EC40(1af4c40) Type: 18 Key Object Header: 0xE134EC28 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\Lsa\ObjectNames\ OBJECT: 0xE134E1A0(1af41a0) Type: 18 Key Object Header: 0xE134E188 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\NetDDE Object\ObjectNames\ OBJECT: 0xE134FFA0(1af6fa0) Type: 18 Key Object Header: 0xE134FF88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\SC Manager\ObjectNames\ OBJECT: 0xE12D04C0(19364c0) Type: 18 Key Object Header: 0xE12D04A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\SECURITY\ObjectNames\ OBJECT: 0xE1E38260(7b5f260) Type: 18 Key Object Header: 0xE1E38248 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\Security Account Manager\ObjectNames\ OBJECT: 0xE1E39880(7b0c880) Type: 18 Key Object Header: 0xE1E39868 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\EVENTLOG\SECURITY\Spooler\ObjectNames\ OBJECT: 0xFF28DFE0(ff6fe0) Type: 12 Semaphore Object Header: 0xFF28DFC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28DFA0(ff6fa0) Type: 12 Semaphore Object Header: 0xFF28DF88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28DF60(ff6f60) Type: 12 Semaphore Object Header: 0xFF28DF48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28BB00(7c84b00) Type: 12 Semaphore Object Header: 0xFF28BAE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28E920(7b2d920) Type: 25 IoCompletion Object Header: 0xFF28E908 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Waiting Thread: 0xFF28DBA0 Process: 0xFCA2A500 APCProcess: 0xFCA2A500 OBJECT: 0xFF28D620(ff6620) Type: 12 Semaphore Object Header: 0xFF28D608 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28DB20(ff6b20) Type: 8 Event Object Header: 0xFF28DB08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28D360(ff6360) Type: 12 Semaphore Object Header: 0xFF28D348 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE133C500(1aac500) Type: 18 Key Object Header: 0xE133C4E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Kerberos\SidCache\ OBJECT: 0xFF28BAC0(7c84ac0) Type: 12 Semaphore Object Header: 0xFF28BAA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28BA80(7c84a80) Type: 12 Semaphore Object Header: 0xFF28BA68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28BA40(7c84a40) Type: 12 Semaphore Object Header: 0xFF28BA28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1333220(1a95220) Type: 18 Key Object Header: 0xE1333208 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Kerberos\Domains\ OBJECT: 0xFF28BA00(7c84a00) Type: 8 Event Object Header: 0xFF28B9E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2A0E0(10470e0) Type: 6 Thread Object Header: 0xFCA2A0C8 GrantedAccess: 1f03ff PointerCount: 2 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000EC ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF28B940(7c84940) Type: 8 Event Object Header: 0xFF28B928 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E46D60(7ce9d60) Type: 18 Key Object Header: 0xE1E46D48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF28B8C0(7c848c0) Type: 8 Event Object Header: 0xFF28B8A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12DC940(1966940) Type: 18 Key Object Header: 0xE12DC928 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xE1E4A030(7ce3030) Type: 4 Token Object Header: 0xE1E4A018 GrantedAccess: 600fe PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,5298} ParentToken ID: {0,0} Modified ID: {0,4921} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege OBJECT: 0xE1E27DA0(798ada0) Type: 18 Key Object Header: 0xE1E27D88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\ OBJECT: 0xFF28A470(fc4470) Type: 8 Event Object Header: 0xFF28A458 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 4 Directory: 0xFCC61C10 Name: crypt32LogoffEvent SecurityDescriptor: 0xE1E48458(7c38458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100000;;;WD) OBJECT: 0xFCA33910(1050910) Type: 8 Event Object Header: 0xFCA338F8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC61C10 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF28A588(fc4588) Type: 26 File Object Header: 0xFF28A570 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xE12D71E0(19521e0) Type: 18 Key Object Header: 0xE12D71C8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Msv1_0\ OBJECT: 0xFF28A120(fc4120) Type: 8 Event Object Header: 0xFF28A108 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF289EA8(85eea8) Type: 26 File Object Header: 0xFF289E90 GrantedAccess: 120196 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\debug\PASSWD.LOG OBJECT: 0xFF289A00(85ea00) Type: 8 Event Object Header: 0xFF2899E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2899C0(85e9c0) Type: 8 Event Object Header: 0xFF2899A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28A7C0(fc47c0) Type: 25 IoCompletion Object Header: 0xFF28A7A8 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 2 Waiting Thread: 0xFF287AC0 Process: 0xFCA2A500 APCProcess: 0xFCA2A500 Waiting Thread: 0xFF286980 Process: 0xFCA2A500 APCProcess: 0xFCA2A500 OBJECT: 0xFF28A7C0(fc47c0) Type: 25 IoCompletion Object Header: 0xFF28A7A8 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 2 Waiting Thread: 0xFF287AC0 Process: 0xFCA2A500 APCProcess: 0xFCA2A500 Waiting Thread: 0xFF286980 Process: 0xFCA2A500 APCProcess: 0xFCA2A500 OBJECT: 0xFF289F88(85ef88) Type: 26 File Object Header: 0xFF289F70 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\lsass OBJECT: 0xFF2896C8(85e6c8) Type: 26 File Object Header: 0xFF2896B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\lsass OBJECT: 0xFF288020(8ad020) Type: 6 Thread Object Header: 0xFF288008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000120 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF2892C8(85e2c8) Type: 26 File Object Header: 0xFF2892B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF1A2DE0(364ede0) Type: 8 Event Object Header: 0xFF1A2DC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E4CCC0(908cc0) Type: 19 Port Object Header: 0xE1E4CCA8 GrantedAccess: 1f0001 PointerCount: 33 HandleCount: 1 Directory: 0xFCE00850 Name: LsaAuthenticationPort SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000000F0.00000120 ClientThread: 0x00000000 ServerProcess: 0xFCA2A500 OBJECT: 0xFF229BA8(4f32ba8) Type: 26 File Object Header: 0xFF229B90 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF16BEE8 (45e6ee8) Type: 0xafd1 Process: 0xFCA2A500 lsass.exe EndpointLinks: {0xFF16D9D8:FF160BB8} AfdTransportAddress: 0xFF2342E8 (28a22e8) DeviceString: \Device\Udp OBJECT: 0xFCA2A500(1047500) Type: 5 Process Object Header: 0xFCA2A4E8 GrantedAccess: 478 PointerCount: 126 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xE1E4CAF0(908af0) Type: 19 Port Object Header: 0xE1E4CAD8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF288A20(8ada20) Type: 8 Event Object Header: 0xFF288A08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA36620(1053620) Type: 5 Process Object Header: 0xFCA36608 GrantedAccess: 478 PointerCount: 217 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: winlogon.exe OBJECT: 0xFF28F620(79f0620) Type: 6 Thread Object Header: 0xFF28F608 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000104 ThreadsProcess: 0xFCA2A500 OBJECT: 0xE1E4D030(900030) Type: 19 Port Object Header: 0xE1E4D018 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF288960(8ad960) Type: 12 Semaphore Object Header: 0xFF288948 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28FC70(79f0c70) Type: 8 Event Object Header: 0xFF28FC58 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: LSA_RPC_SERVER_ACTIVE SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1E4C930(908930) Type: 19 Port Object Header: 0xE1E4C918 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA2BBC0(1048bc0) Type: 5 Process Object Header: 0xFCA2BBA8 GrantedAccess: 478 PointerCount: 261 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xFF282D20(9ded20) Type: 12 Semaphore Object Header: 0xFF282D08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2871E0(9451e0) Type: 8 Event Object Header: 0xFF2871C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282CE0(9dece0) Type: 12 Semaphore Object Header: 0xFF282CC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E4EE70(943e70) Type: 19 Port Object Header: 0xE1E4EE58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF2864E0(8aa4e0) Type: 8 Event Object Header: 0xFF2864C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF287AC0(945ac0) Type: 6 Thread Object Header: 0xFF287AA8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000134 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF285748(92e748) Type: 26 File Object Header: 0xFF285730 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\lsass OBJECT: 0xE12C1820(18f7820) Type: 18 Key Object Header: 0xE12C1808 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ OBJECT: 0xFF2854A0(92e4a0) Type: 8 Event Object Header: 0xFF285488 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF286980(8aa980) Type: 6 Thread Object Header: 0xFF286968 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000138 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF282CA0(9deca0) Type: 12 Semaphore Object Header: 0xFF282C88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2BBC0(1048bc0) Type: 5 Process Object Header: 0xFCA2BBA8 GrantedAccess: 478 PointerCount: 261 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xFF288580(8ad580) Type: 12 Semaphore Object Header: 0xFF288568 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF286840(8aa840) Type: 12 Semaphore Object Header: 0xFF286828 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282DE0(9dede0) Type: 12 Semaphore Object Header: 0xFF282DC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282DA0(9deda0) Type: 8 Event Object Header: 0xFF282D88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2833A8(a773a8) Type: 26 File Object Header: 0xFF283390 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF282C60(9dec60) Type: 12 Semaphore Object Header: 0xFF282C48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF283670(a77670) Type: 8 Event Object Header: 0xFF283658 GrantedAccess: 2 PointerCount: 2 HandleCount: 1 Directory: 0xFCE00850 Name: EFSInitEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF281020(9f9020) Type: 6 Thread Object Header: 0xFF281008 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000160 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF283620(a77620) Type: 12 Semaphore Object Header: 0xFF283608 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2835E0(a775e0) Type: 12 Semaphore Object Header: 0xFF2835C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12ED8A0(199c8a0) Type: 18 Key Object Header: 0xE12ED888 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xFF247760(4bc8760) Type: 6 Thread Object Header: 0xFF247748 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000218 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF281C20(9f9c20) Type: 8 Event Object Header: 0xFF281C08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF281BE0(9f9be0) Type: 10 Mutant Object Header: 0xFF281BC8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF281BA0(9f9ba0) Type: 8 Event Object Header: 0xFF281B88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF281B60(9f9b60) Type: 10 Mutant Object Header: 0xFF281B48 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E23E10(78d9e10) Type: 4 Token Object Header: 0xE1E23DF8 GrantedAccess: 8 PointerCount: 22 HandleCount: 2 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,4d68} ParentToken ID: {0,0} Modified ID: {0,c04e} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege Enabled 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF235BD0(7799bd0) Type: 8 Event Object Header: 0xFF235BB8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: IPSEC_POLICY_CHANGE_EVENT SecurityDescriptor: 0xE1EB1218(6b54218) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-18 G: S-1-5-18 D:(A;;0x1f0003;;;BA) OBJECT: 0xFF280BC0(ae5bc0) Type: 8 Event Object Header: 0xFF280BA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF281A80(9f9a80) Type: 8 Event Object Header: 0xFF281A68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282180(9de180) Type: 12 Semaphore Object Header: 0xFF282168 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF281400(9f9400) Type: 8 Event Object Header: 0xFF2813E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA36620(1053620) Type: 5 Process Object Header: 0xFCA36608 GrantedAccess: 478 PointerCount: 217 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: winlogon.exe OBJECT: 0xE1EC1740(b1b740) Type: 18 Key Object Header: 0xE1EC1728 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SECURITY\Policy\ OBJECT: 0xE1EC4E30(4766e30) Type: 19 Port Object Header: 0xE1EC4E18 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE20D3B90(4aa9b90) Type: 19 Port Object Header: 0xE20D3B78 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.0000011C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF151B40(1e44b40) Type: 5 Process Object Header: 0xFF151B28 GrantedAccess: 478 PointerCount: 10 HandleCount: 3 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: dd.exe OBJECT: 0xFF282140(9de140) Type: 12 Semaphore Object Header: 0xFF282128 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13438E0(1acb8e0) Type: 18 Key Object Header: 0xE13438C8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SAM\SAM\ OBJECT: 0xE12A5FE0(18c8fe0) Type: 18 Key Object Header: 0xE12A5FC8 GrantedAccess: 3001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SAM\SAM\RXACT\ OBJECT: 0xE12E70E0(198b0e0) Type: 18 Key Object Header: 0xE12E70C8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SAM\SAM\Domains\Builtin\ OBJECT: 0xE12F5FA0(1a40fa0) Type: 18 Key Object Header: 0xE12F5F88 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SAM\SAM\Domains\Account\ OBJECT: 0xE1E669B0(af09b0) Type: 4 Token Object Header: 0xE1E66998 GrantedAccess: f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-1-0 AuthenticationID: {0,3e7} Expiration: 1601-01-01 00:00:13Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: SamSS {0,58b1} TokenFlags: 0x0 Token ID: {0,58b3} ParentToken ID: {0,0} Modified ID: {0,58b2} SessionID: 0 TokenInUse: No Groups: PrimaryGroup: S-1-1-0 OBJECT: 0xE1E655F0(b685f0) Type: 19 Port Object Header: 0xE1E655D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.000000EC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF282680(9de680) Type: 8 Event Object Header: 0xFF282668 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E66610(af0610) Type: 19 Port Object Header: 0xE1E665F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA2A500(1047500) Type: 5 Process Object Header: 0xFCA2A4E8 GrantedAccess: 478 PointerCount: 126 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xE1E66030(af0030) Type: 19 Port Object Header: 0xE1E66018 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000178 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA2A500(1047500) Type: 5 Process Object Header: 0xFCA2A4E8 GrantedAccess: 478 PointerCount: 126 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: lsass.exe OBJECT: 0xE1E29650(7a84650) Type: 19 Port Object Header: 0xE1E29638 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000128 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF27DBD0(b4fbd0) Type: 8 Event Object Header: 0xFF27DBB8 GrantedAccess: 100002 PointerCount: 2 HandleCount: 1 Directory: 0xFCE00850 Name: SAM_SERVICE_STARTED SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF277520(dd0520) Type: 5 Process Object Header: 0xFF277508 GrantedAccess: 478 PointerCount: 120 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFCA25B00(1042b00) Type: 8 Event Object Header: 0xFCA25AE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA25B80(1042b80) Type: 6 Thread Object Header: 0xFCA25B68 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000F8 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF23C600(65f7600) Type: 8 Event Object Header: 0xFF23C5E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EA7750(6437750) Type: 19 Port Object Header: 0xE1EA7738 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF241020(54c1020) Type: 5 Process Object Header: 0xFF241008 GrantedAccess: 478 PointerCount: 12 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: regsvc.exe OBJECT: 0xFF23A6C0(64006c0) Type: 8 Event Object Header: 0xFF23A6A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E48F50(7c38f50) Type: 19 Port Object Header: 0xE1E48F38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA2BBC0(1048bc0) Type: 5 Process Object Header: 0xFCA2BBA8 GrantedAccess: 478 PointerCount: 261 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xFF238EC0(64a8ec0) Type: 8 Event Object Header: 0xFF238EA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238E80(64a8e80) Type: 10 Mutant Object Header: 0xFF238E68 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E48520(7c38520) Type: 18 Key Object Header: 0xE1E48508 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF23ACA0(6400ca0) Type: 8 Event Object Header: 0xFF23AC88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E48700(7c38700) Type: 18 Key Object Header: 0xE1E486E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF239580(65e2580) Type: 8 Event Object Header: 0xFF239568 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF239500(65e2500) Type: 8 Event Object Header: 0xFF2394E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E48680(7c38680) Type: 18 Key Object Header: 0xE1E48668 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE1EADBA0(4563ba0) Type: 18 Key Object Header: 0xE1EADB88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF239460(65e2460) Type: 8 Event Object Header: 0xFF239448 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EADB20(4563b20) Type: 18 Key Object Header: 0xE1EADB08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF2393C0(65e23c0) Type: 8 Event Object Header: 0xFF2393A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EADAA0(4563aa0) Type: 18 Key Object Header: 0xE1EADA88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF239320(65e2320) Type: 8 Event Object Header: 0xFF239308 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EADA20(4563a20) Type: 18 Key Object Header: 0xE1EADA08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF239280(65e2280) Type: 8 Event Object Header: 0xFF239268 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2391E0(65e21e0) Type: 8 Event Object Header: 0xFF2391C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E47EA0(897ea0) Type: 18 Key Object Header: 0xE1E47E88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF239140(65e2140) Type: 8 Event Object Header: 0xFF239128 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E47E20(897e20) Type: 18 Key Object Header: 0xE1E47E08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF2390A0(65e20a0) Type: 8 Event Object Header: 0xFF239088 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E47DA0(897da0) Type: 18 Key Object Header: 0xE1E47D88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF238FA0(64a8fa0) Type: 8 Event Object Header: 0xFF238F88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE1E47D20(897d20) Type: 18 Key Object Header: 0xE1E47D08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF238DC0(64a8dc0) Type: 12 Semaphore Object Header: 0xFF238DA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238E20(64a8e20) Type: 12 Semaphore Object Header: 0xFF238E08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238D80(64a8d80) Type: 8 Event Object Header: 0xFF238D68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238D40(64a8d40) Type: 8 Event Object Header: 0xFF238D28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238A40(64a8a40) Type: 12 Semaphore Object Header: 0xFF238A28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238A00(64a8a00) Type: 12 Semaphore Object Header: 0xFF2389E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E46C80(7ce9c80) Type: 18 Key Object Header: 0xE1E46C68 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF2389C0(64a89c0) Type: 8 Event Object Header: 0xFF2389A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238920(64a8920) Type: 8 Event Object Header: 0xFF238908 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27BB70(eb3b70) Type: 10 Mutant Object Header: 0xFF27BB58 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC61C10 Name: RasPbFile SecurityDescriptor: 0xE1E6B558(cb1558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF2388C0(64a88c0) Type: 8 Event Object Header: 0xFF2388A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238880(64a8880) Type: 8 Event Object Header: 0xFF238868 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238840(64a8840) Type: 12 Semaphore Object Header: 0xFF238828 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238800(64a8800) Type: 12 Semaphore Object Header: 0xFF2387E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2387C0(64a87c0) Type: 8 Event Object Header: 0xFF2387A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12D7460(1952460) Type: 18 Key Object Header: 0xE12D7448 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xFF23AD48(6400d48) Type: 26 File Object Header: 0xFF23AD30 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF238768 (64a8768) Unknown1: 0xE1D3EC80 (692cc80) Unknown2: 0xe1d3ecbc OBJECT: 0xFF2386A8(64a86a8) Type: 26 File Object Header: 0xFF238690 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF238728 (64a8728) Unknown1: 0xE1D3EC80 (692cc80) Unknown2: 0xe1d3ecbc OBJECT: 0xFF2385C8(64a85c8) Type: 26 File Object Header: 0xFF2385B0 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF238528(64a8528) Type: 26 File Object Header: 0xFF238510 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF238488(64a8488) Type: 26 File Object Header: 0xFF238470 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE12F80A0(19ca0a0) Type: 18 Key Object Header: 0xE12F8088 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE133D4C0(1ab34c0) Type: 18 Key Object Header: 0xE133D4A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE12DA3C0(19e03c0) Type: 18 Key Object Header: 0xE12DA3A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xFF239728(65e2728) Type: 26 File Object Header: 0xFF239710 GrantedAccess: 120196 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\debug\ipsecpa.log OBJECT: 0xFF23F720(5849720) Type: 8 Event Object Header: 0xFF23F708 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF235C00(7799c00) Type: 8 Event Object Header: 0xFF235BE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF235B80(7799b80) Type: 8 Event Object Header: 0xFF235B68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF235B10(7799b10) Type: 8 Event Object Header: 0xFF235AF8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: IPSEC_POLICY_CHANGE_NOTIFY SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1E23E10(78d9e10) Type: 4 Token Object Header: 0xE1E23DF8 GrantedAccess: 8 PointerCount: 22 HandleCount: 2 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,4d68} ParentToken ID: {0,0} Modified ID: {0,c04e} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege Enabled 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF235B40(7799b40) Type: 8 Event Object Header: 0xFF235B28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF235AC0(7799ac0) Type: 8 Event Object Header: 0xFF235AA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF247760(4bc8760) Type: 6 Thread Object Header: 0xFF247748 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000218 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF234100(28a2100) Type: 8 Event Object Header: 0xFF2340E8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF236DA0(7774da0) Type: 8 Event Object Header: 0xFF236D88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF234380(28a2380) Type: 8 Event Object Header: 0xFF234368 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2344A8(28a24a8) Type: 26 File Object Header: 0xFF234490 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF234128 (28a2128) Type: 0xafd1 Process: 0xFCA2A500 lsass.exe EndpointLinks: {0xFF254638:FF22FBD8} AfdTransportAddress: 0xFF2342E8 (28a22e8) DeviceString: \Device\Udp OBJECT: 0xFF22E860(dc5860) Type: 8 Event Object Header: 0xFF22E848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EBFB10(21ebb10) Type: 19 Port Object Header: 0xE1EBFAF8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA2BBC0(1048bc0) Type: 5 Process Object Header: 0xFCA2BBA8 GrantedAccess: 478 PointerCount: 261 HandleCount: 6 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: services.exe OBJECT: 0xE1EBF3D0(21eb3d0) Type: 19 Port Object Header: 0xE1EBF3B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF23ED60(560ad60) Type: 5 Process Object Header: 0xFF23ED48 GrantedAccess: 478 PointerCount: 98 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: MSTask.exe OBJECT: 0xFF23F620(5849620) Type: 12 Semaphore Object Header: 0xFF23F608 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22B6C8(4e366c8) Type: 26 File Object Header: 0xFF22B6B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xE1E6A030(b8b030) Type: 19 Port Object Header: 0xE1E6A018 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000124 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCE00C60(141dc60) Type: 5 Process Object Header: 0xFCE00C48 GrantedAccess: 478 PointerCount: 44 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: System OBJECT: 0xFF225680(478b680) Type: 8 Event Object Header: 0xFF225668 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xE1EF2B70(accb70) Type: 4 Token Object Header: 0xE1EF2B58 GrantedAccess: 600fe PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,98c1} ParentToken ID: {0,0} Modified ID: {0,98c3} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege Enabled 3 0x9 SeTakeOwnershipPrivilege Enabled 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege Enabled 7 0x5 SeIncreaseQuotaPrivilege Enabled 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege Enabled 13 0x22 SeSystemEnvironmentPrivilege Enabled 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege Enabled 16 0x18 SeRestorePrivilege Enabled 17 0x19 SeShutdownPrivilege Enabled 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege Enabled 21 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF21D800(6623800) Type: 8 Event Object Header: 0xFF21D7E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21D900(6623900) Type: 6 Thread Object Header: 0xFF21D8E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000002A0 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF289A48(85ea48) Type: 26 File Object Header: 0xFF289A30 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF17CD88 (4292d88) Unknown1: 0x00005453 (1) Unknown2: 0x5 Address Object: 0xFF19B828 (384a828) Local Address: 0x200a8c0:f401 192.168.0.2:500 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF237960(646c960) Type: 8 Event Object Header: 0xFF237948 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF28A540(fc4540) Type: 8 Event Object Header: 0xFF28A528 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF1E6868(507f868) Type: 26 File Object Header: 0xFF1E6850 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\POLICYAGENT OBJECT: 0xFF1E67C8(507f7c8) Type: 26 File Object Header: 0xFF1E67B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\POLICYAGENT OBJECT: 0xE1397EC0(293bec0) Type: 19 Port Object Header: 0xE1397EA8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCD642F0 Name: policyagent SecurityDescriptor: 0xE1F35178(6539178) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCSDRC;;;WD)(A;;CCSDRC;;;RC)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;BA) Creator: 000000F0.00000218 ClientThread: 0x00000000 ServerProcess: 0xFCA2A500 OBJECT: 0xFF1D87E0(1eea7e0) Type: 8 Event Object Header: 0xFF1D87C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF233D60(6b8ad60) Type: 6 Thread Object Header: 0xFF233D48 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.00000298 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF1DA520(1f40520) Type: 8 Event Object Header: 0xFF1DA508 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DA488(1f40488) Type: 26 File Object Header: 0xFF1DA470 GrantedAccess: 120196 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\debug\oakley.log OBJECT: 0xFF233C20(6b8ac20) Type: 8 Event Object Header: 0xFF233C08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D7D48(1eebd48) Type: 26 File Object Header: 0xFF1D7D30 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF233C68(6b8ac68) Type: 26 File Object Header: 0xFF233C50 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: IPSEC OBJECT: 0xFF1DA560(1f40560) Type: 8 Event Object Header: 0xFF1DA548 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D9020(1ee9020) Type: 6 Thread Object Header: 0xFF1D9008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000000F0.000000E0 ThreadsProcess: 0xFCA2A500 OBJECT: 0xFF233D00(6b8ad00) Type: 25 IoCompletion Object Header: 0xFF233CE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 OBJECT: 0xFF1D77E0(1eeb7e0) Type: 8 Event Object Header: 0xFF1D77C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF20D3E0(477e3e0) Type: 8 Event Object Header: 0xFF20D3C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD48968(1365968) Type: 26 File Object Header: 0xFCD48950 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\WMIEP_f0 OBJECT: 0xFCD48188(1365188) Type: 26 File Object Header: 0xFCD48170 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFCD48028(1365028) Type: 26 File Object Header: 0xFCD48010 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\WMIEP_f0 OBJECT: 0xFF1CDA00(4703a00) Type: 5 Process Object Header: 0xFF1CD9E8 GrantedAccess: 478 PointerCount: 152 HandleCount: 5 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Explorer.Exe OBJECT: 0xFF18E2C0(3ac02c0) Type: 8 Event Object Header: 0xFF18E2A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1ED5030(2d4e030) Type: 4 Token Object Header: 0xE1ED5018 GrantedAccess: 600fe PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,20446} ParentToken ID: {0,0} Modified ID: {0,20448} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege Enabled 3 0x9 SeTakeOwnershipPrivilege Enabled 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege Enabled 7 0x5 SeIncreaseQuotaPrivilege Enabled 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege Enabled 13 0x22 SeSystemEnvironmentPrivilege Enabled 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege Enabled 16 0x18 SeRestorePrivilege Enabled 17 0x19 SeShutdownPrivilege Enabled 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege Enabled 21 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF277960(dd0960) Type: 5 Process Object Header: 0xFF277948 GrantedAccess: 478 PointerCount: 122 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xE2063990(3ae3990) Type: 19 Port Object Header: 0xE2063978 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000128 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1EFD4B0(4f5d4b0) Type: 19 Port Object Header: 0xE1EFD498 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000000F0.00000128 ClientThread: 0x00000000 ServerProcess: 0x00000000 8. TABLE: 0xFF277D68(dd0d68): Table: 0xE1E71000 QuotaProcess: 0xFF277520 ProcessId: 194 HandleCount: 238 CapturedHandleCount: 238 TableLevel: 2 StrictFIFO: No OBJECT: 0xE13ACBD0(2b2cbd0) Type: 17 Section Object Header: 0xE13ACBB8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE12FD268(1a0a268) BasedAddress: 0x08A86420 SizeOfSegment: 0x5000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\svchost.exe OBJECT: 0xFF277440(dd0440) Type: 8 Event Object Header: 0xFF277428 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF277400(dd0400) Type: 8 Event Object Header: 0xFF2773E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2773C0(dd03c0) Type: 8 Event Object Header: 0xFF2773A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF277328(dd0328) Type: 26 File Object Header: 0xFF277310 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF276DE0(dcdde0) Type: 8 Event Object Header: 0xFF276DC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1E70D30(dabd30) Type: 19 Port Object Header: 0xE1E70D18 GrantedAccess: 1f0001 PointerCount: 10 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.00000190 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE12F2F60(19b6f60) Type: 18 Key Object Header: 0xE12F2F48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF276580(dcd580) Type: 8 Event Object Header: 0xFF276568 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation Object Header: 0xFCA28940 GrantedAccess: f016e PointerCount: 25 HandleCount: 15 Directory: 0xFCC5FD10 Name: Service-0x0-3e7$ OBJECT: 0xFCA272B8(10442b8) Type: 16 Desktop Object Header: 0xFCA272A0 GrantedAccess: f00cf PointerCount: 296 HandleCount: 8 Directory: 0x00000000 Name: Default OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation Object Header: 0xFCA28940 GrantedAccess: f016e PointerCount: 25 HandleCount: 15 Directory: 0xFCC5FD10 Name: Service-0x0-3e7$ OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF277E08(dd0e08) Type: 26 File Object Header: 0xFF277DF0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe2 OBJECT: 0xFF276340(dcd340) Type: 8 Event Object Header: 0xFF276328 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF276300(dcd300) Type: 8 Event Object Header: 0xFF2762E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2762C0(dcd2c0) Type: 8 Event Object Header: 0xFF2762A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF275DA0(dbdda0) Type: 25 IoCompletion Object Header: 0xFF275D88 GrantedAccess: 1f0003 PointerCount: 11 HandleCount: 2 Waiting Thread: 0xFF26F020 Process: 0xFF277520 APCProcess: 0xFF277520 OBJECT: 0xFF275DA0(dbdda0) Type: 25 IoCompletion Object Header: 0xFF275D88 GrantedAccess: 1f0003 PointerCount: 11 HandleCount: 2 Waiting Thread: 0xFF26F020 Process: 0xFF277520 APCProcess: 0xFF277520 OBJECT: 0xFF275D60(dbdd60) Type: 8 Event Object Header: 0xFF275D48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF276020(dcd020) Type: 6 Thread Object Header: 0xFF276008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000190 ThreadsProcess: 0xFF277520 OBJECT: 0xFF275B40(dbdb40) Type: 8 Event Object Header: 0xFF275B28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF275BE8(dbdbe8) Type: 26 File Object Header: 0xFF275BD0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFCA33910(1050910) Type: 8 Event Object Header: 0xFCA338F8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC61C10 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE1355020(1b56020) Type: 18 Key Object Header: 0xE1355008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF277240(dd0240) Type: 8 Event Object Header: 0xFF277228 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2771C0(dd01c0) Type: 8 Event Object Header: 0xFF2771A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2757C0(dbd7c0) Type: 6 Thread Object Header: 0xFF2757A8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000001A0 ThreadsProcess: 0xFF277520 OBJECT: 0xFF2770C0(dd00c0) Type: 8 Event Object Header: 0xFF2770A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF277080(dd0080) Type: 8 Event Object Header: 0xFF277068 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF275380(dbd380) Type: 8 Event Object Header: 0xFF275368 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1336170(1ac3170) Type: 19 Port Object Header: 0xE1336158 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.000001A0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF275340(dbd340) Type: 8 Event Object Header: 0xFF275328 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1353B40(1b52b40) Type: 18 Key Object Header: 0xE1353B28 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\OLE\ OBJECT: 0xE1354C80(1b55c80) Type: 19 Port Object Header: 0xE1354C68 GrantedAccess: 1f0001 PointerCount: 25 HandleCount: 1 Directory: 0xFCD642F0 Name: epmapper SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 00000194.000001A0 ClientThread: 0x00000000 ServerProcess: 0xFF277520 OBJECT: 0xFF148900(26c9900) Type: 6 Thread Object Header: 0xFF1488E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000148 ThreadsProcess: 0xFF277520 OBJECT: 0xFCA2E920(104b920) Type: 8 Event Object Header: 0xFCA2E908 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF274DE0(e3ede0) Type: 8 Event Object Header: 0xFF274DC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2757C0(dbd7c0) Type: 6 Thread Object Header: 0xFF2757A8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000001A0 ThreadsProcess: 0xFF277520 OBJECT: 0xE1396120(2978120) Type: 18 Key Object Header: 0xE1396108 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF274D60(e3ed60) Type: 8 Event Object Header: 0xFF274D48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2C3A0(7a4e3a0) Type: 18 Key Object Header: 0xE1E2C388 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xFF273EE0(ec5ee0) Type: 8 Event Object Header: 0xFF273EC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273EA0(ec5ea0) Type: 8 Event Object Header: 0xFF273E88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273E60(ec5e60) Type: 8 Event Object Header: 0xFF273E48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273E00(ec5e00) Type: 8 Event Object Header: 0xFF273DE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273660(ec5660) Type: 8 Event Object Header: 0xFF273648 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273620(ec5620) Type: 10 Mutant Object Header: 0xFF273608 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273D80(ec5d80) Type: 8 Event Object Header: 0xFF273D68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E70260(dab260) Type: 18 Key Object Header: 0xE1E70248 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1E728E0(de38e0) Type: 18 Key Object Header: 0xE1E728C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF273CE0(ec5ce0) Type: 8 Event Object Header: 0xFF273CC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273C40(ec5c40) Type: 8 Event Object Header: 0xFF273C28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E72860(de3860) Type: 18 Key Object Header: 0xE1E72848 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE1E73FE0(e8cfe0) Type: 18 Key Object Header: 0xE1E73FC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF273BA0(ec5ba0) Type: 8 Event Object Header: 0xFF273B88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E73F60(e8cf60) Type: 18 Key Object Header: 0xE1E73F48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF273B00(ec5b00) Type: 8 Event Object Header: 0xFF273AE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E73EE0(e8cee0) Type: 18 Key Object Header: 0xE1E73EC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF273A60(ec5a60) Type: 8 Event Object Header: 0xFF273A48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E73E60(e8ce60) Type: 18 Key Object Header: 0xE1E73E48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF2739C0(ec59c0) Type: 8 Event Object Header: 0xFF2739A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273920(ec5920) Type: 8 Event Object Header: 0xFF273908 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E726E0(de36e0) Type: 18 Key Object Header: 0xE1E726C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF273880(ec5880) Type: 8 Event Object Header: 0xFF273868 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E72660(de3660) Type: 18 Key Object Header: 0xE1E72648 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF2737E0(ec57e0) Type: 8 Event Object Header: 0xFF2737C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E725E0(de35e0) Type: 18 Key Object Header: 0xE1E725C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF273740(ec5740) Type: 8 Event Object Header: 0xFF273728 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF2735E0(ec55e0) Type: 8 Event Object Header: 0xFF2735C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2735A0(ec55a0) Type: 10 Mutant Object Header: 0xFF273588 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E702E0(dab2e0) Type: 18 Key Object Header: 0xE1E702C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xFF273560(ec5560) Type: 8 Event Object Header: 0xFF273548 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273520(ec5520) Type: 10 Mutant Object Header: 0xFF273508 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2734E0(ec54e0) Type: 12 Semaphore Object Header: 0xFF2734C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2734A0(ec54a0) Type: 12 Semaphore Object Header: 0xFF273488 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273460(ec5460) Type: 8 Event Object Header: 0xFF273448 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273420(ec5420) Type: 8 Event Object Header: 0xFF273408 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF273100(ec5100) Type: 12 Semaphore Object Header: 0xFF2730E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2730C0(ec50c0) Type: 12 Semaphore Object Header: 0xFF2730A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E724A0(de34a0) Type: 18 Key Object Header: 0xE1E72488 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF273080(ec5080) Type: 8 Event Object Header: 0xFF273068 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27BB70(eb3b70) Type: 10 Mutant Object Header: 0xFF27BB58 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC61C10 Name: RasPbFile SecurityDescriptor: 0xE1E6B558(cb1558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF272F80(e84f80) Type: 8 Event Object Header: 0xFF272F68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF272F40(e84f40) Type: 8 Event Object Header: 0xFF272F28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF272F00(e84f00) Type: 8 Event Object Header: 0xFF272EE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF272EC0(e84ec0) Type: 12 Semaphore Object Header: 0xFF272EA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF272E80(e84e80) Type: 12 Semaphore Object Header: 0xFF272E68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF272E40(e84e40) Type: 8 Event Object Header: 0xFF272E28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF274628(e3e628) Type: 26 File Object Header: 0xFF274610 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF272DE8 (e84de8) OBJECT: 0xFF272D68(e84d68) Type: 26 File Object Header: 0xFF272D50 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF272D08 (e84d08) OBJECT: 0xFF272C88(e84c88) Type: 26 File Object Header: 0xFF272C70 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF272BE8(e84be8) Type: 26 File Object Header: 0xFF272BD0 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF272B48(e84b48) Type: 26 File Object Header: 0xFF272B30 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE1E73BE0(e8cbe0) Type: 18 Key Object Header: 0xE1E73BC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xFF272A80(e84a80) Type: 8 Event Object Header: 0xFF272A68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E73BA0(e8cba0) Type: 18 Key Object Header: 0xE1E73B88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE1E73B60(e8cb60) Type: 18 Key Object Header: 0xE1E73B48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE1E73B20(e8cb20) Type: 18 Key Object Header: 0xE1E73B08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xFF272B00(e84b00) Type: 8 Event Object Header: 0xFF272AE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF272608(e84608) Type: 26 File Object Header: 0xFF2725F0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF2723C8 (e843c8) Type: 0xafd4 Process: 0xFF277520 svchost.exe EndpointLinks: {0xF80001E8:FF2716F8} AfdTransportAddress: 0xFF272588 (e84588) DeviceString: \Device\Tcp OBJECT: 0xFF272508(e84508) Type: 26 File Object Header: 0xFF2724F0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF272388 (e84388) Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} OBJECT: 0xFF271788(38f788) Type: 26 File Object Header: 0xFF271770 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF271648 (38f648) Type: 0xafd0 Process: 0xFF277520 svchost.exe EndpointLinks: {0xFF272478:FF26FE58} AfdTransportAddress: 0xFF272588 (e84588) DeviceString: \Device\Tcp OBJECT: 0xFF270600(fb0600) Type: 12 Semaphore Object Header: 0xFF2705E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF270920(fb0920) Type: 12 Semaphore Object Header: 0xFF270908 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E73440(e8c440) Type: 18 Key Object Header: 0xE1E73428 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASADHLP\ OBJECT: 0xFF2705C0(fb05c0) Type: 8 Event Object Header: 0xFF2705A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF270540(fb0540) Type: 8 Event Object Header: 0xFF270528 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26F020(f74020) Type: 6 Thread Object Header: 0xFF26F008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000001A8 ThreadsProcess: 0xFF277520 OBJECT: 0xFF270468(fb0468) Type: 26 File Object Header: 0xFF270450 GrantedAccess: 160089 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\Winsock2\CatalogChangeListener-194-0 OBJECT: 0xE1E732C0(e8c2c0) Type: 18 Key Object Header: 0xE1E732A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Rpc\NetBIOS\ OBJECT: 0xFF26F020(f74020) Type: 6 Thread Object Header: 0xFF26F008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000001A8 ThreadsProcess: 0xFF277520 OBJECT: 0xFF2703E0(fb03e0) Type: 8 Event Object Header: 0xFF2703C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26FEE8(f74ee8) Type: 26 File Object Header: 0xFF26FED0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF26FDA8 (f74da8) Type: 0xafd0 Process: 0xFF277520 svchost.exe EndpointLinks: {0xFF2716F8:FF254638} AfdTransportAddress: 0xFF272588 (e84588) DeviceString: \Device\Tcp OBJECT: 0xFF26FCC0(f74cc0) Type: 8 Event Object Header: 0xFF26FCA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E75020(edd020) Type: 18 Key Object Header: 0xE1E75008 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\{E41F8207-9EAD-4C09-8BC4-06F8E425196E}\Parameters\Tcpip\ OBJECT: 0xE1E75FE0(eddfe0) Type: 18 Key Object Header: 0xE1E75FC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D}\Parameters\Tcpip\ OBJECT: 0xE1E75E20(edde20) Type: 18 Key Object Header: 0xE1E75E08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE1394960(2976960) Type: 18 Key Object Header: 0xE1394948 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\AppID\ OBJECT: 0xFF26F9C0(f749c0) Type: 8 Event Object Header: 0xFF26F9A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26F980(f74980) Type: 8 Event Object Header: 0xFF26F968 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26F940(f74940) Type: 8 Event Object Header: 0xFF26F928 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E416A0(7cc26a0) Type: 17 Section Object Header: 0xE1E41688 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: RotHintTable SecurityDescriptor: 0xE1E41AF8(7cc2af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-18 G: S-1-5-18 D:(A;;LC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1E75C68(eddc68) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF26FF88(f74f88) Type: 26 File Object Header: 0xFF26FF70 GrantedAccess: 100000 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Dfs OBJECT: 0xFF26F868(f74868) Type: 26 File Object Header: 0xFF26F850 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF26F830(f74830) Type: 8 Event Object Header: 0xFF26F818 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: ScmCreatedEvent SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF1F0860(487e860) Type: 8 Event Object Header: 0xFF1F0848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1397DD0(293bdd0) Type: 19 Port Object Header: 0xE1397DB8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.00000148 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF25B400(194a400) Type: 8 Event Object Header: 0xFF25B3E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E833D0(1753d0) Type: 19 Port Object Header: 0xE1E833B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.0000018C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCA2F340(104c340) Type: 8 Event Object Header: 0xFCA2F328 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12A17C0(18a87c0) Type: 18 Key Object Header: 0xE12A17A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE12BCD80(1902d80) Type: 18 Key Object Header: 0xE12BCD68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xE1E86AF0(1a2faf0) Type: 4 Token Object Header: 0xE1E86AD8 GrantedAccess: f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE137A858(281b858) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,666d} ParentToken ID: {0,0} Modified ID: {0,4921} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege OBJECT: 0xFF25EDA0(1d8da0) Type: 8 Event Object Header: 0xFF25ED88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25EC20(1d8c20) Type: 8 Event Object Header: 0xFF25EC08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25ECA0(1d8ca0) Type: 8 Event Object Header: 0xFF25EC88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1343EE0(1acbee0) Type: 18 Key Object Header: 0xE1343EC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF24F680(7ac680) Type: 8 Event Object Header: 0xFF24F668 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE133FA80(1abda80) Type: 18 Key Object Header: 0xE133FA68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF25EEC0(1d8ec0) Type: 8 Event Object Header: 0xFF25EEA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1342F60(1acaf60) Type: 18 Key Object Header: 0xE1342F48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF2513C0(47933c0) Type: 8 Event Object Header: 0xFF2513A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1340660(1a9a660) Type: 18 Key Object Header: 0xE1340648 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF251340(4793340) Type: 8 Event Object Header: 0xFF251328 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2512A0(47932a0) Type: 8 Event Object Header: 0xFF251288 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13625A0(22bc5a0) Type: 18 Key Object Header: 0xE1362588 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF251D80(4793d80) Type: 8 Event Object Header: 0xFF251D68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1330640(1a92640) Type: 18 Key Object Header: 0xE1330628 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF251CE0(4793ce0) Type: 8 Event Object Header: 0xFF251CC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1330B20(1a92b20) Type: 18 Key Object Header: 0xE1330B08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF251C40(4793c40) Type: 8 Event Object Header: 0xFF251C28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E8D4F0(46f74f0) Object Header: 0xE1E8D4D8 GrantedAccess: c PointerCount: 0 HandleCount: 0 OBJECT: 0xFF24F7A0(7ac7a0) Type: 8 Event Object Header: 0xFF24F788 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24F760(7ac760) Type: 8 Event Object Header: 0xFF24F748 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EBF950(21eb950) Type: 19 Port Object Header: 0xE1EBF938 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.000001F0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1EC47F0(47667f0) Type: 19 Port Object Header: 0xE1EC47D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.0000018C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1EC45D0(47665d0) Type: 4 Token Object Header: 0xE1EC45B8 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE137A858(281b858) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,8a13} ParentToken ID: {0,0} Modified ID: {0,8628} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x25 SeUndockPrivilege Enabled 3 0x13 SeProfileSingleProcessPrivilege Default Enabled 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x10 SeLoadDriverPrivilege Enabled 7 0x23 SeChangeNotifyPrivilege Default Enabled 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled OBJECT: 0xFF22A3C0(4f613c0) Type: 8 Event Object Header: 0xFF22A3A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EC68B0(4e2e8b0) Type: 19 Port Object Header: 0xE1EC6898 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.0000018C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE134FDD0(1af6dd0) Type: 19 Port Object Header: 0xE134FDB8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.00000340 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1E8BC70(280bc70) Type: 19 Port Object Header: 0xE1E8BC58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.000001F0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF229460(4f32460) Type: 8 Event Object Header: 0xFF229448 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22A340(4f61340) Type: 8 Event Object Header: 0xFF22A328 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF161BC0(57f2bc0) Type: 6 Thread Object Header: 0xFF161BA8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000280 ThreadsProcess: 0xFF277520 OBJECT: 0xFF1E4748(4d3c748) Type: 26 File Object Header: 0xFF1E4730 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Udp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF1EA548 (17d548) Address Object: 0xFF1E4008 (4d3c008) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} OBJECT: 0xFF246C28(4be5c28) Type: 26 File Object Header: 0xFF246C10 GrantedAccess: 1f01ff PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF1EA588 (17d588) Type: 0xafd1 Process: 0xFF277520 svchost.exe EndpointLinks: {0xFF1EFAF8:FF16E258} AfdTransportAddress: 0xFF2342E8 (28a22e8) DeviceString: \Device\Udp OBJECT: 0xE1F48770(476d770) Type: 19 Port Object Header: 0xE1F48758 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.0000018C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1EC5E8(4eb95e8) Type: 26 File Object Header: 0xFF1EC5D0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\epmapper OBJECT: 0xFF1EC548(4eb9548) Type: 26 File Object Header: 0xFF1EC530 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\epmapper OBJECT: 0xFF229020(4f32020) Type: 8 Event Object Header: 0xFF229008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF229420(4f32420) Type: 8 Event Object Header: 0xFF229408 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2293E0(4f323e0) Type: 8 Event Object Header: 0xFF2293C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2293A0(4f323a0) Type: 8 Event Object Header: 0xFF229388 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B1AC0(2ff5ac0) Type: 8 Event Object Header: 0xFF1B1AA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DB4A0(1dae4a0) Type: 6 Thread Object Header: 0xFF1DB488 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000124 ThreadsProcess: 0xFF277520 OBJECT: 0xE138C910(290a910) Type: 19 Port Object Header: 0xE138C8F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.000001F0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1B1A80(2ff5a80) Type: 8 Event Object Header: 0xFF1B1A68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1ECD030(25b5030) Type: 4 Token Object Header: 0xE1ECD018 GrantedAccess: f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE13AD918(2b2a918) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,e06a} ParentToken ID: {0,0} Modified ID: {0,cf31} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege OBJECT: 0xE1ED9910(6573910) Object Header: 0xE1ED98F8 GrantedAccess: c PointerCount: 0 HandleCount: 0 OBJECT: 0xFF1B1A00(2ff5a00) Type: 8 Event Object Header: 0xFF1B19E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B19C0(2ff59c0) Type: 8 Event Object Header: 0xFF1B19A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EF35D0(50ed5d0) Type: 4 Token Object Header: 0xE1EF35B8 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE13AD918(2b2a918) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,19040} ParentToken ID: {0,0} Modified ID: {0,ee03} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x25 SeUndockPrivilege Enabled 3 0x10 SeLoadDriverPrivilege Enabled OBJECT: 0xE1EAA150(7896150) Type: 19 Port Object Header: 0xE1EAA138 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.000001F0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE13B0250(2bf0250) Type: 19 Port Object Header: 0xE13B0238 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.000001F0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1A00C0(37c00c0) Type: 8 Event Object Header: 0xFF1A00A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A45C0(35885c0) Type: 8 Event Object Header: 0xFF1A45A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19F2E0(37d02e0) Type: 8 Event Object Header: 0xFF19F2C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A11E0(36ee1e0) Type: 8 Event Object Header: 0xFF1A11C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19E240(3841240) Type: 8 Event Object Header: 0xFF19E228 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19D680(37bd680) Type: 8 Event Object Header: 0xFF19D668 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19DFA0(37bdfa0) Type: 8 Event Object Header: 0xFF19DF88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19D700(37bd700) Type: 8 Event Object Header: 0xFF19D6E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19D6C0(37bd6c0) Type: 8 Event Object Header: 0xFF19D6A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19FD80(37d0d80) Type: 8 Event Object Header: 0xFF19FD68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19FC80(37d0c80) Type: 8 Event Object Header: 0xFF19FC68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19FC40(37d0c40) Type: 8 Event Object Header: 0xFF19FC28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19FBC0(37d0bc0) Type: 8 Event Object Header: 0xFF19FBA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19FB80(37d0b80) Type: 8 Event Object Header: 0xFF19FB68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19FB40(37d0b40) Type: 8 Event Object Header: 0xFF19FB28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19FB00(37d0b00) Type: 8 Event Object Header: 0xFF19FAE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19FAC0(37d0ac0) Type: 8 Event Object Header: 0xFF19FAA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19D640(37bd640) Type: 8 Event Object Header: 0xFF19D628 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19D600(37bd600) Type: 8 Event Object Header: 0xFF19D5E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19D5C0(37bd5c0) Type: 8 Event Object Header: 0xFF19D5A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19D580(37bd580) Type: 8 Event Object Header: 0xFF19D568 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19D540(37bd540) Type: 8 Event Object Header: 0xFF19D528 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19F880(37d0880) Type: 8 Event Object Header: 0xFF19F868 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19D500(37bd500) Type: 8 Event Object Header: 0xFF19D4E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19DE60(37bde60) Type: 8 Event Object Header: 0xFF19DE48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19D460(37bd460) Type: 8 Event Object Header: 0xFF19D448 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF209120(1ad1120) Type: 8 Event Object Header: 0xFF209108 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18ADA0(3a7eda0) Type: 6 Thread Object Header: 0xFF18AD88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000354 ThreadsProcess: 0xFF277520 OBJECT: 0xE1EDD7B0(54d77b0) Type: 19 Port Object Header: 0xE1EDD798 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.00000280 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF208D20(6b92d20) Type: 8 Event Object Header: 0xFF208D08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1955E0(38eb5e0) Type: 8 Event Object Header: 0xFF1955C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2063E30(3ae3e30) Type: 19 Port Object Header: 0xE2063E18 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.000001F0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF18ADA0(3a7eda0) Type: 6 Thread Object Header: 0xFF18AD88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.00000354 ThreadsProcess: 0xFF277520 OBJECT: 0xFF180FE0(98dfe0) Type: 8 Event Object Header: 0xFF180FC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17A020(43d4020) Type: 8 Event Object Header: 0xFF17A008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A9120(339b120) Type: 8 Event Object Header: 0xFF1A9108 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19D420(37bd420) Type: 8 Event Object Header: 0xFF19D408 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE20878F0(58a38f0) Type: 19 Port Object Header: 0xE20878D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.00000280 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF17A740(43d4740) Type: 8 Event Object Header: 0xFF17A728 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF208C60(6b92c60) Type: 8 Event Object Header: 0xFF208C48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17A700(43d4700) Type: 8 Event Object Header: 0xFF17A6E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF175800(37ef800) Type: 8 Event Object Header: 0xFF1757E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E3B410(b45410) Type: 19 Port Object Header: 0xE1E3B3F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.00000354 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE13D84B0(58de4b0) Type: 19 Port Object Header: 0xE13D8498 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.00000354 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF147320(2ce4320) Type: 6 Thread Object Header: 0xFF147308 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000194.000003D8 ThreadsProcess: 0xFF277520 OBJECT: 0xFF132440(6678440) Type: 8 Event Object Header: 0xFF132428 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13DCC50(5987c50) Type: 19 Port Object Header: 0xE13DCC38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000194.0000018C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1EC1A0(4eb91a0) Type: 8 Event Object Header: 0xFF1EC188 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 9. TABLE: 0xFF2765A8(dcd5a8): Table: 0xE1E76000 QuotaProcess: 0xFF2748A0 ProcessId: 1b0 HandleCount: 98 CapturedHandleCount: 98 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1E759B0(edd9b0) Type: 17 Section Object Header: 0xE1E75998 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1D3D148(6947148) BasedAddress: 0x08AD4428 SizeOfSegment: 0xd000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\spoolsv.exe OBJECT: 0xFF26EC20(f7ec20) Type: 8 Event Object Header: 0xFF26EC08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26EBE0(f7ebe0) Type: 8 Event Object Header: 0xFF26EBC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26EB80(f7eb80) Type: 8 Event Object Header: 0xFF26EB68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF26EAE8(f7eae8) Type: 26 File Object Header: 0xFF26EAD0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32 OBJECT: 0xFF26E820(f7e820) Type: 8 Event Object Header: 0xFF26E808 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1E75510(edd510) Type: 19 Port Object Header: 0xE1E754F8 GrantedAccess: 1f0001 PointerCount: 11 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001B0.000001AC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFF26E6C0(f7e6c0) Type: 8 Event Object Header: 0xFF26E6A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E754C0(edd4c0) Type: 18 Key Object Header: 0xE1E754A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF26E948(f7e948) Type: 26 File Object Header: 0xFF26E930 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe3 OBJECT: 0xFF26E620(f7e620) Type: 8 Event Object Header: 0xFF26E608 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26E560(f7e560) Type: 8 Event Object Header: 0xFF26E548 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26E520(f7e520) Type: 8 Event Object Header: 0xFF26E508 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26E4C0(f7e4c0) Type: 25 IoCompletion Object Header: 0xFF26E4A8 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 2 Waiting Thread: 0xFF26D4A0 Process: 0xFF2748A0 APCProcess: 0xFF2748A0 OBJECT: 0xFF26E4C0(f7e4c0) Type: 25 IoCompletion Object Header: 0xFF26E4A8 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 2 Waiting Thread: 0xFF26D4A0 Process: 0xFF2748A0 APCProcess: 0xFF2748A0 OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF26E480(f7e480) Type: 8 Event Object Header: 0xFF26E468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26ED80(f7ed80) Type: 6 Thread Object Header: 0xFF26ED68 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001AC ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF26D020(f2c020) Type: 8 Event Object Header: 0xFF26D008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF276388(dcd388) Type: 26 File Object Header: 0xFF276370 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF26DC00(f2cc00) Type: 8 Event Object Header: 0xFF26DBE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26DBC0(f2cbc0) Type: 8 Event Object Header: 0xFF26DBA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26DC40(f2cc40) Type: 6 Thread Object Header: 0xFF26DC28 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001B4 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF26DB28(f2cb28) Type: 26 File Object Header: 0xFF26DB10 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\spoolss OBJECT: 0xFF26D7C8(f2c7c8) Type: 26 File Object Header: 0xFF26D7B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\spoolss OBJECT: 0xFF26D720(f2c720) Type: 8 Event Object Header: 0xFF26D708 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26D4A0(f2c4a0) Type: 6 Thread Object Header: 0xFF26D488 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001B8 ThreadsProcess: 0xFF2748A0 OBJECT: 0xE13534C0(1b524c0) Type: 19 Port Object Header: 0xE13534A8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCD642F0 Name: spoolss SecurityDescriptor: 0xE1E75398(edd398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100001;;;BU)(A;;0x100001;;;PU)(A;;0x120001;;;WD)(A;;0x1f0001;;;CO)(A;;0x1f0001;;;SY)(A;;0x1f0001;;;BA) Creator: 000001B0.000001B4 ClientThread: 0x00000000 ServerProcess: 0xFF2748A0 OBJECT: 0xFF26D420(f2c420) Type: 8 Event Object Header: 0xFF26D408 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26CDA0(fadda0) Type: 6 Thread Object Header: 0xFF26CD88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.000001BC ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF26C900(fad900) Type: 8 Event Object Header: 0xFF26C8E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF26C880(fad880) Type: 8 Event Object Header: 0xFF26C868 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFF26C730(fad730) Type: 8 Event Object Header: 0xFF26C718 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: RouterPreInitEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF26CA80(fada80) Type: 8 Event Object Header: 0xFF26CA68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF157660(4054660) Type: 8 Event Object Header: 0xFF157648 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF200640(4dd8640) Type: 8 Event Object Header: 0xFF200628 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF252B00(7c8b00) Type: 8 Event Object Header: 0xFF252AE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF252AC0(7c8ac0) Type: 8 Event Object Header: 0xFF252AA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF163380(5047380) Type: 8 Event Object Header: 0xFF163368 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2046940(39f9940) Type: 18 Key Object Header: 0xE2046928 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xFF148020(26c9020) Type: 6 Thread Object Header: 0xFF148008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.0000044C ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF1518A0(1e448a0) Type: 6 Thread Object Header: 0xFF151888 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.00000460 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF15A300(23a8300) Type: 8 Event Object Header: 0xFF15A2E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF168360(53db360) Type: 8 Event Object Header: 0xFF168348 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCC99C0(12e69c0) Type: 8 Event Object Header: 0xFCCC99A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF20E7C0(45b47c0) Type: 8 Event Object Header: 0xFF20E7A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF156DC0(1973dc0) Type: 8 Event Object Header: 0xFF156DA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1518A0(1e448a0) Type: 6 Thread Object Header: 0xFF151888 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.00000460 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFF1E6EC0(507fec0) Type: 8 Event Object Header: 0xFF1E6EA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF152C60(21cec60) Type: 12 Semaphore Object Header: 0xFF152C48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26D300(f2c300) Type: 8 Event Object Header: 0xFF26D2E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF152C20(21cec20) Type: 8 Event Object Header: 0xFF152C08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF154E60(4fcbe60) Type: 12 Semaphore Object Header: 0xFF154E48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF152BA0(21ceba0) Type: 8 Event Object Header: 0xFF152B88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15F640(54ef640) Type: 12 Semaphore Object Header: 0xFF15F628 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15F600(54ef600) Type: 12 Semaphore Object Header: 0xFF15F5E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE205D6E0(3a766e0) Type: 18 Key Object Header: 0xE205D6C8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASADHLP\ OBJECT: 0xFF15F5C0(54ef5c0) Type: 8 Event Object Header: 0xFF15F5A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EE74F0(22524f0) Type: 19 Port Object Header: 0xE1EE74D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001B0.00000460 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1339560(1aa8560) Type: 18 Key Object Header: 0xE1339548 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\ OBJECT: 0xE1EB15A0(6b545a0) Type: 18 Key Object Header: 0xE1EB1588 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Print\Printers\ OBJECT: 0xFF14A020(2e68020) Type: 8 Event Object Header: 0xFF14A008 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14CF00(1fdef00) Type: 8 Event Object Header: 0xFF14CEE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF167E00(6627e00) Type: 8 Event Object Header: 0xFF167DE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A95A0(339b5a0) Type: 8 Event Object Header: 0xFF1A9588 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF159180(4882180) Type: 8 Event Object Header: 0xFF159168 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1591C0(48821c0) Type: 8 Event Object Header: 0xFF1591A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E6D80(507fd80) Type: 8 Event Object Header: 0xFF1E6D68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A6E40(3506e40) Type: 8 Event Object Header: 0xFF1A6E28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A6E00(3506e00) Type: 8 Event Object Header: 0xFF1A6DE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A6DC0(3506dc0) Type: 8 Event Object Header: 0xFF1A6DA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AE6A0(2db66a0) Type: 8 Event Object Header: 0xFF1AE688 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13086E0(1a166e0) Type: 18 Key Object Header: 0xE13086C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\ OBJECT: 0xE1EC30E0(4e650e0) Type: 18 Key Object Header: 0xE1EC30C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF14D840(1fdf840) Type: 8 Event Object Header: 0xFF14D828 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EC2620(4b04620) Type: 18 Key Object Header: 0xE1EC2608 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xFF1CBF80(2d34f80) Type: 8 Event Object Header: 0xFF1CBF68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF147A80(2ce4a80) Type: 8 Event Object Header: 0xFF147A68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EB7E20(79ae20) Type: 18 Key Object Header: 0xE1EB7E08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xFF14A0A0(2e680a0) Type: 8 Event Object Header: 0xFF14A088 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13547E0(1b557e0) Type: 18 Key Object Header: 0xE13547C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\ OBJECT: 0xFF148468(26c9468) Type: 26 File Object Header: 0xFF148450 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE1DD1C80(7704c80) Type: 18 Key Object Header: 0xE1DD1C68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF159900(4882900) Type: 8 Event Object Header: 0xFF1598E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF147B40(2ce4b40) Type: 6 Thread Object Header: 0xFF147B28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001B0.00000488 ThreadsProcess: 0xFF2748A0 OBJECT: 0xFCD45328(1362328) Type: 26 File Object Header: 0xFCD45310 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xE1E8D3C0(46f73c0) Type: 19 Port Object Header: 0xE1E8D3A8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCD642F0 Name: OLE12 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000001B0.00000484 ClientThread: 0x00000000 ServerProcess: 0xFF2748A0 OBJECT: 0xFF14B260(2fcb260) Type: 8 Event Object Header: 0xFF14B248 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF147E00(2ce4e00) Type: 8 Event Object Header: 0xFF147DE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2A720(7ae7720) Type: 18 Key Object Header: 0xE1E2A708 GrantedAccess: 2000f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Ports\ 10. TABLE: 0xFF26B908(250908): Table: 0xE1E7D000 QuotaProcess: 0xFF269BA0 ProcessId: 1cc HandleCount: 102 CapturedHandleCount: 102 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1E7B150(3ef150) Type: 17 Section Object Header: 0xE1E7B138 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1E7A8E8(24f8e8) BasedAddress: 0x08B80C30 SizeOfSegment: 0x28000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe OBJECT: 0xFF2697E0(2e57e0) Type: 8 Event Object Header: 0xFF2697C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2696C0(2e56c0) Type: 8 Event Object Header: 0xFF2696A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF269680(2e5680) Type: 8 Event Object Header: 0xFF269668 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF269340(2e5340) Type: 8 Event Object Header: 0xFF269328 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1E7E030(2fa030) Type: 19 Port Object Header: 0xE1E7E018 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001CC.000001C8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF268FA0(2a7fa0) Type: 8 Event Object Header: 0xFF268F88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation Object Header: 0xFCA28940 GrantedAccess: f016e PointerCount: 25 HandleCount: 15 Directory: 0xFCC5FD10 Name: Service-0x0-3e7$ OBJECT: 0xFCA272B8(10442b8) Type: 16 Desktop Object Header: 0xFCA272A0 GrantedAccess: f00cf PointerCount: 296 HandleCount: 8 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xE134DB60(1af2b60) Type: 18 Key Object Header: 0xE134DB48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF268E00(2a7e00) Type: 8 Event Object Header: 0xFF268DE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF268D20(2a7d20) Type: 12 Semaphore Object Header: 0xFF268D08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1320660(1a6a660) Type: 18 Key Object Header: 0xE1320648 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Winlogon\ OBJECT: 0xFF268E48(2a7e48) Type: 26 File Object Header: 0xFF268E30 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe4 OBJECT: 0xFF268A60(2a7a60) Type: 8 Event Object Header: 0xFF268A48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF268A20(2a7a20) Type: 8 Event Object Header: 0xFF268A08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2689E0(2a79e0) Type: 8 Event Object Header: 0xFF2689C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF268980(2a7980) Type: 25 IoCompletion Object Header: 0xFF268968 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF268980(2a7980) Type: 25 IoCompletion Object Header: 0xFF268968 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF268AA0(2a7aa0) Type: 8 Event Object Header: 0xFF268A88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF269860(2e5860) Type: 6 Thread Object Header: 0xFF269848 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.000001C8 ThreadsProcess: 0xFF269BA0 OBJECT: 0xFF268AE0(2a7ae0) Type: 8 Event Object Header: 0xFF268AC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF268808(2a7808) Type: 26 File Object Header: 0xFF2687F0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF2683C0(2a73c0) Type: 8 Event Object Header: 0xFF2683A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF267020(f86020) Type: 6 Thread Object Header: 0xFF267008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.000001D0 ThreadsProcess: 0xFF269BA0 OBJECT: 0xE1E2FC00(7b93c00) Type: 18 Key Object Header: 0xE1E2FBE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF24EE80(7d47e80) Type: 8 Event Object Header: 0xFF24EE68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF258460(289a460) Type: 8 Event Object Header: 0xFF258448 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2FBA0(7b93ba0) Type: 18 Key Object Header: 0xE1E2FB88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE12F79A0(19f49a0) Type: 18 Key Object Header: 0xE12F7988 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE134A820(1af5820) Type: 18 Key Object Header: 0xE134A808 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF258600(289a600) Type: 8 Event Object Header: 0xFF2585E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF256880(2904880) Type: 8 Event Object Header: 0xFF256868 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E82780(155780) Type: 18 Key Object Header: 0xE1E82768 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ OBJECT: 0xFF249F80(468ff80) Type: 12 Semaphore Object Header: 0xFF249F68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF249020(468f020) Type: 12 Semaphore Object Header: 0xFF249008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF249EA0(468fea0) Type: 8 Event Object Header: 0xFF249E88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF249F00(468ff00) Type: 12 Semaphore Object Header: 0xFF249EE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF249F40(468ff40) Type: 8 Event Object Header: 0xFF249F28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23C110(65f7110) Type: 8 Event Object Header: 0xFF23C0F8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventAvConsole SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BFF0(5686ff0) Type: 8 Event Object Header: 0xFF23BFD8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventVsStat SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF246DC0(4be5dc0) Type: 8 Event Object Header: 0xFF246DA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EAA2C0(78962c0) Type: 18 Key Object Header: 0xE1EAA2A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xFF2492C0(468f2c0) Type: 8 Event Object Header: 0xFF2492A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23BFB0(5686fb0) Type: 8 Event Object Header: 0xFF23BF98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventVshWin32 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BF70(5686f70) Type: 8 Event Object Header: 0xFF23BF58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventDownScan SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BF30(5686f30) Type: 8 Event Object Header: 0xFF23BF18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventInternet SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BEF0(5686ef0) Type: 8 Event Object Header: 0xFF23BED8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventEMail SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BEB0(5686eb0) Type: 8 Event Object Header: 0xFF23BE98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventScan32 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BE70(5686e70) Type: 8 Event Object Header: 0xFF23BE58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventMcUpdate SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BE30(5686e30) Type: 8 Event Object Header: 0xFF23BE18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventConfWiz SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BDF0(5686df0) Type: 8 Event Object Header: 0xFF23BDD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventCCMail SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BDB0(5686db0) Type: 8 Event Object Header: 0xFF23BD98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventVsConfig SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BD70(5686d70) Type: 8 Event Object Header: 0xFF23BD58 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventAvSynMgr SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BD30(5686d30) Type: 8 Event Object Header: 0xFF23BD18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventLauncher SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BCF0(5686cf0) Type: 8 Event Object Header: 0xFF23BCD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventManagement0 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BCB0(5686cb0) Type: 8 Event Object Header: 0xFF23BC98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventManagement1 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BC70(5686c70) Type: 8 Event Object Header: 0xFF23BC58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventManagement2 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BC30(5686c30) Type: 8 Event Object Header: 0xFF23BC18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventManagement3 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BBF0(5686bf0) Type: 8 Event Object Header: 0xFF23BBD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventManagement4 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BBB0(5686bb0) Type: 8 Event Object Header: 0xFF23BB98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventAvsmcpa SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BB70(5686b70) Type: 8 Event Object Header: 0xFF23BB58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventScan32USER SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BB30(5686b30) Type: 8 Event Object Header: 0xFF23BB18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventMcStub SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BAF0(5686af0) Type: 8 Event Object Header: 0xFF23BAD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventNaAmgCfg SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23C140(65f7140) Type: 8 Event Object Header: 0xFF23C128 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E466E0(7ce96e0) Type: 17 Section Object Header: 0xE1E466C8 GrantedAccess: f0007 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateMapping SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E48008(7c38008) BasedAddress: 0x08E66CD0 SizeOfSegment: 0xdea80 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\Sync_map.mmf OBJECT: 0xFF23B850(5686850) Type: 10 Mutant Object Header: 0xFF23B838 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSynchStackMutex SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF2398C0(65e28c0) Type: 6 Thread Object Header: 0xFF2398A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.00000248 ThreadsProcess: 0xFF269BA0 OBJECT: 0xFF239810(65e2810) Type: 10 Mutant Object Header: 0xFF2397F8 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSynchOnReqStateChangeMutex SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23ACE0(6400ce0) Type: 8 Event Object Header: 0xFF23ACC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238450(64a8450) Type: 8 Event Object Header: 0xFF238438 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: AvServiceOptionsFlushEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1E47580(897580) Type: 17 Section Object Header: 0xE1E47568 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: NAI_VIRUSSCAN_GEN SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12D9248(195f248) BasedAddress: 0x08E87CC0 SizeOfSegment: 0x2630 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\VScanGen.mmf OBJECT: 0xE13418A0(1ac98a0) Type: 18 Key Object Header: 0xE1341888 GrantedAccess: 4001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Network Associates\TVD\VirusScan\ OBJECT: 0xE1EB1740(6b54740) Type: 17 Section Object Header: 0xE1EB1728 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: NAI_VIRUSSCAN_OAS SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1EB23A8(78753a8) BasedAddress: 0x08DA04C8 SizeOfSegment: 0x4a8c SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\VScanOas.mmf OBJECT: 0xFF236490(7774490) Type: 10 Mutant Object Header: 0xFF236478 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: VSCAN_GEN_SEMAPHORE SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE1EB8420(6b5b420) Type: 17 Section Object Header: 0xE1EB8408 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: NAI_VIRUSSCAN_OAS_EXL SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12E22A8(19772a8) BasedAddress: 0x08C1FCD0 SizeOfSegment: 0x6590 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dVS_Excl.mmf OBJECT: 0xE12F0BE0(19adbe0) Type: 18 Key Object Header: 0xE12F0BC8 GrantedAccess: 4001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\Vshield\Internet Filter\ReportOptions\ OBJECT: 0xFF246E90(4be5e90) Type: 10 Mutant Object Header: 0xFF246E78 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: VSCAN_OAS_SEMAPHORE SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE1EB7560(79a560) Type: 17 Section Object Header: 0xE1EB7548 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: NAI_VIRUSSCAN_AVCONSOL SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12E17C8(19757c8) BasedAddress: 0x08EDC4C8 SizeOfSegment: 0x6160 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\AVConsol.mmf OBJECT: 0xE1D3FAA0(692faa0) Type: 17 Section Object Header: 0xE1D3FA88 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: NAI_VIRUSSCAN_AVCONSOLSCAN SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1EBE008(7803008) BasedAddress: 0x08EF6CC8 SizeOfSegment: 0x13d620 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Excl.mmf OBJECT: 0xE1EB9AC0(7901ac0) Type: 18 Key Object Header: 0xE1EB9AA8 GrantedAccess: 4001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Network Associates\TVD\VirusScan\AVConsol\General\ OBJECT: 0xE1EB9A80(7901a80) Type: 18 Key Object Header: 0xE1EB9A68 GrantedAccess: 4001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Network Associates\TVD\VirusScan\ OBJECT: 0xE134EFC0(1af4fc0) Type: 17 Section Object Header: 0xE134EFA8 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: NAI_VIRUSSCAN_AVCONSOLEXCL SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1EBEAC8(7803ac8) BasedAddress: 0x08F124C0 SizeOfSegment: 0x13d620 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Scan.mmf OBJECT: 0xE1E29560(7a84560) Type: 17 Section Object Header: 0xE1E29548 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: NAI_VIRUSSCAN_DAVCONSOL SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1EBE6E8(78036e8) BasedAddress: 0x08F33CC0 SizeOfSegment: 0xdf318 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Cons.mmf OBJECT: 0xE1E4CDC0(908dc0) Type: 17 Section Object Header: 0xE1E4CDA8 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: NAI_VIRUSSCAN_ODS SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12EE128(19c1128) BasedAddress: 0x08EB2CD8 SizeOfSegment: 0x2ca8 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\VScanOds.mmf OBJECT: 0xE1EC5900(4f00900) Type: 17 Section Object Header: 0xE1EC58E8 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: NAI_VIRUSSCAN_ODS_EXL SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12EE4E8(19c14e8) BasedAddress: 0x08D084D0 SizeOfSegment: 0x6590 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dExclDef.mmf OBJECT: 0xE1321E40(1a6de40) Type: 18 Key Object Header: 0xE1321E28 GrantedAccess: 4001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Demand Scanner\Scan32\LaunchInfo\ OBJECT: 0xE1EC7960(5041960) Type: 17 Section Object Header: 0xE1EC7948 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: NAI_VIRUSSCAN_ODS_SCAN SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E656A8(b686a8) BasedAddress: 0x08DB2CC0 SizeOfSegment: 0x6590 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dScanDef.mmf OBJECT: 0xFF246E90(4be5e90) Type: 10 Mutant Object Header: 0xFF246E78 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: VSCAN_OAS_SEMAPHORE SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF226C80(778c80) Type: 5 Process Object Header: 0xFF226C68 GrantedAccess: 1f0fff PointerCount: 22 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: VsStat.exe OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFF226C80(778c80) Type: 5 Process Object Header: 0xFF226C68 GrantedAccess: 1f0fff PointerCount: 22 HandleCount: 3 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: VsStat.exe OBJECT: 0xFF211020(4c85020) Type: 6 Thread Object Header: 0xFF211008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001CC.00000308 ThreadsProcess: 0xFF269BA0 OBJECT: 0xFF229848(4f32848) Type: 26 File Object Header: 0xFF229830 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32 OBJECT: 0xFF20D520(477e520) Type: 5 Process Object Header: 0xFF20D508 GrantedAccess: 1f0fff PointerCount: 18 HandleCount: 2 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: Avconsol.exe 11. TABLE: 0xFF268C88(2a7c88): Table: 0xE1E81000 QuotaProcess: 0xFF267D60 ProcessId: 1d8 HandleCount: 35 CapturedHandleCount: 35 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1E7E310(2fa310) Type: 17 Section Object Header: 0xE1E7E2F8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1E7C188(19b3188) BasedAddress: 0x08BA6438 SizeOfSegment: 0x88000 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\dfrws2005.exe OBJECT: 0xFF267C20(f86c20) Type: 8 Event Object Header: 0xFF267C08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF260F00(228f00) Type: 8 Event Object Header: 0xFF260EE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF260EC0(228ec0) Type: 8 Event Object Header: 0xFF260EA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF260E28(228e28) Type: 26 File Object Header: 0xFF260E10 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF260940(228940) Type: 8 Event Object Header: 0xFF260928 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1E7FB70(15a9b70) Type: 19 Port Object Header: 0xE1E7FB58 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001D8.000001D4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF260780(228780) Type: 8 Event Object Header: 0xFF260768 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation Object Header: 0xFCA28940 GrantedAccess: f016e PointerCount: 25 HandleCount: 15 Directory: 0xFCC5FD10 Name: Service-0x0-3e7$ OBJECT: 0xFCA272B8(10442b8) Type: 16 Desktop Object Header: 0xFCA272A0 GrantedAccess: f00cf PointerCount: 296 HandleCount: 8 Directory: 0x00000000 Name: Default OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation Object Header: 0xFCA28940 GrantedAccess: f016e PointerCount: 25 HandleCount: 15 Directory: 0xFCC5FD10 Name: Service-0x0-3e7$ OBJECT: 0xE12F7160(19f4160) Type: 18 Key Object Header: 0xE12F7148 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF260660(228660) Type: 8 Event Object Header: 0xFF260648 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278BC0(dfabc0) Type: 8 Event Object Header: 0xFF278BA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278B80(dfab80) Type: 8 Event Object Header: 0xFF278B68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF278B40(dfab40) Type: 8 Event Object Header: 0xFF278B28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25FCC0(1b16cc0) Type: 25 IoCompletion Object Header: 0xFF25FCA8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF25FCC0(1b16cc0) Type: 25 IoCompletion Object Header: 0xFF25FCA8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF25FC80(1b16c80) Type: 8 Event Object Header: 0xFF25FC68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF267600(f86600) Type: 6 Thread Object Header: 0xFF2675E8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D8.000001D4 ThreadsProcess: 0xFF267D60 OBJECT: 0xFF25FC40(1b16c40) Type: 8 Event Object Header: 0xFF25FC28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF260C68(228c68) Type: 26 File Object Header: 0xFF260C50 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe5 OBJECT: 0xFF25F9A8(1b169a8) Type: 26 File Object Header: 0xFF25F990 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF25F380(1b16380) Type: 8 Event Object Header: 0xFF25F368 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25F3C0(1b163c0) Type: 6 Thread Object Header: 0xFF25F3A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D8.000001DC ThreadsProcess: 0xFF267D60 OBJECT: 0xFF25F2E8(1b162e8) Type: 26 File Object Header: 0xFF25F2D0 GrantedAccess: 160089 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: Mailslot\hxdef-rk100sB4D1BA5D OBJECT: 0xFF25F248(1b16248) Type: 26 File Object Header: 0xFF25F230 GrantedAccess: 120196 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Mailslot\hxdef-rk100sB4D1BA5D OBJECT: 0xE1D3EB80(692cb80) Type: 17 Section Object Header: 0xE1D3EB68 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: _.-=[DFRWS2005]=-._ SecurityDescriptor: 0xE1D3EBD8(692cbd8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1D3EC48(692cc48) BasedAddress: 0x00000080 SizeOfSegment: 0x10000 OBJECT: 0xFF25C8A0(19828a0) Type: 8 Event Object Header: 0xFF25C888 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25BA00(194aa00) Type: 6 Thread Object Header: 0xFF25B9E8 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001D8.000001E0 ThreadsProcess: 0xFF267D60 12. TABLE: 0xFF2605A8(2285a8): Table: 0xE1E84000 QuotaProcess: 0xFF277960 ProcessId: 1ec HandleCount: 237 CapturedHandleCount: 240 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1E802F0(2ca2f0) Type: 17 Section Object Header: 0xE1E802D8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE12FD268(1a0a268) BasedAddress: 0x08A86420 SizeOfSegment: 0x5000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\svchost.exe OBJECT: 0xFF25DAE0(18ffae0) Type: 8 Event Object Header: 0xFF25DAC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25DAA0(18ffaa0) Type: 8 Event Object Header: 0xFF25DA88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25DA40(18ffa40) Type: 8 Event Object Header: 0xFF25DA28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF25D9A8(18ff9a8) Type: 26 File Object Header: 0xFF25D990 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF25CF20(1982f20) Type: 8 Event Object Header: 0xFF25CF08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1E83B90(175b90) Type: 19 Port Object Header: 0xE1E83B78 GrantedAccess: 1f0001 PointerCount: 18 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001EC.000001E8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1E83B40(175b40) Type: 18 Key Object Header: 0xE1E83B28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF25CD60(1982d60) Type: 8 Event Object Header: 0xFF25CD48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation Object Header: 0xFCA28940 GrantedAccess: f016e PointerCount: 25 HandleCount: 15 Directory: 0xFCC5FD10 Name: Service-0x0-3e7$ OBJECT: 0xFCA272B8(10442b8) Type: 16 Desktop Object Header: 0xFCA272A0 GrantedAccess: f00cf PointerCount: 296 HandleCount: 8 Directory: 0x00000000 Name: Default OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation Object Header: 0xFCA28940 GrantedAccess: f016e PointerCount: 25 HandleCount: 15 Directory: 0xFCC5FD10 Name: Service-0x0-3e7$ OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xE1E82E10(155e10) Type: 4 Token Object Header: 0xE1E82DF8 GrantedAccess: 8 PointerCount: 20 HandleCount: 1 SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,64e9} ParentToken ID: {0,0} Modified ID: {0,8628} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF25CBE8(1982be8) Type: 26 File Object Header: 0xFF25CBD0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF25E520(1d8520) Type: 8 Event Object Header: 0xFF25E508 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25C440(1982440) Type: 8 Event Object Header: 0xFF25C428 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25C2E0(19822e0) Type: 8 Event Object Header: 0xFF25C2C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25B780(194a780) Type: 8 Event Object Header: 0xFF25B768 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25DB80(18ffb80) Type: 6 Thread Object Header: 0xFF25DB68 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000001E8 ThreadsProcess: 0xFF277960 OBJECT: 0xFF25B740(194a740) Type: 8 Event Object Header: 0xFF25B728 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E85930(193f930) Type: 19 Port Object Header: 0xE1E85918 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001EC.000001E8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF25A920(2272920) Type: 8 Event Object Header: 0xFF25A908 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25A380(2272380) Type: 25 IoCompletion Object Header: 0xFF25A368 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 2 Waiting Thread: 0xFF194840 Process: 0xFF277960 APCProcess: 0xFF277960 OBJECT: 0xFF254800(29ac800) Type: 8 Event Object Header: 0xFF2547E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25A380(2272380) Type: 25 IoCompletion Object Header: 0xFF25A368 GrantedAccess: 1f0003 PointerCount: 13 HandleCount: 2 Waiting Thread: 0xFF194840 Process: 0xFF277960 APCProcess: 0xFF277960 OBJECT: 0xFF259F48(26f8f48) Type: 26 File Object Header: 0xFF259F30 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF25A508(2272508) Type: 26 File Object Header: 0xFF25A4F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe6 OBJECT: 0xFCA33460(1050460) Type: 8 Event Object Header: 0xFCA33448 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF254100(29ac100) Type: 8 Event Object Header: 0xFF2540E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2540C0(29ac0c0) Type: 8 Event Object Header: 0xFF2540A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF259C40(26f8c40) Type: 6 Thread Object Header: 0xFF259C28 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000001FC ThreadsProcess: 0xFF277960 OBJECT: 0xFF256440(2904440) Type: 8 Event Object Header: 0xFF256428 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF257EC0(285fec0) Type: 8 Event Object Header: 0xFF257EA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2F8C0(7b938c0) Type: 19 Port Object Header: 0xE1E2F8A8 GrantedAccess: 1f0001 PointerCount: 6 HandleCount: 1 Directory: 0xFCD642F0 Name: OLE2 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000001EC.000001FC ClientThread: 0x00000000 ServerProcess: 0xFF277960 OBJECT: 0xFF164580(4873580) Type: 8 Event Object Header: 0xFF164568 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF256700(2904700) Type: 8 Event Object Header: 0xFF2566E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12A16C0(18a86c0) Type: 18 Key Object Header: 0xE12A16A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF258240(289a240) Type: 8 Event Object Header: 0xFF258228 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1349900(1ae5900) Type: 18 Key Object Header: 0xE13498E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF252500(7c8500) Type: 8 Event Object Header: 0xFF2524E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF252480(7c8480) Type: 8 Event Object Header: 0xFF252468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13B1EE0(2c13ee0) Type: 18 Key Object Header: 0xE13B1EC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE1E2A020(7ae7020) Type: 18 Key Object Header: 0xE1E2A008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF252400(7c8400) Type: 8 Event Object Header: 0xFF2523E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E29880(7a84880) Type: 18 Key Object Header: 0xE1E29868 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF252380(7c8380) Type: 8 Event Object Header: 0xFF252368 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12B1C40(19fcc40) Type: 18 Key Object Header: 0xE12B1C28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF252300(7c8300) Type: 8 Event Object Header: 0xFF2522E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1336020(1ac3020) Type: 18 Key Object Header: 0xE1336008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF252280(7c8280) Type: 8 Event Object Header: 0xFF252268 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF252200(7c8200) Type: 8 Event Object Header: 0xFF2521E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1342080(1aca080) Type: 18 Key Object Header: 0xE1342068 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF251FE0(4793fe0) Type: 8 Event Object Header: 0xFF251FC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE134DBE0(1af2be0) Type: 18 Key Object Header: 0xE134DBC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF251F40(4793f40) Type: 8 Event Object Header: 0xFF251F28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12B1800(19fc800) Type: 18 Key Object Header: 0xE12B17E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF251EA0(4793ea0) Type: 8 Event Object Header: 0xFF251E88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE134A120(1af5120) Type: 18 Key Object Header: 0xE134A108 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF2409E0(63f39e0) Type: 8 Event Object Header: 0xFF2409C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA29B40(1046b40) Type: 13 Timer Object Header: 0xFCA29B28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF250020(7c7020) Type: 6 Thread Object Header: 0xFF250008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000214 ThreadsProcess: 0xFF277960 OBJECT: 0xFF1A5CE0(3524ce0) Type: 8 Event Object Header: 0xFF1A5CC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232A60(6c11a60) Type: 6 Thread Object Header: 0xFF232A48 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000260 ThreadsProcess: 0xFF277960 OBJECT: 0xFF234420(28a2420) Type: 8 Event Object Header: 0xFF234408 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EB82C0(6b5b2c0) Type: 18 Key Object Header: 0xE1EB82A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE13942E0(29762e0) Type: 17 Section Object Header: 0xE13942C8 GrantedAccess: f0007 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: SENS Information Cache SecurityDescriptor: 0xE134FC18(1af6c18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;LC;;;WD)(A;;DC;;;SY) Segment: 0xE12E8AE8(198dae8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1EC6B90(4e2eb90) Type: 19 Port Object Header: 0xE1EC6B78 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001EC.00000254 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF22ABC0(4f61bc0) Type: 8 Event Object Header: 0xFF22ABA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23E640(560a640) Type: 6 Thread Object Header: 0xFF23E628 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000254 ThreadsProcess: 0xFF277960 OBJECT: 0xFF232DA0(6c11da0) Type: 8 Event Object Header: 0xFF232D88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2339E8(6b8a9e8) Type: 26 File Object Header: 0xFF2339D0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF232D20(6c11d20) Type: 8 Event Object Header: 0xFF232D08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22B480(4e36480) Type: 8 Event Object Header: 0xFF22B468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23E640(560a640) Type: 6 Thread Object Header: 0xFF23E628 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000254 ThreadsProcess: 0xFF277960 OBJECT: 0xE1EC44F0(47664f0) Type: 19 Port Object Header: 0xE1EC44D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001EC.00000204 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF2294A0(4f324a0) Type: 8 Event Object Header: 0xFF229488 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF228560(4f13560) Type: 6 Thread Object Header: 0xFF228548 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000021C ThreadsProcess: 0xFF277960 OBJECT: 0xFF23F0E0(58490e0) Type: 8 Event Object Header: 0xFF23F0C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13468C0(1a9b8c0) Type: 18 Key Object Header: 0xE13468A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\ OBJECT: 0xFF22A980(4f61980) Type: 8 Event Object Header: 0xFF22A968 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23E640(560a640) Type: 6 Thread Object Header: 0xFF23E628 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000254 ThreadsProcess: 0xFF277960 OBJECT: 0xE12DBBC0(1965bc0) Type: 18 Key Object Header: 0xE12DBBA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF228460(4f13460) Type: 8 Event Object Header: 0xFF228448 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12BA480(18ba480) Type: 18 Key Object Header: 0xE12BA468 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xE1E32480(7a30480) Type: 19 Port Object Header: 0xE1E32468 GrantedAccess: 1f0001 PointerCount: 12 HandleCount: 1 Directory: 0xFCD642F0 Name: senssvc SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000001EC.00000254 ClientThread: 0x00000000 ServerProcess: 0xFF277960 OBJECT: 0xFF24AAD0(3bdad0) Type: 8 Event Object Header: 0xFF24AAB8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: Sens Hidden Window Cleanup Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1E4240(4d3c240) Type: 8 Event Object Header: 0xFF1E4228 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CF020(22fe020) Type: 6 Thread Object Header: 0xFF1CF008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000324 ThreadsProcess: 0xFF277960 OBJECT: 0xE1365C70(22f8c70) Type: 19 Port Object Header: 0xE1365C58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001EC.00000280 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1E9280(4a3e280) Type: 25 IoCompletion Object Header: 0xFF1E9268 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Waiting Thread: 0xFF1CD020 Process: 0xFF277960 APCProcess: 0xFF277960 OBJECT: 0xFF2824C0(9de4c0) Type: 8 Event Object Header: 0xFF2824A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12DA020(19e0020) Type: 18 Key Object Header: 0xE12DA008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\ OBJECT: 0xFF1ABB00(3354b00) Type: 10 Mutant Object Header: 0xFF1ABAE8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ABAC0(3354ac0) Type: 8 Event Object Header: 0xFF1ABAA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD6C3C0(13893c0) Type: 8 Event Object Header: 0xFCD6C3A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ABA60(3354a60) Type: 10 Mutant Object Header: 0xFF1ABA48 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CD020(4703020) Type: 6 Thread Object Header: 0xFF1CD008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000033C ThreadsProcess: 0xFF277960 OBJECT: 0xFF1ABB40(3354b40) Type: 8 Event Object Header: 0xFF1ABB28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ABBA0(3354ba0) Type: 8 Event Object Header: 0xFF1ABB88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AD920(3135920) Type: 8 Event Object Header: 0xFF1AD908 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCDB12C0(13ce2c0) Type: 8 Event Object Header: 0xFCDB12A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27C280(b6c280) Type: 8 Event Object Header: 0xFF27C268 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CE840(2704840) Type: 6 Thread Object Header: 0xFF1CE828 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.00000338 ThreadsProcess: 0xFF277960 OBJECT: 0xE1EC5E20(4f00e20) Type: 18 Key Object Header: 0xE1EC5E08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\ OBJECT: 0xFCD230E0(13400e0) Type: 8 Event Object Header: 0xFCD230C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CD020(4703020) Type: 6 Thread Object Header: 0xFF1CD008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000033C ThreadsProcess: 0xFF277960 OBJECT: 0xFCA33910(1050910) Type: 8 Event Object Header: 0xFCA338F8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC61C10 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE1360D70(21efd70) Type: 19 Port Object Header: 0xE1360D58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001EC.00000280 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1ABA20(3354a20) Type: 8 Event Object Header: 0xFF1ABA08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AB9E0(33549e0) Type: 10 Mutant Object Header: 0xFF1AB9C8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AB960(3354960) Type: 12 Semaphore Object Header: 0xFF1AB948 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AB9A0(33549a0) Type: 12 Semaphore Object Header: 0xFF1AB988 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AB920(3354920) Type: 8 Event Object Header: 0xFF1AB908 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AB8E0(33548e0) Type: 8 Event Object Header: 0xFF1AB8C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AB5E0(33545e0) Type: 12 Semaphore Object Header: 0xFF1AB5C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AB5A0(33545a0) Type: 12 Semaphore Object Header: 0xFF1AB588 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2CCE0(7a4ece0) Type: 18 Key Object Header: 0xE1E2CCC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF1AB560(3354560) Type: 8 Event Object Header: 0xFF1AB548 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AB4C0(33544c0) Type: 8 Event Object Header: 0xFF1AB4A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AB440(3354440) Type: 8 Event Object Header: 0xFF1AB428 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27BB70(eb3b70) Type: 10 Mutant Object Header: 0xFF27BB58 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC61C10 Name: RasPbFile SecurityDescriptor: 0xE1E6B558(cb1558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF1AB3E0(33543e0) Type: 8 Event Object Header: 0xFF1AB3C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AB3A0(33543a0) Type: 8 Event Object Header: 0xFF1AB388 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AB360(3354360) Type: 12 Semaphore Object Header: 0xFF1AB348 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AB320(3354320) Type: 12 Semaphore Object Header: 0xFF1AB308 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AB2E0(33542e0) Type: 8 Event Object Header: 0xFF1AB2C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DCE180(76b6180) Type: 18 Key Object Header: 0xE1DCE168 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xFF1ACAA8(3338aa8) Type: 26 File Object Header: 0xFF1ACA90 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF1AB288 (3354288) Unknown1: 0xE1D3EC80 (692cc80) Unknown2: 0xe1d3ecbc OBJECT: 0xFF1AB1C8(33541c8) Type: 26 File Object Header: 0xFF1AB1B0 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF1AB248 (3354248) Unknown1: 0xE1D3EC80 (692cc80) Unknown2: 0xe1d3ecbc OBJECT: 0xFF1AB0E8(33540e8) Type: 26 File Object Header: 0xFF1AB0D0 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF1AA028(33a8028) Type: 26 File Object Header: 0xFF1AA010 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF1AAF88(33a8f88) Type: 26 File Object Header: 0xFF1AAF70 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE12F38A0(199b8a0) Type: 18 Key Object Header: 0xE12F3888 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE1340FA0(1a9afa0) Type: 18 Key Object Header: 0xE1340F88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE1349EA0(1ae5ea0) Type: 18 Key Object Header: 0xE1349E88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xFF19D900(37bd900) Type: 8 Event Object Header: 0xFF19D8E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EA400(17d400) Type: 8 Event Object Header: 0xFF1EA3E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19F3E0(37d03e0) Type: 6 Thread Object Header: 0xFF19F3C8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000039C ThreadsProcess: 0xFF277960 OBJECT: 0xFF19B4C0(384a4c0) Type: 6 Thread Object Header: 0xFF19B4A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000003A0 ThreadsProcess: 0xFF277960 OBJECT: 0xFF19AA80(385ca80) Type: 8 Event Object Header: 0xFF19AA68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF228560(4f13560) Type: 6 Thread Object Header: 0xFF228548 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000021C ThreadsProcess: 0xFF277960 OBJECT: 0xFF192B00(3992b00) Type: 8 Event Object Header: 0xFF192AE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF228560(4f13560) Type: 6 Thread Object Header: 0xFF228548 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000021C ThreadsProcess: 0xFF277960 OBJECT: 0xFF1376C0(3f2a6c0) Type: 6 Thread Object Header: 0xFF1376A8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000003EC ThreadsProcess: 0xFF277960 OBJECT: 0xE1F023B0(4c7c3b0) Type: 4 Token Object Header: 0xE1F02398 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE13AD918(2b2a918) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,1ddaf} ParentToken ID: {0,0} Modified ID: {0,1d985} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x25 SeUndockPrivilege Enabled 3 0x10 SeLoadDriverPrivilege Enabled OBJECT: 0xFF19C340(381c340) Type: 8 Event Object Header: 0xFF19C328 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19C300(381c300) Type: 8 Event Object Header: 0xFF19C2E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EE95B0(4ee35b0) Type: 19 Port Object Header: 0xE1EE9598 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001EC.0000027C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1EC27A0(4b047a0) Type: 18 Key Object Header: 0xE1EC2788 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE1332920(1a91920) Type: 18 Key Object Header: 0xE1332908 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF19D160(37bd160) Type: 8 Event Object Header: 0xFF19D148 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF195228(38eb228) Type: 26 File Object Header: 0xFF195210 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\WMIEP_1ec OBJECT: 0xFF19A920(385c920) Type: 8 Event Object Header: 0xFF19A908 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF199768(381b768) Type: 26 File Object Header: 0xFF199750 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF195188(38eb188) Type: 26 File Object Header: 0xFF195170 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\WMIEP_1ec OBJECT: 0xFF19E100(3841100) Type: 8 Event Object Header: 0xFF19E0E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF194840(38cf840) Type: 6 Thread Object Header: 0xFF194828 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000003C0 ThreadsProcess: 0xFF277960 OBJECT: 0xFF1839C0(3ec49c0) Type: 10 Mutant Object Header: 0xFF1839A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCC7130(12e4130) Type: 12 Semaphore Object Header: 0xFCCC7118 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 6 Directory: 0xFCC61C10 Name: shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF140AA0(3442aa0) Type: 6 Thread Object Header: 0xFF140A88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000049C ThreadsProcess: 0xFF277960 OBJECT: 0xFF1957C0(38eb7c0) Type: 8 Event Object Header: 0xFF1957A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14AC60(2e68c60) Type: 8 Event Object Header: 0xFF14AC48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF193BC0(38e6bc0) Type: 10 Mutant Object Header: 0xFF193BA8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EC420(4eb9420) Type: 8 Event Object Header: 0xFF1EC408 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1670E0(66270e0) Type: 8 Event Object Header: 0xFF1670C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF149720(54ca720) Type: 8 Event Object Header: 0xFF149708 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF226910(778910) Type: 8 Event Object Header: 0xFF2268F8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCDFD570 Name: ChangeEventCdRom0 SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1F63770(284c770) Type: 19 Port Object Header: 0xE1F63758 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001EC.00000204 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF147AC0(2ce4ac0) Type: 12 Semaphore Object Header: 0xFF147AA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF140950(3442950) Type: 10 Mutant Object Header: 0xFF140938 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: NtmsDbChangeNotificationMutex SecurityDescriptor: 0xE1398218(29b8218) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE207C680(438c680) Type: 19 Port Object Header: 0xE207C668 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCD642F0 Name: tapsrvlpc SecurityDescriptor: 0xE137A9D8(281b9d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD) Creator: 000001EC.0000034C ClientThread: 0x00000000 ServerProcess: 0xFF277960 OBJECT: 0xFF146F60(2ee3f60) Type: 8 Event Object Header: 0xFF146F48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17A9A0(43d49a0) Type: 8 Event Object Header: 0xFF17A988 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF147240(2ce4240) Type: 8 Event Object Header: 0xFF147228 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF147F60(2ce4f60) Type: 10 Mutant Object Header: 0xFF147F48 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1471C0(2ce41c0) Type: 10 Mutant Object Header: 0xFF1471A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DD12D0(77042d0) Type: 19 Port Object Header: 0xE1DD12B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001EC.00000324 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF19A360(385c360) Type: 8 Event Object Header: 0xFF19A348 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14AC30(2e68c30) Type: 8 Event Object Header: 0xFF14AC18 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: NtmsDatafileBackupEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1877C0(3c417c0) Type: 8 Event Object Header: 0xFF1877A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF155CA0(53cfca0) Type: 8 Event Object Header: 0xFF155C88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AA730(33a8730) Type: 8 Event Object Header: 0xFF1AA718 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: NtmsSvcStopEvent SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF167340(6627340) Type: 8 Event Object Header: 0xFF167328 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1392E0(1bc62e0) Type: 6 Thread Object Header: 0xFF1392C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.0000034C ThreadsProcess: 0xFF277960 OBJECT: 0xFCC83708(12a0708) Type: 26 File Object Header: 0xFCC836F0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\tapsrv OBJECT: 0xFF154460(4fcb460) Type: 8 Event Object Header: 0xFF154448 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF138DA0(1de6da0) Type: 6 Thread Object Header: 0xFF138D88 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000004A0 ThreadsProcess: 0xFF277960 OBJECT: 0xFF27BB70(eb3b70) Type: 10 Mutant Object Header: 0xFF27BB58 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC61C10 Name: RasPbFile SecurityDescriptor: 0xE1E6B558(cb1558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF18CC20(3a59c20) Type: 8 Event Object Header: 0xFF18CC08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF13D0C0(20ee0c0) Type: 8 Event Object Header: 0xFF13D0A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28A470(fc4470) Type: 8 Event Object Header: 0xFF28A458 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 4 Directory: 0xFCC61C10 Name: crypt32LogoffEvent SecurityDescriptor: 0xE1E48458(7c38458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100000;;;WD) OBJECT: 0xFF176F08(591cf08) Type: 26 File Object Header: 0xFF176EF0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xE21086A0(7ba86a0) Type: 18 Key Object Header: 0xE2108688 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASDLG\ OBJECT: 0xFF16B0C0(45e60c0) Type: 8 Event Object Header: 0xFF16B0A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1683A0(53db3a0) Type: 8 Event Object Header: 0xFF168388 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A3748(362e748) Type: 26 File Object Header: 0xFF1A3730 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\tapsrv OBJECT: 0xFF21B3A0(4ec93a0) Type: 8 Event Object Header: 0xFF21B388 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE211E100(7764100) Type: 18 Key Object Header: 0xE211E0E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\ OBJECT: 0xFF168020(53db020) Type: 8 Event Object Header: 0xFF168008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF159820(4882820) Type: 12 Semaphore Object Header: 0xFF159808 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16B080(45e6080) Type: 8 Event Object Header: 0xFF16B068 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF139AA0(1bc6aa0) Type: 10 Mutant Object Header: 0xFF139A88 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2081A0(6b921a0) Type: 8 Event Object Header: 0xFF208188 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF208F60(6b92f60) Type: 8 Event Object Header: 0xFF208F48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF138CE0(1de6ce0) Type: 8 Event Object Header: 0xFF138CC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1FFDB70(3d3eb70) Type: 19 Port Object Header: 0xE1FFDB58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001EC.0000027C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE204D570(3eb3570) Type: 19 Port Object Header: 0xE204D558 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001EC.000004A0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF277960(dd0960) Type: 5 Process Object Header: 0xFF277948 GrantedAccess: 1f0040 PointerCount: 122 HandleCount: 4 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: svchost.exe OBJECT: 0xFF13A2A0(38ad2a0) Type: 8 Event Object Header: 0xFF13A288 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF13A2A0(38ad2a0) Type: 8 Event Object Header: 0xFF13A288 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFF139A60(1bc6a60) Type: 8 Event Object Header: 0xFF139A48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF190460(3a07460) Type: 12 Semaphore Object Header: 0xFF190448 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D3500(2317500) Type: 12 Semaphore Object Header: 0xFF1D34E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF190420(3a07420) Type: 12 Semaphore Object Header: 0xFF190408 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1903E0(3a073e0) Type: 12 Semaphore Object Header: 0xFF1903C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC91240(12ae240) Type: 12 Semaphore Object Header: 0xFCC91228 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC91200(12ae200) Type: 12 Semaphore Object Header: 0xFCC911E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC911C0(12ae1c0) Type: 12 Semaphore Object Header: 0xFCC911A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19C7C0(381c7c0) Type: 12 Semaphore Object Header: 0xFF19C7A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19C780(381c780) Type: 12 Semaphore Object Header: 0xFF19C768 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19C740(381c740) Type: 12 Semaphore Object Header: 0xFF19C728 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19C700(381c700) Type: 12 Semaphore Object Header: 0xFF19C6E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF231420(b52420) Type: 12 Semaphore Object Header: 0xFF231408 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23C460(65f7460) Type: 8 Event Object Header: 0xFF23C448 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1356E8(59226e8) Type: 26 File Object Header: 0xFF1356D0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ROUTER OBJECT: 0xFCD5EF28(137bf28) Type: 26 File Object Header: 0xFCD5EF10 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ROUTER OBJECT: 0xE1FF4970(40b4970) Type: 19 Port Object Header: 0xE1FF4958 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001EC.0000033C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF134A60(58c7a60) Type: 8 Event Object Header: 0xFF134A48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE202AB50(337eb50) Type: 19 Port Object Header: 0xE202AB38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001EC.00000324 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE207C990(438c990) Type: 19 Port Object Header: 0xE207C978 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001EC.000004AC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF132020(6678020) Type: 6 Thread Object Header: 0xFF132008 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000004D0 ThreadsProcess: 0xFF277960 OBJECT: 0xFF138560(1de6560) Type: 6 Thread Object Header: 0xFF138548 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000004AC ThreadsProcess: 0xFF277960 OBJECT: 0xFF217B60(53cab60) Type: 8 Event Object Header: 0xFF217B48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF131380(917380) Type: 6 Thread Object Header: 0xFF131368 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001EC.000004E4 ThreadsProcess: 0xFF277960 13. TABLE: 0xFF25B1A8(194a1a8): Table: 0xE1E88000 QuotaProcess: 0xFF25A020 ProcessId: 1f8 HandleCount: 96 CapturedHandleCount: 96 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1344AB0(1accab0) Type: 17 Section Object Header: 0xE1344A98 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE13365E8(1ac35e8) BasedAddress: 0x08C6D4A8 SizeOfSegment: 0x13000 SecurityDescriptor: (null) Path: HarddiskVolume1\winnt\system32\nc.exe OBJECT: 0xFF25BD20(194ad20) Type: 8 Event Object Header: 0xFF25BD08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25AD20(2272d20) Type: 8 Event Object Header: 0xFF25AD08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25ACE0(2272ce0) Type: 8 Event Object Header: 0xFF25ACC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF25BC88(194ac88) Type: 26 File Object Header: 0xFF25BC70 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFF25AAE0(2272ae0) Type: 8 Event Object Header: 0xFF25AAC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E832B0(1752b0) Type: 19 Port Object Header: 0xE1E83298 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 000001F8.000001F4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFF25A9A0(22729a0) Type: 8 Event Object Header: 0xFF25A988 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12A5140(18c8140) Type: 18 Key Object Header: 0xE12A5128 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF25ADA0(2272da0) Type: 6 Thread Object Header: 0xFF25AD88 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001F8.000001F4 ThreadsProcess: 0xFF25A020 OBJECT: 0xFF257820(285f820) Type: 8 Event Object Header: 0xFF257808 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2FD00(7b93d00) Type: 18 Key Object Header: 0xE1E2FCE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF2577A0(285f7a0) Type: 8 Event Object Header: 0xFF257788 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2FE60(7b93e60) Type: 18 Key Object Header: 0xE1E2FE48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF257220(285f220) Type: 8 Event Object Header: 0xFF257208 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation Object Header: 0xFCA28940 GrantedAccess: f016e PointerCount: 25 HandleCount: 15 Directory: 0xFCC5FD10 Name: Service-0x0-3e7$ OBJECT: 0xFCA272B8(10442b8) Type: 16 Desktop Object Header: 0xFCA272A0 GrantedAccess: f00cf PointerCount: 296 HandleCount: 8 Directory: 0x00000000 Name: Default OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation Object Header: 0xFCA28940 GrantedAccess: f016e PointerCount: 25 HandleCount: 15 Directory: 0xFCC5FD10 Name: Service-0x0-3e7$ OBJECT: 0xFF256FA0(2904fa0) Type: 8 Event Object Header: 0xFF256F88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF256F60(2904f60) Type: 8 Event Object Header: 0xFF256F48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF256F20(2904f20) Type: 8 Event Object Header: 0xFF256F08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2573E0(285f3e0) Type: 25 IoCompletion Object Header: 0xFF2573C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF2573E0(285f3e0) Type: 25 IoCompletion Object Header: 0xFF2573C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF256EE0(2904ee0) Type: 8 Event Object Header: 0xFF256EC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25ADA0(2272da0) Type: 6 Thread Object Header: 0xFF25AD88 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000001F8.000001F4 ThreadsProcess: 0xFF25A020 OBJECT: 0xFF256280(2904280) Type: 8 Event Object Header: 0xFF256268 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF256240(2904240) Type: 8 Event Object Header: 0xFF256228 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF257700(285f700) Type: 12 Semaphore Object Header: 0xFF2576E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2576C0(285f6c0) Type: 12 Semaphore Object Header: 0xFF2576A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF257680(285f680) Type: 8 Event Object Header: 0xFF257668 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF257640(285f640) Type: 8 Event Object Header: 0xFF257628 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2575C0(285f5c0) Type: 12 Semaphore Object Header: 0xFF2575A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF255FE0(23a6fe0) Type: 12 Semaphore Object Header: 0xFF255FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12B0A60(19dba60) Type: 18 Key Object Header: 0xE12B0A48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASADHLP\ OBJECT: 0xFF255FA0(23a6fa0) Type: 8 Event Object Header: 0xFF255F88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF255A20(23a6a20) Type: 8 Event Object Header: 0xFF255A08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFCA33910(1050910) Type: 8 Event Object Header: 0xFCA338F8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC61C10 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF2552C0(23a62c0) Type: 8 Event Object Header: 0xFF2552A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2559A0(23a69a0) Type: 8 Event Object Header: 0xFF255988 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE134A520(1af5520) Type: 18 Key Object Header: 0xE134A508 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE12FB2A0(19ef2a0) Type: 18 Key Object Header: 0xE12FB288 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF255920(23a6920) Type: 8 Event Object Header: 0xFF255908 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2558A0(23a68a0) Type: 8 Event Object Header: 0xFF255888 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2FFE0(7b93fe0) Type: 18 Key Object Header: 0xE1E2FFC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE12D0120(1936120) Type: 18 Key Object Header: 0xE12D0108 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF255800(23a6800) Type: 8 Event Object Header: 0xFF2557E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12D4F00(1944f00) Type: 18 Key Object Header: 0xE12D4EE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF255760(23a6760) Type: 8 Event Object Header: 0xFF255748 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13B0CA0(2bf0ca0) Type: 18 Key Object Header: 0xE13B0C88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF2556C0(23a66c0) Type: 8 Event Object Header: 0xFF2556A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13B1E40(2c13e40) Type: 18 Key Object Header: 0xE13B1E28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF255620(23a6620) Type: 8 Event Object Header: 0xFF255608 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF255580(23a6580) Type: 8 Event Object Header: 0xFF255568 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1346BC0(1a9bbc0) Type: 18 Key Object Header: 0xE1346BA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF2554E0(23a64e0) Type: 8 Event Object Header: 0xFF2554C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE134F860(1af6860) Type: 18 Key Object Header: 0xE134F848 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF255440(23a6440) Type: 8 Event Object Header: 0xFF255428 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1349940(1ae5940) Type: 18 Key Object Header: 0xE1349928 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF2553A0(23a63a0) Type: 8 Event Object Header: 0xFF255388 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE1352940(1b35940) Type: 18 Key Object Header: 0xE1352928 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF254020(29ac020) Type: 10 Mutant Object Header: 0xFF254008 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF254FE0(29acfe0) Type: 8 Event Object Header: 0xFF254FC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF254FA0(29acfa0) Type: 10 Mutant Object Header: 0xFF254F88 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2FEE0(7b93ee0) Type: 18 Key Object Header: 0xE1E2FEC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xFF254F60(29acf60) Type: 8 Event Object Header: 0xFF254F48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF254F20(29acf20) Type: 10 Mutant Object Header: 0xFF254F08 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF254EE0(29acee0) Type: 12 Semaphore Object Header: 0xFF254EC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF254EA0(29acea0) Type: 12 Semaphore Object Header: 0xFF254E88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2FA60(7b93a60) Type: 18 Key Object Header: 0xE1E2FA48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF254E60(29ace60) Type: 8 Event Object Header: 0xFF254E48 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27BB70(eb3b70) Type: 10 Mutant Object Header: 0xFF27BB58 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC61C10 Name: RasPbFile SecurityDescriptor: 0xE1E6B558(cb1558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF254DA0(29acda0) Type: 8 Event Object Header: 0xFF254D88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF254D60(29acd60) Type: 8 Event Object Header: 0xFF254D48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF254D20(29acd20) Type: 8 Event Object Header: 0xFF254D08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF254CE0(29acce0) Type: 12 Semaphore Object Header: 0xFF254CC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF254CA0(29acca0) Type: 12 Semaphore Object Header: 0xFF254C88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF254C60(29acc60) Type: 8 Event Object Header: 0xFF254C48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2560E8(29040e8) Type: 26 File Object Header: 0xFF2560D0 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF254C08 (29acc08) OBJECT: 0xFF254B88(29acb88) Type: 26 File Object Header: 0xFF254B70 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF254B28 (29acb28) OBJECT: 0xFF254AA8(29acaa8) Type: 26 File Object Header: 0xFF254A90 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF254A08(29aca08) Type: 26 File Object Header: 0xFF2549F0 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF254968(29ac968) Type: 26 File Object Header: 0xFF254950 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE1352DC0(1b35dc0) Type: 18 Key Object Header: 0xE1352DA8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xFF2548A0(29ac8a0) Type: 8 Event Object Header: 0xFF254888 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12A64C0(18c94c0) Type: 18 Key Object Header: 0xE12A64A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE12F6FE0(19e1fe0) Type: 18 Key Object Header: 0xE12F6FC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE1352900(1b35900) Type: 18 Key Object Header: 0xE13528E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xFF254920(29ac920) Type: 8 Event Object Header: 0xFF254908 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2546C8(29ac6c8) Type: 26 File Object Header: 0xFF2546B0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF254588 (29ac588) Type: 0xafd4 Process: 0xFF25A020 nc.exe EndpointLinks: {0xFF26FE58:FF2341D8} AfdTransportAddress: 0xFF272588 (e84588) DeviceString: \Device\Tcp OBJECT: 0xFF254508(29ac508) Type: 26 File Object Header: 0xFF2544F0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF2544A8 (29ac4a8) Address Object: 0xFF2542E8 (29ac2e8) Local Address: 0x0:b80b 0.0.0.0:3000 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF2562A8:FF2562A8} 14. TABLE: 0xFF24EEA8(7d47ea8): Table: 0xE1EA0000 QuotaProcess: 0xFF2461E0 ProcessId: 224 HandleCount: 120 CapturedHandleCount: 120 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1374C10(27ffc10) Type: 17 Section Object Header: 0xE1374BF8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1E9D608(4b2c608) BasedAddress: 0x08DBAC30 SizeOfSegment: 0x26000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\UMGR32.EXE OBJECT: 0xFF245F20(4c75f20) Type: 8 Event Object Header: 0xFF245F08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF245EE0(4c75ee0) Type: 8 Event Object Header: 0xFF245EC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF245E60(4c75e60) Type: 8 Event Object Header: 0xFF245E48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF245DC8(4c75dc8) Type: 26 File Object Header: 0xFF245DB0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF245660(4c75660) Type: 8 Event Object Header: 0xFF245648 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1EA1DF0(4a1ddf0) Type: 19 Port Object Header: 0xE1EA1DD8 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000224.00000220 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF2454A0(4c754a0) Type: 8 Event Object Header: 0xFF245488 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xE1E34520(7ab4520) Type: 18 Key Object Header: 0xE1E34508 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE1E34400(7ab4400) Type: 18 Key Object Header: 0xE1E343E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE1E35360(7ad5360) Type: 18 Key Object Header: 0xE1E35348 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1E34440(7ab4440) Type: 18 Key Object Header: 0xE1E34428 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE1E353A0(7ad53a0) Type: 18 Key Object Header: 0xE1E35388 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF243F80(55b3f80) Type: 8 Event Object Header: 0xFF243F68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF243020(55b3020) Type: 8 Event Object Header: 0xFF243008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF243F40(55b3f40) Type: 8 Event Object Header: 0xFF243F28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF243E40(55b3e40) Type: 8 Event Object Header: 0xFF243E28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF243E80(55b3e80) Type: 12 Semaphore Object Header: 0xFF243E68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E91E80(46ade80) Type: 18 Key Object Header: 0xE1E91E68 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ OBJECT: 0xFF243DC0(55b3dc0) Type: 12 Semaphore Object Header: 0xFF243DA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF243D80(55b3d80) Type: 12 Semaphore Object Header: 0xFF243D68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12DF100(1970100) Type: 18 Key Object Header: 0xE12DF0E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Run\ OBJECT: 0xE1E34480(7ab4480) Type: 18 Key Object Header: 0xE1E34468 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Run\ OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF243D40(55b3d40) Type: 8 Event Object Header: 0xFF243D28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF243CE0(55b3ce0) Type: 8 Event Object Header: 0xFF243CC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF243CA0(55b3ca0) Type: 8 Event Object Header: 0xFF243C88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF244340(51e5340) Type: 25 IoCompletion Object Header: 0xFF244328 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF244340(51e5340) Type: 25 IoCompletion Object Header: 0xFF244328 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF243C60(55b3c60) Type: 8 Event Object Header: 0xFF243C48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF245020(4c75020) Type: 6 Thread Object Header: 0xFF245008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000224.00000220 ThreadsProcess: 0xFF2461E0 OBJECT: 0xFF243880(55b3880) Type: 8 Event Object Header: 0xFF243868 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF243BE0(55b3be0) Type: 8 Event Object Header: 0xFF243BC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF258868(289a868) Type: 26 File Object Header: 0xFF258850 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe7 OBJECT: 0xFF2439E8(55b39e8) Type: 26 File Object Header: 0xFF2439D0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF2433E0(55b33e0) Type: 6 Thread Object Header: 0xFF2433C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000224.00000228 ThreadsProcess: 0xFF2461E0 OBJECT: 0xFF242E20(4fbce20) Type: 8 Event Object Header: 0xFF242E08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF242E60(4fbce60) Type: 8 Event Object Header: 0xFF242E48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF242DA0(4fbcda0) Type: 10 Mutant Object Header: 0xFF242D88 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF241860(54c1860) Type: 8 Event Object Header: 0xFF241848 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2448C0(51e58c0) Type: 8 Event Object Header: 0xFF2448A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2433E0(55b33e0) Type: 6 Thread Object Header: 0xFF2433C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000224.00000228 ThreadsProcess: 0xFF2461E0 OBJECT: 0xE1E36D40(7a38d40) Type: 18 Key Object Header: 0xE1E36D28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF241440(54c1440) Type: 8 Event Object Header: 0xFF241428 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E369E0(7a389e0) Type: 18 Key Object Header: 0xE1E369C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xE1E472C0(8972c0) Type: 18 Key Object Header: 0xE1E472A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFF23B200(5686200) Type: 8 Event Object Header: 0xFF23B1E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238350(64a8350) Type: 10 Mutant Object Header: 0xFF238338 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: DBWinMutex SecurityDescriptor: 0xE1336CF8(1ac3cf8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;SY)(A;;0x1f0001;;;BA) OBJECT: 0xFF235720(7799720) Type: 8 Event Object Header: 0xFF235708 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF234600(28a2600) Type: 8 Event Object Header: 0xFF2345E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA33910(1050910) Type: 8 Event Object Header: 0xFCA338F8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC61C10 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE12D75E0(19525e0) Type: 18 Key Object Header: 0xE12D75C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF233660(6b8a660) Type: 8 Event Object Header: 0xFF233648 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE134FB60(1af6b60) Type: 18 Key Object Header: 0xE134FB48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF2335E0(6b8a5e0) Type: 8 Event Object Header: 0xFF2335C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF233560(6b8a560) Type: 8 Event Object Header: 0xFF233548 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1334920(1a96920) Type: 18 Key Object Header: 0xE1334908 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE12DECE0(196fce0) Type: 18 Key Object Header: 0xE12DECC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF2334E0(6b8a4e0) Type: 8 Event Object Header: 0xFF2334C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1354A80(1b55a80) Type: 18 Key Object Header: 0xE1354A68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF233460(6b8a460) Type: 8 Event Object Header: 0xFF233448 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2C880(7a4e880) Type: 18 Key Object Header: 0xE1E2C868 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF2333E0(6b8a3e0) Type: 8 Event Object Header: 0xFF2333C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12F2480(19b6480) Type: 18 Key Object Header: 0xE12F2468 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF233340(6b8a340) Type: 8 Event Object Header: 0xFF233328 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2332A0(6b8a2a0) Type: 8 Event Object Header: 0xFF233288 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1341660(1ac9660) Type: 18 Key Object Header: 0xE1341648 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF233200(6b8a200) Type: 8 Event Object Header: 0xFF2331E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12E5BA0(1985ba0) Type: 18 Key Object Header: 0xE12E5B88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF233160(6b8a160) Type: 8 Event Object Header: 0xFF233148 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2A1C0(7ae71c0) Type: 18 Key Object Header: 0xE1E2A1A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF2330C0(6b8a0c0) Type: 8 Event Object Header: 0xFF2330A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF232F60(6c11f60) Type: 10 Mutant Object Header: 0xFF232F48 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232EE0(6c11ee0) Type: 8 Event Object Header: 0xFF232EC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232EA0(6c11ea0) Type: 10 Mutant Object Header: 0xFF232E88 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232E60(6c11e60) Type: 8 Event Object Header: 0xFF232E48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232A20(6c11a20) Type: 10 Mutant Object Header: 0xFF232A08 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232900(6c11900) Type: 12 Semaphore Object Header: 0xFF2328E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2329E0(6c119e0) Type: 12 Semaphore Object Header: 0xFF2329C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2324C0(6c114c0) Type: 8 Event Object Header: 0xFF2324A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232480(6c11480) Type: 8 Event Object Header: 0xFF232468 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232140(6c11140) Type: 12 Semaphore Object Header: 0xFF232128 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232100(6c11100) Type: 12 Semaphore Object Header: 0xFF2320E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1397BE0(293bbe0) Type: 18 Key Object Header: 0xE1397BC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF2320C0(6c110c0) Type: 8 Event Object Header: 0xFF2320A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF232180(6c11180) Type: 8 Event Object Header: 0xFF232168 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF231900(b52900) Type: 8 Event Object Header: 0xFF2318E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27BB70(eb3b70) Type: 10 Mutant Object Header: 0xFF27BB58 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC61C10 Name: RasPbFile SecurityDescriptor: 0xE1E6B558(cb1558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF231800(b52800) Type: 8 Event Object Header: 0xFF2317E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2317C0(b527c0) Type: 8 Event Object Header: 0xFF2317A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF231780(b52780) Type: 12 Semaphore Object Header: 0xFF231768 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF231740(b52740) Type: 12 Semaphore Object Header: 0xFF231728 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF231700(b52700) Type: 8 Event Object Header: 0xFF2316E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E47520(897520) Type: 18 Key Object Header: 0xE1E47508 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xFF234F88(28a2f88) Type: 26 File Object Header: 0xFF234F70 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF2316A8 (b526a8) Unknown1: 0xE1D3EC80 (692cc80) Unknown2: 0xe1d3ecbc OBJECT: 0xFF2315E8(b525e8) Type: 26 File Object Header: 0xFF2315D0 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF231668 (b52668) Unknown1: 0xE1D3EC80 (692cc80) Unknown2: 0xe1d3ecbc OBJECT: 0xFF231508(b52508) Type: 26 File Object Header: 0xFF2314F0 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF231468(b52468) Type: 26 File Object Header: 0xFF231450 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF230028(7da028) Type: 26 File Object Header: 0xFF230010 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE1EBDBA0(a10ba0) Type: 18 Key Object Header: 0xE1EBDB88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE12DA380(19e0380) Type: 18 Key Object Header: 0xE12DA368 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE1EBDB60(a10b60) Type: 18 Key Object Header: 0xE1EBDB48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xFF22D400(6ba7400) Type: 12 Semaphore Object Header: 0xFF22D3E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230B40(7dab40) Type: 8 Event Object Header: 0xFF230B28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22FAA8(2c02aa8) Type: 26 File Object Header: 0xFF22FA90 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF22FA48 (2c02a48) Address Object: 0xFF22F888 (2c02888) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1593E8:FF235568} OBJECT: 0xFF22FC68(2c02c68) Type: 26 File Object Header: 0xFF22FC50 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF22FB28 (2c02b28) Type: 0xafd4 Process: 0xFF2461E0 UMGR32.EXE EndpointLinks: {0xFF2341D8:FF22DF98} AfdTransportAddress: 0xFF272588 (e84588) DeviceString: \Device\Tcp OBJECT: 0xE132C0E0(1a880e0) Type: 18 Key Object Header: 0xE132C0C8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASADHLP\ OBJECT: 0xFF22D440(6ba7440) Type: 12 Semaphore Object Header: 0xFF22D428 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22D3C0(6ba73c0) Type: 8 Event Object Header: 0xFF22D3A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF253020(651020) Type: 6 Thread Object Header: 0xFF253008 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000224.000002A4 ThreadsProcess: 0xFF2461E0 OBJECT: 0xFF17A1E0(43d41e0) Type: 6 Thread Object Header: 0xFF17A1C8 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000224.00000204 ThreadsProcess: 0xFF2461E0 OBJECT: 0xFF19A020(385c020) Type: 6 Thread Object Header: 0xFF19A008 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000224.000001F0 ThreadsProcess: 0xFF2461E0 15. TABLE: 0xFF244DE8(51e5de8): Table: 0xE1EA5000 QuotaProcess: 0xFF241020 ProcessId: 230 HandleCount: 30 CapturedHandleCount: 30 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12D0FD0(1936fd0) Type: 17 Section Object Header: 0xE12D0FB8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1EA49A8(50bb9a8) BasedAddress: 0x30F86C20 SizeOfSegment: 0x14000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\regsvc.exe OBJECT: 0xFF241D60(54c1d60) Type: 8 Event Object Header: 0xFF241D48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF241C40(54c1c40) Type: 8 Event Object Header: 0xFF241C28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF241C00(54c1c00) Type: 8 Event Object Header: 0xFF241BE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF241B68(54c1b68) Type: 26 File Object Header: 0xFF241B50 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF2419A0(54c19a0) Type: 8 Event Object Header: 0xFF241988 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1EA45F0(50bb5f0) Type: 19 Port Object Header: 0xE1EA45D8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000230.0000022C ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1DD4A80(7730a80) Type: 18 Key Object Header: 0xE1DD4A68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF2403C8(63f33c8) Type: 26 File Object Header: 0xFF2403B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe8 OBJECT: 0xFF2402C0(63f32c0) Type: 8 Event Object Header: 0xFF2402A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF240240(63f3240) Type: 8 Event Object Header: 0xFF240228 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF240200(63f3200) Type: 8 Event Object Header: 0xFF2401E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2401A0(63f31a0) Type: 25 IoCompletion Object Header: 0xFF240188 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 2 Waiting Thread: 0xFF247020 Process: 0xFF241020 APCProcess: 0xFF241020 OBJECT: 0xFF2401A0(63f31a0) Type: 25 IoCompletion Object Header: 0xFF240188 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 2 Waiting Thread: 0xFF247020 Process: 0xFF241020 APCProcess: 0xFF241020 OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF240120(63f3120) Type: 8 Event Object Header: 0xFF240108 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF241DA0(54c1da0) Type: 6 Thread Object Header: 0xFF241D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000230.0000022C ThreadsProcess: 0xFF241020 OBJECT: 0xFF240160(63f3160) Type: 8 Event Object Header: 0xFF240148 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF243108(55b3108) Type: 26 File Object Header: 0xFF2430F0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF23E920(560a920) Type: 12 Semaphore Object Header: 0xFF23E908 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23E3C0(560a3c0) Type: 12 Semaphore Object Header: 0xFF23E3A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23E328(560a328) Type: 26 File Object Header: 0xFF23E310 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\winreg OBJECT: 0xFF23E288(560a288) Type: 26 File Object Header: 0xFF23E270 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\winreg OBJECT: 0xFF23E240(560a240) Type: 8 Event Object Header: 0xFF23E228 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF247020(4bc8020) Type: 6 Thread Object Header: 0xFF247008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000230.0000023C ThreadsProcess: 0xFF241020 OBJECT: 0xFF23E130(560a130) Type: 8 Event Object Header: 0xFF23E118 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: Microsoft.RPC_Registry_Server SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xE1EA69D0(55b59d0) Type: 19 Port Object Header: 0xE1EA69B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000230.00000234 ClientThread: 0x00000000 ServerProcess: 0x00000000 16. TABLE: 0xFF23ECC8(560acc8): Table: 0xE1EA9000 QuotaProcess: 0xFF23ED60 ProcessId: 240 HandleCount: 142 CapturedHandleCount: 142 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1EA6AB0(55b5ab0) Type: 17 Section Object Header: 0xE1EA6A98 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1E37888(7a59888) BasedAddress: 0x08DACC20 SizeOfSegment: 0x1e000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\MSTask.exe OBJECT: 0xFF23EC20(560ac20) Type: 8 Event Object Header: 0xFF23EC08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23FF40(5849f40) Type: 8 Event Object Header: 0xFF23FF28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23FEC0(5849ec0) Type: 8 Event Object Header: 0xFF23FEA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF2473C8(4bc83c8) Type: 26 File Object Header: 0xFF2473B0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF23CC40(65f7c40) Type: 8 Event Object Header: 0xFF23CC28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1EA8C30(57d2c30) Type: 19 Port Object Header: 0xE1EA8C18 GrantedAccess: 1f0001 PointerCount: 8 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000240.00000234 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFF23CAE0(65f7ae0) Type: 8 Event Object Header: 0xFF23CAC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E75E60(edde60) Type: 18 Key Object Header: 0xE1E75E48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF23C9E0(65f79e0) Type: 8 Event Object Header: 0xFF23C9C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFF247F18(4bc8f18) Type: 15 WindowStation Object Header: 0xFF247F00 GrantedAccess: f037f PointerCount: 6 HandleCount: 2 Directory: 0xFCC5FD10 Name: SAWinSta OBJECT: 0xFF23C8C0(65f78c0) Type: 8 Event Object Header: 0xFF23C8A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23C880(65f7880) Type: 8 Event Object Header: 0xFF23C868 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E37480(7a59480) Type: 18 Key Object Header: 0xE1E37468 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE12C7780(1911780) Type: 18 Key Object Header: 0xE12C7768 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1E46B20(7ce9b20) Type: 18 Key Object Header: 0xE1E46B08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE1EAA340(7896340) Type: 18 Key Object Header: 0xE1EAA328 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFCA33910(1050910) Type: 8 Event Object Header: 0xFCA338F8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC61C10 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF2602A0(2282a0) Type: 8 Event Object Header: 0xFF260288 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23C028(65f7028) Type: 26 File Object Header: 0xFF23C010 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\SchedLgU.Txt OBJECT: 0xFF2603C8(2283c8) Type: 26 File Object Header: 0xFF2603B0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe9 OBJECT: 0xFF260260(228260) Type: 8 Event Object Header: 0xFF260248 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF260220(228220) Type: 8 Event Object Header: 0xFF260208 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2601C0(2281c0) Type: 25 IoCompletion Object Header: 0xFF2601A8 GrantedAccess: 1f0003 PointerCount: 9 HandleCount: 2 Waiting Thread: 0xFF22CCA0 Process: 0xFF23ED60 APCProcess: 0xFF23ED60 OBJECT: 0xFF2601C0(2281c0) Type: 25 IoCompletion Object Header: 0xFF2601A8 GrantedAccess: 1f0003 PointerCount: 9 HandleCount: 2 Waiting Thread: 0xFF22CCA0 Process: 0xFF23ED60 APCProcess: 0xFF23ED60 OBJECT: 0xFF260140(228140) Type: 8 Event Object Header: 0xFF260128 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23D020(56b1020) Type: 6 Thread Object Header: 0xFF23D008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000234 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF260180(228180) Type: 8 Event Object Header: 0xFF260168 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF237B40(646cb40) Type: 8 Event Object Header: 0xFF237B28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23F7A8(58497a8) Type: 26 File Object Header: 0xFF23F790 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF237C20(646cc20) Type: 6 Thread Object Header: 0xFF237C08 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000238 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF246E40(4be5e40) Type: 8 Event Object Header: 0xFF246E28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD9A038(13b7038) Type: 16 Desktop Object Header: 0xFCD9A020 GrantedAccess: f01ff PointerCount: 9 HandleCount: 1 Directory: 0x00000000 Name: SADesktop OBJECT: 0xFF235DE0(7799de0) Type: 8 Event Object Header: 0xFF235DC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF247F18(4bc8f18) Type: 15 WindowStation Object Header: 0xFF247F00 GrantedAccess: f037f PointerCount: 6 HandleCount: 2 Directory: 0xFCC5FD10 Name: SAWinSta OBJECT: 0xFF235DA0(7799da0) Type: 8 Event Object Header: 0xFF235D88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF235D60(7799d60) Type: 8 Event Object Header: 0xFF235D48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF235D20(7799d20) Type: 8 Event Object Header: 0xFF235D08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF235EA0(7799ea0) Type: 13 Timer Object Header: 0xFF235E88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF235820(7799820) Type: 8 Event Object Header: 0xFF235808 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EB9F50(7901f50) Type: 19 Port Object Header: 0xE1EB9F38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000240.00000238 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF234AA0(28a2aa0) Type: 8 Event Object Header: 0xFF234A88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E4D880(900880) Type: 19 Port Object Header: 0xE1E4D868 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCD642F0 Name: LRPC00000240.00000001 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 00000240.00000238 ClientThread: 0x00000000 ServerProcess: 0xFF23ED60 OBJECT: 0xFF234EC0(28a2ec0) Type: 8 Event Object Header: 0xFF234EA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF234C40(28a2c40) Type: 6 Thread Object Header: 0xFF234C28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000258 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF233B40(6b8ab40) Type: 8 Event Object Header: 0xFF233B28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF237C20(646cc20) Type: 6 Thread Object Header: 0xFF237C08 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000238 ThreadsProcess: 0xFF23ED60 OBJECT: 0xE12DB940(1965940) Type: 18 Key Object Header: 0xE12DB928 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF233AC0(6b8aac0) Type: 8 Event Object Header: 0xFF233AA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13292C0(1aa12c0) Type: 18 Key Object Header: 0xE13292A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xFF232E20(6c11e20) Type: 8 Event Object Header: 0xFF232E08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230D60(7dad60) Type: 8 Event Object Header: 0xFF230D48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230C80(7dac80) Type: 10 Mutant Object Header: 0xFF230C68 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13949A0(29769a0) Type: 18 Key Object Header: 0xE1394988 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF231FE0(b52fe0) Type: 8 Event Object Header: 0xFF231FC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2BC00(7a2dc00) Type: 18 Key Object Header: 0xE1E2BBE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF231F60(b52f60) Type: 8 Event Object Header: 0xFF231F48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF231EE0(b52ee0) Type: 8 Event Object Header: 0xFF231EC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE133DE20(1ab3e20) Type: 18 Key Object Header: 0xE133DE08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE13386A0(1aa66a0) Type: 18 Key Object Header: 0xE1338688 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF231E40(b52e40) Type: 8 Event Object Header: 0xFF231E28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EB74C0(79a4c0) Type: 18 Key Object Header: 0xE1EB74A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF231DA0(b52da0) Type: 8 Event Object Header: 0xFF231D88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EB7160(79a160) Type: 18 Key Object Header: 0xE1EB7148 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF231D00(b52d00) Type: 8 Event Object Header: 0xFF231CE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EB70E0(79a0e0) Type: 18 Key Object Header: 0xE1EB70C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF231C60(b52c60) Type: 8 Event Object Header: 0xFF231C48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF231BC0(b52bc0) Type: 8 Event Object Header: 0xFF231BA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EBB420(7b0e420) Type: 18 Key Object Header: 0xE1EBB408 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF231B20(b52b20) Type: 8 Event Object Header: 0xFF231B08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EBC460(e2f460) Type: 18 Key Object Header: 0xE1EBC448 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF231A80(b52a80) Type: 8 Event Object Header: 0xFF231A68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EBDC20(a10c20) Type: 18 Key Object Header: 0xE1EBDC08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF2319E0(b529e0) Type: 8 Event Object Header: 0xFF2319C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF230C40(7dac40) Type: 8 Event Object Header: 0xFF230C28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230C00(7dac00) Type: 10 Mutant Object Header: 0xFF230BE8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230BC0(7dabc0) Type: 8 Event Object Header: 0xFF230BA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230B80(7dab80) Type: 10 Mutant Object Header: 0xFF230B68 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230AC0(7daac0) Type: 12 Semaphore Object Header: 0xFF230AA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230B00(7dab00) Type: 12 Semaphore Object Header: 0xFF230AE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230A80(7daa80) Type: 8 Event Object Header: 0xFF230A68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230A40(7daa40) Type: 8 Event Object Header: 0xFF230A28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230700(7da700) Type: 12 Semaphore Object Header: 0xFF2306E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2306C0(7da6c0) Type: 12 Semaphore Object Header: 0xFF2306A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EBDAE0(a10ae0) Type: 18 Key Object Header: 0xE1EBDAC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF230680(7da680) Type: 8 Event Object Header: 0xFF230668 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230740(7da740) Type: 8 Event Object Header: 0xFF230728 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230480(7da480) Type: 8 Event Object Header: 0xFF230468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27BB70(eb3b70) Type: 10 Mutant Object Header: 0xFF27BB58 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC61C10 Name: RasPbFile SecurityDescriptor: 0xE1E6B558(cb1558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF230440(7da440) Type: 8 Event Object Header: 0xFF230428 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230400(7da400) Type: 8 Event Object Header: 0xFF2303E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2303C0(7da3c0) Type: 12 Semaphore Object Header: 0xFF2303A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230380(7da380) Type: 12 Semaphore Object Header: 0xFF230368 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF230340(7da340) Type: 8 Event Object Header: 0xFF230328 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EB9780(7901780) Type: 18 Key Object Header: 0xE1EB9768 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xFF230588(7da588) Type: 26 File Object Header: 0xFF230570 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF2302E8 (7da2e8) Unknown1: 0xE1D3EC80 (692cc80) Unknown2: 0xe1d3ecbc OBJECT: 0xFF230228(7da228) Type: 26 File Object Header: 0xFF230210 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF2302A8 (7da2a8) Unknown1: 0xE1D3EC80 (692cc80) Unknown2: 0xe1d3ecbc OBJECT: 0xFF230148(7da148) Type: 26 File Object Header: 0xFF230130 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF22F028(2c02028) Type: 26 File Object Header: 0xFF22F010 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFF22FF88(2c02f88) Type: 26 File Object Header: 0xFF22FF70 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE1EB9740(7901740) Type: 18 Key Object Header: 0xE1EB9728 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE1EB9700(7901700) Type: 18 Key Object Header: 0xE1EB96E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE1EB96C0(79016c0) Type: 18 Key Object Header: 0xE1EB96A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xE1EBD5D0(a105d0) Type: 19 Port Object Header: 0xE1EBD5B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000240.00000238 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF22E140(dc5140) Type: 8 Event Object Header: 0xFF22E128 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E480(dc5480) Type: 8 Event Object Header: 0xFF22E468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22E548(dc5548) Type: 26 File Object Header: 0xFF22E530 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF22DEE8 (6ba7ee8) Type: 0xafd4 Process: 0xFF23ED60 MSTask.exe EndpointLinks: {0xFF22FBD8:FF22CAD8} AfdTransportAddress: 0xFF272588 (e84588) DeviceString: \Device\Tcp OBJECT: 0xFF22FE08(2c02e08) Type: 26 File Object Header: 0xFF22FDF0 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF22E248 (dc5248) Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} OBJECT: 0xFF22CFE0(b6efe0) Type: 12 Semaphore Object Header: 0xFF22CFC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EBD580(a10580) Type: 18 Key Object Header: 0xE1EBD568 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASADHLP\ OBJECT: 0xFF22D2A0(6ba72a0) Type: 12 Semaphore Object Header: 0xFF22D288 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22CFA0(b6efa0) Type: 8 Event Object Header: 0xFF22CF88 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22CCA0(b6eca0) Type: 6 Thread Object Header: 0xFF22CC88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.0000026C ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF22CF20(b6ef20) Type: 8 Event Object Header: 0xFF22CF08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22D4E8(6ba74e8) Type: 26 File Object Header: 0xFF22D4D0 GrantedAccess: 160089 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\Winsock2\CatalogChangeListener-240-0 OBJECT: 0xFF22CCA0(b6eca0) Type: 6 Thread Object Header: 0xFF22CC88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.0000026C ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF22CC20(b6ec20) Type: 8 Event Object Header: 0xFF22CC08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22C808(b6e808) Type: 26 File Object Header: 0xFF22C7F0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\atsvc OBJECT: 0xFF22CB68(b6eb68) Type: 26 File Object Header: 0xFF22CB50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF22CA28 (b6ea28) Type: 0xafd0 Process: 0xFF23ED60 MSTask.exe EndpointLinks: {0xFF22DF98:FF1EFAF8} AfdTransportAddress: 0xFF272588 (e84588) DeviceString: \Device\Tcp OBJECT: 0xFF22C708(b6e708) Type: 26 File Object Header: 0xFF22C6F0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\atsvc OBJECT: 0xFF22C220(b6e220) Type: 6 Thread Object Header: 0xFF22C208 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000270 ThreadsProcess: 0xFF23ED60 OBJECT: 0xE1EC0DB0(28f5db0) Type: 19 Port Object Header: 0xE1EC0D98 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000240.00000238 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF22C020(b6e020) Type: 8 Event Object Header: 0xFF22C008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22C148(b6e148) Type: 26 File Object Header: 0xFF22C130 GrantedAccess: 100001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Tasks OBJECT: 0xFF22B500(4e36500) Type: 8 Event Object Header: 0xFF22B4E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22BE40(4e36e40) Type: 8 Event Object Header: 0xFF22BE28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AF740(30bd740) Type: 8 Event Object Header: 0xFF1AF728 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22ADA0(4f61da0) Type: 6 Thread Object Header: 0xFF22AD88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000274 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF22C220(b6e220) Type: 6 Thread Object Header: 0xFF22C208 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000270 ThreadsProcess: 0xFF23ED60 OBJECT: 0xE1EBA730(772c730) Type: 4 Token Object Header: 0xE1EBA718 GrantedAccess: b PointerCount: 20 HandleCount: 2 SecurityDescriptor: 0xE12CA398(1941398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,dba0} ParentToken ID: {0,0} Modified ID: {0,1d985} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF1CDA00(4703a00) Type: 5 Process Object Header: 0xFF1CD9E8 GrantedAccess: 1f0fff PointerCount: 152 HandleCount: 5 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Explorer.Exe OBJECT: 0xFF237C20(646cc20) Type: 6 Thread Object Header: 0xFF237C08 GrantedAccess: 80 PointerCount: 7 HandleCount: 4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000238 ThreadsProcess: 0xFF23ED60 OBJECT: 0xFF2083E0(6b923e0) Type: 8 Event Object Header: 0xFF2083C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22ADA0(4f61da0) Type: 6 Thread Object Header: 0xFF22AD88 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 3 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 00000240.00000274 ThreadsProcess: 0xFF23ED60 17. TABLE: 0xFF22A408(4f61408): Table: 0xE1ECC000 QuotaProcess: 0xFF226C80 ProcessId: 28c HandleCount: 64 CapturedHandleCount: 64 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12EE7B0(19c17b0) Type: 17 Section Object Header: 0xE12EE798 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1ECBE28(1959e28) BasedAddress: 0x08FB0428 SizeOfSegment: 0x17000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\VsStat.exe OBJECT: 0xFF226940(778940) Type: 8 Event Object Header: 0xFF226928 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF226820(778820) Type: 8 Event Object Header: 0xFF226808 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2267E0(7787e0) Type: 8 Event Object Header: 0xFF2267C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF226868(778868) Type: 26 File Object Header: 0xFF226850 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF226460(778460) Type: 8 Event Object Header: 0xFF226448 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1EC90F0(52d70f0) Type: 19 Port Object Header: 0xE1EC90D8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 0000028C.00000288 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF2262A0(7782a0) Type: 8 Event Object Header: 0xFF226288 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xE12D7A40(1952a40) Type: 18 Key Object Header: 0xE12D7A28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE1D52120(6a6c120) Type: 18 Key Object Header: 0xE1D52108 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE133B3C0(1aab3c0) Type: 18 Key Object Header: 0xE133B3A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1329BC0(1aa1bc0) Type: 18 Key Object Header: 0xE1329BA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE13273E0(1a793e0) Type: 18 Key Object Header: 0xE13273C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF226140(778140) Type: 8 Event Object Header: 0xFF226128 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF229A20(4f32a20) Type: 8 Event Object Header: 0xFF229A08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF225E80(478be80) Type: 8 Event Object Header: 0xFF225E68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF225760(478b760) Type: 8 Event Object Header: 0xFF225748 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1343A40(1acba40) Type: 18 Key Object Header: 0xE1343A28 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ OBJECT: 0xFF225620(478b620) Type: 12 Semaphore Object Header: 0xFF225608 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2253A0(478b3a0) Type: 12 Semaphore Object Header: 0xFF225388 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2256C0(478b6c0) Type: 8 Event Object Header: 0xFF2256A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF225960(478b960) Type: 12 Semaphore Object Header: 0xFF225948 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF225320(478b320) Type: 8 Event Object Header: 0xFF225308 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF237B90(646cb90) Type: 10 Mutant Object Header: 0xFF237B78 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: NAI_VS_STAT SecurityDescriptor: 0xE1398218(29b8218) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF23BFB0(5686fb0) Type: 8 Event Object Header: 0xFF23BF98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventVshWin32 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF21CF00(50adf00) Type: 8 Event Object Header: 0xFF21CEE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF246620(4be5620) Type: 8 Event Object Header: 0xFF246608 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF21CFA0(50adfa0) Type: 8 Event Object Header: 0xFF21CF88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23C110(65f7110) Type: 8 Event Object Header: 0xFF23C0F8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventAvConsole SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BFF0(5686ff0) Type: 8 Event Object Header: 0xFF23BFD8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventVsStat SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BF70(5686f70) Type: 8 Event Object Header: 0xFF23BF58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventDownScan SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BF30(5686f30) Type: 8 Event Object Header: 0xFF23BF18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventInternet SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BEF0(5686ef0) Type: 8 Event Object Header: 0xFF23BED8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventEMail SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BEB0(5686eb0) Type: 8 Event Object Header: 0xFF23BE98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventScan32 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BE70(5686e70) Type: 8 Event Object Header: 0xFF23BE58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventMcUpdate SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BE30(5686e30) Type: 8 Event Object Header: 0xFF23BE18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventConfWiz SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BDF0(5686df0) Type: 8 Event Object Header: 0xFF23BDD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventCCMail SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BDB0(5686db0) Type: 8 Event Object Header: 0xFF23BD98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventVsConfig SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BD70(5686d70) Type: 8 Event Object Header: 0xFF23BD58 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventAvSynMgr SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BD30(5686d30) Type: 8 Event Object Header: 0xFF23BD18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventLauncher SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BCF0(5686cf0) Type: 8 Event Object Header: 0xFF23BCD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventManagement0 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BCB0(5686cb0) Type: 8 Event Object Header: 0xFF23BC98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventManagement1 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BC70(5686c70) Type: 8 Event Object Header: 0xFF23BC58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventManagement2 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BC30(5686c30) Type: 8 Event Object Header: 0xFF23BC18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventManagement3 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BBF0(5686bf0) Type: 8 Event Object Header: 0xFF23BBD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventManagement4 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BBB0(5686bb0) Type: 8 Event Object Header: 0xFF23BB98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventAvsmcpa SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BB70(5686b70) Type: 8 Event Object Header: 0xFF23BB58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventScan32USER SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BB30(5686b30) Type: 8 Event Object Header: 0xFF23BB18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventMcStub SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BAF0(5686af0) Type: 8 Event Object Header: 0xFF23BAD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventNaAmgCfg SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF219300(4571300) Type: 8 Event Object Header: 0xFF2192E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E466E0(7ce96e0) Type: 17 Section Object Header: 0xE1E466C8 GrantedAccess: f0007 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateMapping SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E48008(7c38008) BasedAddress: 0x08E66CD0 SizeOfSegment: 0xdea80 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\Sync_map.mmf OBJECT: 0xFF23B850(5686850) Type: 10 Mutant Object Header: 0xFF23B838 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSynchStackMutex SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF2194E0(45714e0) Type: 6 Thread Object Header: 0xFF2194C8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 0000028C.000002B8 ThreadsProcess: 0xFF226C80 OBJECT: 0xFF239810(65e2810) Type: 10 Mutant Object Header: 0xFF2397F8 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSynchOnReqStateChangeMutex SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF218E00(4b15e00) Type: 8 Event Object Header: 0xFF218DE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12C5F60(1907f60) Type: 18 Key Object Header: 0xE12C5F48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ 18. TABLE: 0xFF253828(651828): Table: 0xE1F15000 QuotaProcess: 0xFF20D520 ProcessId: 2c4 HandleCount: 69 CapturedHandleCount: 69 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1D636B0(752a6b0) Type: 17 Section Object Header: 0xE1D63698 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1E56928(9fa928) BasedAddress: 0x09147C20 SizeOfSegment: 0x2c000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\Avconsol.exe OBJECT: 0xFF20D420(477e420) Type: 8 Event Object Header: 0xFF20D408 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF20D3A0(477e3a0) Type: 8 Event Object Header: 0xFF20D388 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF20D360(477e360) Type: 8 Event Object Header: 0xFF20D348 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF20D2C8(477e2c8) Type: 26 File Object Header: 0xFF20D2B0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFF20AEA0(7df0ea0) Type: 8 Event Object Header: 0xFF20AE88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1E898D0(1b248d0) Type: 19 Port Object Header: 0xE1E898B8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 000002C4.000002C0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF20AD20(7df0d20) Type: 8 Event Object Header: 0xFF20AD08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xE1E99BA0(4579ba0) Type: 18 Key Object Header: 0xE1E99B88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE13342A0(1a962a0) Type: 18 Key Object Header: 0xE1334288 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\.DEFAULT\ OBJECT: 0xE12B1E80(19fce80) Type: 18 Key Object Header: 0xE12B1E68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1E2A760(7ae7760) Type: 18 Key Object Header: 0xE1E2A748 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xE1321320(1a6d320) Type: 18 Key Object Header: 0xE1321308 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF1FEEE0(5486ee0) Type: 8 Event Object Header: 0xFF1FEEC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF20A4A0(7df04a0) Type: 8 Event Object Header: 0xFF20A488 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FED60(5486d60) Type: 8 Event Object Header: 0xFF1FED48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D41360(697f360) Type: 18 Key Object Header: 0xE1D41348 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ OBJECT: 0xFF1FEDA0(5486da0) Type: 12 Semaphore Object Header: 0xFF1FED88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FECE0(5486ce0) Type: 12 Semaphore Object Header: 0xFF1FECC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FECA0(5486ca0) Type: 12 Semaphore Object Header: 0xFF1FEC88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FEC60(5486c60) Type: 8 Event Object Header: 0xFF1FEC48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FEC20(5486c20) Type: 8 Event Object Header: 0xFF1FEC08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FEBA0(5486ba0) Type: 8 Event Object Header: 0xFF1FEB88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FEB60(5486b60) Type: 8 Event Object Header: 0xFF1FEB48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FEA60(5486a60) Type: 8 Event Object Header: 0xFF1FEA48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FEB20(5486b20) Type: 8 Event Object Header: 0xFF1FEB08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF20DF40(477ef40) Type: 8 Event Object Header: 0xFF20DF28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FE6A0(54866a0) Type: 8 Event Object Header: 0xFF1FE688 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF1FE5E0(54865e0) Type: 8 Event Object Header: 0xFF1FE5C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF217C40(53cac40) Type: 8 Event Object Header: 0xFF217C28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EB7560(79a560) Type: 17 Section Object Header: 0xE1EB7548 GrantedAccess: 2 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: NAI_VIRUSSCAN_AVCONSOL SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12E17C8(19757c8) BasedAddress: 0x08EDC4C8 SizeOfSegment: 0x6160 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\AVConsol.mmf OBJECT: 0xE1E29560(7a84560) Type: 17 Section Object Header: 0xE1E29548 GrantedAccess: 2 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: NAI_VIRUSSCAN_DAVCONSOL SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1EBE6E8(78036e8) BasedAddress: 0x08F33CC0 SizeOfSegment: 0xdf318 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Cons.mmf OBJECT: 0xE1D3FAA0(692faa0) Type: 17 Section Object Header: 0xE1D3FA88 GrantedAccess: 2 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: NAI_VIRUSSCAN_AVCONSOLSCAN SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1EBE008(7803008) BasedAddress: 0x08EF6CC8 SizeOfSegment: 0x13d620 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Excl.mmf OBJECT: 0xE134EFC0(1af4fc0) Type: 17 Section Object Header: 0xE134EFA8 GrantedAccess: 2 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: NAI_VIRUSSCAN_AVCONSOLEXCL SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1EBEAC8(7803ac8) BasedAddress: 0x08F124C0 SizeOfSegment: 0x13d620 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Scan.mmf OBJECT: 0xFF23BFF0(5686ff0) Type: 8 Event Object Header: 0xFF23BFD8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventVsStat SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23C110(65f7110) Type: 8 Event Object Header: 0xFF23C0F8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventAvConsole SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BFB0(5686fb0) Type: 8 Event Object Header: 0xFF23BF98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventVshWin32 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BF70(5686f70) Type: 8 Event Object Header: 0xFF23BF58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventDownScan SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BF30(5686f30) Type: 8 Event Object Header: 0xFF23BF18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventInternet SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BEF0(5686ef0) Type: 8 Event Object Header: 0xFF23BED8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventEMail SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BEB0(5686eb0) Type: 8 Event Object Header: 0xFF23BE98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventScan32 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BE70(5686e70) Type: 8 Event Object Header: 0xFF23BE58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventMcUpdate SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BE30(5686e30) Type: 8 Event Object Header: 0xFF23BE18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventConfWiz SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BDF0(5686df0) Type: 8 Event Object Header: 0xFF23BDD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventCCMail SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BDB0(5686db0) Type: 8 Event Object Header: 0xFF23BD98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventVsConfig SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BD70(5686d70) Type: 8 Event Object Header: 0xFF23BD58 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventAvSynMgr SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BD30(5686d30) Type: 8 Event Object Header: 0xFF23BD18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventLauncher SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BCF0(5686cf0) Type: 8 Event Object Header: 0xFF23BCD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventManagement0 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BCB0(5686cb0) Type: 8 Event Object Header: 0xFF23BC98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventManagement1 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BC70(5686c70) Type: 8 Event Object Header: 0xFF23BC58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventManagement2 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BC30(5686c30) Type: 8 Event Object Header: 0xFF23BC18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventManagement3 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BBF0(5686bf0) Type: 8 Event Object Header: 0xFF23BBD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventManagement4 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BBB0(5686bb0) Type: 8 Event Object Header: 0xFF23BB98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventAvsmcpa SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BB70(5686b70) Type: 8 Event Object Header: 0xFF23BB58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventScan32USER SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BB30(5686b30) Type: 8 Event Object Header: 0xFF23BB18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventMcStub SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF23BAF0(5686af0) Type: 8 Event Object Header: 0xFF23BAD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateEventNaAmgCfg SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF1DA420(1f40420) Type: 8 Event Object Header: 0xFF1DA408 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E466E0(7ce96e0) Type: 17 Section Object Header: 0xE1E466C8 GrantedAccess: f0007 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSyncStateMapping SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E48008(7c38008) BasedAddress: 0x08E66CD0 SizeOfSegment: 0xdea80 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\Sync_map.mmf OBJECT: 0xFF23B850(5686850) Type: 10 Mutant Object Header: 0xFF23B838 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSynchStackMutex SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF1D5660(2220660) Type: 6 Thread Object Header: 0xFF1D5648 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002C4.0000030C ThreadsProcess: 0xFF20D520 OBJECT: 0xFF239810(65e2810) Type: 10 Mutant Object Header: 0xFF2397F8 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: AvSynchOnReqStateChangeMutex SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) 19. TABLE: 0xFF1FDF88(4859f88): Table: 0xE1F30000 QuotaProcess: 0xFF1FD720 ProcessId: 2d0 HandleCount: 90 CapturedHandleCount: 90 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12DBF10(1965f10) Type: 17 Section Object Header: 0xE12DBEF8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1F2FEC8(494eec8) BasedAddress: 0x09245C20 SizeOfSegment: 0x30000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\WBEM\WinMgmt.exe OBJECT: 0xFF1FD5E0(48595e0) Type: 8 Event Object Header: 0xFF1FD5C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FD5A0(48595a0) Type: 8 Event Object Header: 0xFF1FD588 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FD560(4859560) Type: 8 Event Object Header: 0xFF1FD548 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF1FD4C8(48594c8) Type: 26 File Object Header: 0xFF1FD4B0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\ OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFF1FB8C0(4abd8c0) Type: 8 Event Object Header: 0xFF1FB8A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE134E030(1af4030) Type: 19 Port Object Header: 0xE134E018 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Creator: 000002D0.000002CC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF1F5F20(1c7bf20) Type: 8 Event Object Header: 0xFF1F5F08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation Object Header: 0xFCA28940 GrantedAccess: f016e PointerCount: 25 HandleCount: 15 Directory: 0xFCC5FD10 Name: Service-0x0-3e7$ OBJECT: 0xFCA272B8(10442b8) Type: 16 Desktop Object Header: 0xFCA272A0 GrantedAccess: f00cf PointerCount: 296 HandleCount: 8 Directory: 0x00000000 Name: Default OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation Object Header: 0xFCA28940 GrantedAccess: f016e PointerCount: 25 HandleCount: 15 Directory: 0xFCC5FD10 Name: Service-0x0-3e7$ OBJECT: 0xFF1F5E20(1c7be20) Type: 8 Event Object Header: 0xFF1F5E08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DD4B80(7730b80) Type: 18 Key Object Header: 0xE1DD4B68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF1F5DA0(1c7bda0) Type: 8 Event Object Header: 0xFF1F5D88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FB2C0(4abd2c0) Type: 8 Event Object Header: 0xFF1FB2A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ED2E0(48ca2e0) Type: 8 Event Object Header: 0xFF1ED2C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ED660(48ca660) Type: 8 Event Object Header: 0xFF1ED648 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ED200(48ca200) Type: 8 Event Object Header: 0xFF1ED1E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EEB20(1cc0b20) Type: 25 IoCompletion Object Header: 0xFF1EEB08 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF1EEB20(1cc0b20) Type: 25 IoCompletion Object Header: 0xFF1EEB08 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF1EC020(4eb9020) Type: 8 Event Object Header: 0xFF1EC008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FC020(198a020) Type: 6 Thread Object Header: 0xFF1FC008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002D0.000002CC ThreadsProcess: 0xFF1FD720 OBJECT: 0xFF1ECFE0(4eb9fe0) Type: 8 Event Object Header: 0xFF1ECFC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ECEC0(4eb9ec0) Type: 8 Event Object Header: 0xFF1ECEA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ECFA0(4eb9fa0) Type: 8 Event Object Header: 0xFF1ECF88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ED248(48ca248) Type: 26 File Object Header: 0xFF1ED230 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\net\NtControlPipe10 OBJECT: 0xFF1ECF00(4eb9f00) Type: 8 Event Object Header: 0xFF1ECEE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ECDE8(4eb9de8) Type: 26 File Object Header: 0xFF1ECDD0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\svcctl OBJECT: 0xFF1EC8A0(4eb98a0) Type: 6 Thread Object Header: 0xFF1EC888 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002D0.000002E8 ThreadsProcess: 0xFF1FD720 OBJECT: 0xFF1E55D0(6265d0) Type: 8 Event Object Header: 0xFF1E55B8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: WINMGMT_COREDLL_CANSHUTDOWN SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1E5608(626608) Type: 26 File Object Header: 0xFF1E55F0 GrantedAccess: 100001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\WBEM\MOF OBJECT: 0xFF1E5770(626770) Type: 8 Event Object Header: 0xFF1E5758 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: WINMGMT_PROVIDER_CANSHUTDOWN SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1E5550(626550) Type: 8 Event Object Header: 0xFF1E5538 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: WINMGMT_COREDLL_UNLOADED SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1E5510(626510) Type: 8 Event Object Header: 0xFF1E54F8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: WINMGMT_COREDLL_LOADED SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1E54D0(6264d0) Type: 8 Event Object Header: 0xFF1E54B8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: WINMGMT_CORE_DB_WRITE SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1E5590(626590) Type: 8 Event Object Header: 0xFF1E5578 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: WINMGMT_MARSHALLING_SERVER_TERMINATE SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1E5710(626710) Type: 10 Mutant Object Header: 0xFF1E56F8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: WINMGMT_MARSHALLING_SERVER SecurityDescriptor: 0xE1398218(29b8218) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1E5490(626490) Type: 8 Event Object Header: 0xFF1E5478 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: WINMGMT_NEED_REGISTRATION SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1E5450(626450) Type: 8 Event Object Header: 0xFF1E5438 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: WINMGMT_REGISTRATION_DONE SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1E4FF0(4d3cff0) Type: 8 Event Object Header: 0xFF1E4FD8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: WINMGMT_CORE_BACKUP_DONE SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1E4FB0(4d3cfb0) Type: 8 Event Object Header: 0xFF1E4F98 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: WMI_SysEvent_LodCtr SecurityDescriptor: 0xE1D3DCF8(6947cf8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA)(A;;0x100002;;;WD) OBJECT: 0xFF1E4F70(4d3cf70) Type: 8 Event Object Header: 0xFF1E4F58 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: WMI_SysEvent_UnLodCtr SecurityDescriptor: 0xE1D3DCF8(6947cf8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA)(A;;0x100002;;;WD) OBJECT: 0xFF1E4F10(4d3cf10) Type: 10 Mutant Object Header: 0xFF1E4EF8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: WINMGMT_KEEP_NEW_CLIENTS_AT_BAY SecurityDescriptor: 0xE1398218(29b8218) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) OBJECT: 0xFF1E4648(4d3c648) Type: 26 File Object Header: 0xFF1E4630 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF1E6A40(507fa40) Type: 8 Event Object Header: 0xFF1E6A28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E6AE0(507fae0) Type: 8 Event Object Header: 0xFF1E6AC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F49A90(646ea90) Type: 19 Port Object Header: 0xE1F49A78 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000002D0.000002E8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1E2D1C0(79af1c0) Type: 19 Port Object Header: 0xE1E2D1A8 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCD642F0 Name: OLE3 SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000002D0.000002E8 ClientThread: 0x00000000 ServerProcess: 0xFF1FD720 OBJECT: 0xFF1E62E0(507f2e0) Type: 8 Event Object Header: 0xFF1E62C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D43AA0(69ccaa0) Type: 18 Key Object Header: 0xE1D43A88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF1E69C0(507f9c0) Type: 8 Event Object Header: 0xFF1E69A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F42920(4f94920) Type: 18 Key Object Header: 0xE1F42908 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1EA860(17d860) Type: 8 Event Object Header: 0xFF1EA848 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EA7E0(17d7e0) Type: 8 Event Object Header: 0xFF1EA7C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1331F60(1a94f60) Type: 18 Key Object Header: 0xE1331F48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE1F49A40(646ea40) Type: 18 Key Object Header: 0xE1F49A28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1EA760(17d760) Type: 8 Event Object Header: 0xFF1EA748 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F499C0(646e9c0) Type: 18 Key Object Header: 0xE1F499A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF1EA6E0(17d6e0) Type: 8 Event Object Header: 0xFF1EA6C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F49940(646e940) Type: 18 Key Object Header: 0xE1F49928 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF1E4380(4d3c380) Type: 8 Event Object Header: 0xFF1E4368 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F498C0(646e8c0) Type: 18 Key Object Header: 0xE1F498A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1E4300(4d3c300) Type: 8 Event Object Header: 0xFF1E42E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E4280(4d3c280) Type: 8 Event Object Header: 0xFF1E4268 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F48620(476d620) Type: 18 Key Object Header: 0xE1F48608 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1E3020(4a4a020) Type: 8 Event Object Header: 0xFF1E3008 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F485A0(476d5a0) Type: 18 Key Object Header: 0xE1F48588 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1E3FA0(4a4afa0) Type: 8 Event Object Header: 0xFF1E3F88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F48520(476d520) Type: 18 Key Object Header: 0xE1F48508 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF1E3F20(4a4af20) Type: 8 Event Object Header: 0xFF1E3F08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE1F484A0(476d4a0) Type: 18 Key Object Header: 0xE1F48488 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF229330(4f32330) Type: 8 Event Object Header: 0xFF229318 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: WINMGMT_LOADED SecurityDescriptor: 0xE1D3DCF8(6947cf8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA)(A;;0x100002;;;WD) OBJECT: 0xFF21B2C0(4ec92c0) Type: 8 Event Object Header: 0xFF21B2A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28ECE0(7b2dce0) Type: 13 Timer Object Header: 0xFF28ECC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DBDA0(1daeda0) Type: 6 Thread Object Header: 0xFF1DBD88 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002D0.0000010C ThreadsProcess: 0xFF1FD720 OBJECT: 0xFF1A4D60(3588d60) Type: 5 Process Object Header: 0xFF1A4D48 GrantedAccess: 1f0fff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) ImageFileName: WinMgmt.exe OBJECT: 0xFF18C020(3a59020) Type: 8 Event Object Header: 0xFF18C008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EBD330(a10330) Type: 19 Port Object Header: 0xE1EBD318 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000002D0.000002F0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF18C4A0(3a594a0) Type: 6 Thread Object Header: 0xFF18C488 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Cid: 000002D0.00000154 ThreadsProcess: 0xFF1FD720 OBJECT: 0xE1FFDD60(3d3ed60) Type: 18 Key Object Header: 0xE1FFDD48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\ OBJECT: 0xE1E6F660(ce6660) Type: 18 Key Object Header: 0xE1E6F648 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\ OBJECT: 0xE1EC2BA0(4b04ba0) Type: 18 Key Object Header: 0xE1EC2B88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\ OBJECT: 0xFF168400(53db400) Type: 8 Event Object Header: 0xFF1683E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF168740(53db740) Type: 8 Event Object Header: 0xFF168728 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) 20. TABLE: 0xFF281E48(9f9e48): Table: 0xE1FE2000 QuotaProcess: 0xFF1CDA00 ProcessId: 348 HandleCount: 307 CapturedHandleCount: 304 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12F39D0(199b9d0) Type: 17 Section Object Header: 0xE12F39B8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE13B09C8(2bf09c8) BasedAddress: 0x09542C28 SizeOfSegment: 0x3e000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Explorer.Exe OBJECT: 0xFCC8D3E0(12aa3e0) Type: 8 Event Object Header: 0xFCC8D3C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD8D720(13aa720) Type: 8 Event Object Header: 0xFCD8D708 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD6E560(138b560) Type: 8 Event Object Header: 0xFCD6E548 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFCD6C408(1389408) Type: 26 File Object Header: 0xFCD6C3F0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\ OBJECT: 0xFCDB0540(13cd540) Type: 8 Event Object Header: 0xFCDB0528 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1379D70(28a0d70) Type: 19 Port Object Header: 0xE1379D58 GrantedAccess: 1f0001 PointerCount: 16 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000348.00000344 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1EAF4A0(6c454a0) Type: 18 Key Object Header: 0xE1EAF488 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF1E7220(1c86220) Type: 8 Event Object Header: 0xFF1E7208 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xE130D520(1a30520) Type: 18 Key Object Header: 0xE130D508 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE1349F20(1ae5f20) Type: 18 Key Object Header: 0xE1349F08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Windows\ OBJECT: 0xE1EC3EA0(4e65ea0) Type: 18 Key Object Header: 0xE1EC3E88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF1E4E30(4d3ce30) Type: 10 Mutant Object Header: 0xFF1E4E18 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: ExplorerIsShellMutex SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE1EC28A0(4b048a0) Type: 18 Key Object Header: 0xE1EC2888 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xE1EC3FA0(4e65fa0) Type: 18 Key Object Header: 0xE1EC3F88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE1EC28E0(4b048e0) Type: 18 Key Object Header: 0xE1EC28C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xE1EC4020(4766020) Type: 18 Key Object Header: 0xE1EC4008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\C\ OBJECT: 0xFCD6D750(138a750) Type: 12 Semaphore Object Header: 0xFCD6D738 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 5 Directory: 0xFCC61C10 Name: shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xE1EB7FA0(79afa0) Type: 18 Key Object Header: 0xE1EB7F88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\D\ OBJECT: 0xE1353620(1b52620) Type: 18 Key Object Header: 0xE1353608 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\C\ OBJECT: 0xE133B5E0(1aab5e0) Type: 18 Key Object Header: 0xE133B5C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\C\ OBJECT: 0xFCD8D388(13aa388) Type: 26 File Object Header: 0xFCD8D370 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF1B30C0(2d4d0c0) Type: 8 Event Object Header: 0xFF1B30A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B2AA0(2d3daa0) Type: 8 Event Object Header: 0xFF1B2A88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B3140(2d4d140) Type: 8 Event Object Header: 0xFF1B3128 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F600C0(23180c0) Type: 18 Key Object Header: 0xE1F600A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xE1ECD320(25b5320) Type: 18 Key Object Header: 0xE1ECD308 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1B2CC0(2d3dcc0) Type: 8 Event Object Header: 0xFF1B2CA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B2C40(2d3dc40) Type: 8 Event Object Header: 0xFF1B2C28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E347A0(7ab47a0) Type: 18 Key Object Header: 0xE1E34788 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xFF1B2960(2d3d960) Type: 8 Event Object Header: 0xFF1B2948 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13B09A0(2bf09a0) Type: 18 Key Object Header: 0xE13B0988 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF1B2B40(2d3db40) Type: 8 Event Object Header: 0xFF1B2B28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE100DDE0(1610de0) Type: 18 Key Object Header: 0xE100DDC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE1E35680(7ad5680) Type: 18 Key Object Header: 0xE1E35668 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF1B2B80(2d3db80) Type: 8 Event Object Header: 0xFF1B2B68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1340F60(1a9af60) Type: 18 Key Object Header: 0xE1340F48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1B27C0(2d3d7c0) Type: 8 Event Object Header: 0xFF1B27A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B2A00(2d3da00) Type: 8 Event Object Header: 0xFF1B29E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B2BC0(2d3dbc0) Type: 8 Event Object Header: 0xFF1B2BA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCC7130(12e4130) Type: 12 Semaphore Object Header: 0xFCCC7118 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 6 Directory: 0xFCC61C10 Name: shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xE1D55D40(6c95d40) Type: 18 Key Object Header: 0xE1D55D28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFCCC7190(12e4190) Type: 12 Semaphore Object Header: 0xFCCC7178 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: shell.{090851A5-EB96-11D2-8BE4-00C04FA31A66} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xE1EC29D0(4b049d0) Type: 19 Port Object Header: 0xE1EC29B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000348.00000344 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1B2780(2d3d780) Type: 8 Event Object Header: 0xFF1B2768 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF1B2600(2d3d600) Type: 8 Event Object Header: 0xFF1B25E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B25C0(2d3d5c0) Type: 8 Event Object Header: 0xFF1B25A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B2580(2d3d580) Type: 8 Event Object Header: 0xFF1B2568 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CD780(4703780) Type: 6 Thread Object Header: 0xFF1CD768 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000344 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1B2520(2d3d520) Type: 8 Event Object Header: 0xFF1B2508 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B24C0(2d3d4c0) Type: 8 Event Object Header: 0xFF1B24A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EC3920(4e65920) Type: 18 Key Object Header: 0xE1EC3908 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xE1DCD4E0(76754e0) Type: 19 Port Object Header: 0xE1DCD4C8 GrantedAccess: 1f0001 PointerCount: 11 HandleCount: 1 Directory: 0xFCD642F0 Name: OLE5 SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000348.00000344 ClientThread: 0x00000000 ServerProcess: 0xFF1CDA00 OBJECT: 0xFCCC8740(12e5740) Type: 25 IoCompletion Object Header: 0xFCCC8728 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 2 Waiting Thread: 0xFF1A5960 Process: 0xFF1CDA00 APCProcess: 0xFF1CDA00 OBJECT: 0xFCCC8740(12e5740) Type: 25 IoCompletion Object Header: 0xFCCC8728 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 2 Waiting Thread: 0xFF1A5960 Process: 0xFF1CDA00 APCProcess: 0xFF1CDA00 OBJECT: 0xFF1B2160(2d3d160) Type: 6 Thread Object Header: 0xFF1B2148 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000358 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xE1EC38A0(4e658a0) Type: 18 Key Object Header: 0xE1EC3888 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF1B2440(2d3d440) Type: 8 Event Object Header: 0xFF1B2428 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B1020(2ff5020) Type: 10 Mutant Object Header: 0xFF1B1008 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DD0E60(7782e60) Type: 18 Key Object Header: 0xE1DD0E48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Internet Explorer\SECURITY\P3Global\ OBJECT: 0xFF1B1B60(2ff5b60) Type: 8 Event Object Header: 0xFF1B1B48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B04A0(52384a0) Type: 8 Event Object Header: 0xFF1B0488 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B1620(2ff5620) Type: 8 Event Object Header: 0xFF1B1608 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B1400(2ff5400) Type: 8 Event Object Header: 0xFF1B13E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D54BE0(6a97be0) Type: 18 Key Object Header: 0xE1D54BC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF1B16A0(2ff56a0) Type: 6 Thread Object Header: 0xFF1B1688 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.0000035C ThreadsProcess: 0xFF1CDA00 OBJECT: 0xE1341F60(1ac9f60) Type: 18 Key Object Header: 0xE1341F48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFCD8EB30(13abb30) Type: 12 Semaphore Object Header: 0xFCD8EB18 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xE1DD04E0(77824e0) Type: 18 Key Object Header: 0xE1DD04C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE1E2DA20(79afa20) Type: 18 Key Object Header: 0xE1E2DA08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Internet Explorer\SECURITY\P3Sites\ OBJECT: 0xFF1AEF60(2db6f60) Type: 8 Event Object Header: 0xFF1AEF48 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1B0460(5238460) Type: 8 Event Object Header: 0xFF1B0448 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA33910(1050910) Type: 8 Event Object Header: 0xFCA338F8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC61C10 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF1AF180(30bd180) Type: 6 Thread Object Header: 0xFF1AF168 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000304 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xE1DCE140(76b6140) Type: 18 Key Object Header: 0xE1DCE128 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MenuOrder\Start Menu\ OBJECT: 0xFF1CDA00(4703a00) Type: 5 Process Object Header: 0xFF1CD9E8 GrantedAccess: 100000 PointerCount: 152 HandleCount: 5 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Explorer.Exe OBJECT: 0xFCD25708(1342708) Type: 26 File Object Header: 0xFCD256F0 GrantedAccess: 100001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\All Users\Start Menu OBJECT: 0xFCDB04A8(13cd4a8) Type: 26 File Object Header: 0xFCDB0490 GrantedAccess: 100001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Start Menu OBJECT: 0xFF1B1380(2ff5380) Type: 8 Event Object Header: 0xFF1B1368 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD3CC08(1359c08) Type: 26 File Object Header: 0xFCD3CBF0 GrantedAccess: 100001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Desktop OBJECT: 0xFCD24F48(1341f48) Type: 26 File Object Header: 0xFCD24F30 GrantedAccess: 100001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\All Users\Desktop OBJECT: 0xFCD6D750(138a750) Type: 12 Semaphore Object Header: 0xFCD6D738 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 5 Directory: 0xFCC61C10 Name: shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xE13946E0(29766e0) Type: 18 Key Object Header: 0xE13946C8 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\ OBJECT: 0xFCDBE7D0(13db7d0) Type: 10 Mutant Object Header: 0xFCDBE7B8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: ZonesCacheCounterMutex SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE1E416A0(7cc26a0) Type: 17 Section Object Header: 0xE1E41688 GrantedAccess: 4 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: RotHintTable SecurityDescriptor: 0xE1E41AF8(7cc2af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-18 G: S-1-5-18 D:(A;;LC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1E75C68(eddc68) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF287950(945950) Type: 10 Mutant Object Header: 0xFF287938 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: ZonesCounterMutex SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF1AF500(30bd500) Type: 8 Event Object Header: 0xFF1AF4E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A9CE0(339bce0) Type: 8 Event Object Header: 0xFF1A9CC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD46310(1363310) Type: 10 Mutant Object Header: 0xFCD462F8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: WininetStartupMutex SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF1A47C0(35887c0) Type: 25 IoCompletion Object Header: 0xFF1A47A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 Waiting Thread: 0xFF1A2140 Process: 0xFF1CDA00 APCProcess: 0xFF1CDA00 OBJECT: 0xFCDC0850(13dd850) Type: 10 Mutant Object Header: 0xFCDC0838 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: WininetConnectionMutex SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF1AEFE0(2db6fe0) Type: 8 Event Object Header: 0xFF1AEFC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AD8E0(31358e0) Type: 10 Mutant Object Header: 0xFF1AD8C8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCDC09D0(13dd9d0) Type: 10 Mutant Object Header: 0xFCDC09B8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: WininetProxyRegistryMutex SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFCDA4868(13c1868) Type: 26 File Object Header: 0xFCDA4850 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat OBJECT: 0xFCDC1910(13de910) Type: 10 Mutant Object Header: 0xFCDC18F8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFCDC16F0(13de6f0) Type: 10 Mutant Object Header: 0xFCDC16D8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: _!MSFTHISTORY!_ SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE1E6B600(cb1600) Type: 17 Section Object Header: 0xE1E6B5E8 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: C:_Documents and Settings_Administrator_Local Settings_Temporary Internet Files_Content.IE5_index.dat_32768 SecurityDescriptor: 0xE134B578(1aef578) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1ECB208(1959208) BasedAddress: 0x08F7D4C0 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat OBJECT: 0xFF1E7170(1c86170) Type: 10 Mutant Object Header: 0xFF1E7158 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: c:!documents and settings!administrator!cookies! SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFCD4AF30(1367f30) Type: 10 Mutant Object Header: 0xFCD4AF18 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: c:!documents and settings!administrator!local settings!history!history.ie5! SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF1D5F88(2220f88) Type: 26 File Object Header: 0xFF1D5F70 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Cookies\index.dat OBJECT: 0xFF1D5E68(2220e68) Type: 26 File Object Header: 0xFF1D5E50 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat OBJECT: 0xE1EE2900(4a9c900) Type: 17 Section Object Header: 0xE1EE28E8 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_index.dat_32768 SecurityDescriptor: 0xE134B578(1aef578) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1E6CDC8(e97dc8) BasedAddress: 0x08C1CCD0 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat OBJECT: 0xFF1AC8E0(33388e0) Type: 10 Mutant Object Header: 0xFF1AC8C8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AC920(3338920) Type: 8 Event Object Header: 0xFF1AC908 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2D540(79af540) Type: 17 Section Object Header: 0xE1E2D528 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: C:_Documents and Settings_Administrator_Cookies_index.dat_16384 SecurityDescriptor: 0xE134B578(1aef578) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE12E2D28(1977d28) BasedAddress: 0x089A2CC8 SizeOfSegment: 0x4000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Cookies\index.dat OBJECT: 0xFF1AC840(3338840) Type: 12 Semaphore Object Header: 0xFF1AC828 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AC7E0(33387e0) Type: 12 Semaphore Object Header: 0xFF1AC7C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AC7A0(33387a0) Type: 8 Event Object Header: 0xFF1AC788 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AC760(3338760) Type: 8 Event Object Header: 0xFF1AC748 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AC460(3338460) Type: 12 Semaphore Object Header: 0xFF1AC448 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AC420(3338420) Type: 12 Semaphore Object Header: 0xFF1AC408 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E7F0C0(15a90c0) Type: 18 Key Object Header: 0xE1E7F0A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF1AC3E0(33383e0) Type: 8 Event Object Header: 0xFF1AC3C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AC340(3338340) Type: 8 Event Object Header: 0xFF1AC328 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AC300(3338300) Type: 8 Event Object Header: 0xFF1AC2E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27BB70(eb3b70) Type: 10 Mutant Object Header: 0xFF27BB58 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC61C10 Name: RasPbFile SecurityDescriptor: 0xE1E6B558(cb1558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF1AC2A0(33382a0) Type: 8 Event Object Header: 0xFF1AC288 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AC260(3338260) Type: 8 Event Object Header: 0xFF1AC248 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A9F60(339bf60) Type: 12 Semaphore Object Header: 0xFF1A9F48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13942E0(29762e0) Type: 17 Section Object Header: 0xE13942C8 GrantedAccess: 4 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: SENS Information Cache SecurityDescriptor: 0xE134FC18(1af6c18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;LC;;;WD)(A;;DC;;;SY) Segment: 0xE12E8AE8(198dae8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF1AD860(3135860) Type: 8 Event Object Header: 0xFF1AD848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE136DF50(2742f50) Type: 19 Port Object Header: 0xE136DF38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000348.00000344 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF1AAE68(33a8e68) Type: 26 File Object Header: 0xFF1AAE50 GrantedAccess: 100001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Desktop OBJECT: 0xFF1AAB40(33a8b40) Type: 12 Semaphore Object Header: 0xFF1AAB28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1DDECA0(7804ca0) Type: 18 Key Object Header: 0xE1DDEC88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ OBJECT: 0xFF1A9FE0(339bfe0) Type: 8 Event Object Header: 0xFF1A9FC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A9F20(339bf20) Type: 12 Semaphore Object Header: 0xFF1A9F08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A9940(339b940) Type: 8 Event Object Header: 0xFF1A9928 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A9900(339b900) Type: 10 Mutant Object Header: 0xFF1A98E8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A98C0(339b8c0) Type: 8 Event Object Header: 0xFF1A98A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A9880(339b880) Type: 10 Mutant Object Header: 0xFF1A9868 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A9740(339b740) Type: 8 Event Object Header: 0xFF1A9728 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A9028(339b028) Type: 26 File Object Header: 0xFF1A9010 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFCD464C8(13634c8) Type: 26 File Object Header: 0xFCD464B0 GrantedAccess: 100001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch OBJECT: 0xFF1A91E0(339b1e0) Type: 8 Event Object Header: 0xFF1A91C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A92C0(339b2c0) Type: 12 Semaphore Object Header: 0xFF1A92A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EC480(4eb9480) Type: 8 Event Object Header: 0xFF1EC468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A9780(339b780) Type: 8 Event Object Header: 0xFF1A9768 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A8760(3492760) Type: 8 Event Object Header: 0xFF1A8748 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A8720(3492720) Type: 8 Event Object Header: 0xFF1A8708 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A8020(3492020) Type: 6 Thread Object Header: 0xFF1A8008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000368 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1A86C0(34926c0) Type: 8 Event Object Header: 0xFF1A86A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A6C20(3506c20) Type: 8 Event Object Header: 0xFF1A6C08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E3D1E0(7b9d1e0) Type: 18 Key Object Header: 0xE1E3D1C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Internet Explorer\SECURITY\P3Global\ OBJECT: 0xFF1A5FE0(3524fe0) Type: 8 Event Object Header: 0xFF1A5FC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A6CE0(3506ce0) Type: 12 Semaphore Object Header: 0xFF1A6CC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AF180(30bd180) Type: 6 Thread Object Header: 0xFF1AF168 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000304 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xE1346E20(1a9be20) Type: 18 Key Object Header: 0xE1346E08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\C\ OBJECT: 0xFF1A93E0(339b3e0) Type: 8 Event Object Header: 0xFF1A93C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A61A0(35061a0) Type: 8 Event Object Header: 0xFF1A6188 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EB7C20(79ac20) Type: 18 Key Object Header: 0xE1EB7C08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\A\ OBJECT: 0xFF2778E0(dd08e0) Type: 8 Event Object Header: 0xFF2778C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19D3E0(37bd3e0) Type: 8 Event Object Header: 0xFF19D3C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EC2B60(4b04b60) Type: 18 Key Object Header: 0xE1EC2B48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\D\ OBJECT: 0xFF1A53F0(35243f0) Type: 8 Event Object Header: 0xFF1A53D8 GrantedAccess: 100000 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: SETTermEvent SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1A62B0(35062b0) Type: 8 Event Object Header: 0xFF1A6298 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: ShellReadyEvent SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xE1321B60(1a6db60) Type: 18 Key Object Header: 0xE1321B48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\D\ OBJECT: 0xE1E79960(38d960) Type: 18 Key Object Header: 0xE1E79948 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\E\ OBJECT: 0xFF147B00(2ce4b00) Type: 10 Mutant Object Header: 0xFF147AE8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE20D24A0(4bbb4a0) Type: 18 Key Object Header: 0xE20D2488 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\F\ OBJECT: 0xE1339520(1aa8520) Type: 18 Key Object Header: 0xE1339508 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\ZoneMap\ OBJECT: 0xE202CB20(3a08b20) Type: 18 Key Object Header: 0xE202CB08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Internet Explorer\SECURITY\P3Sites\ OBJECT: 0xE1F3E740(451e740) Type: 18 Key Object Header: 0xE1F3E728 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\D\ OBJECT: 0xE134A940(1af5940) Type: 17 Section Object Header: 0xE134A928 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: UrlZonesSM_Administrator SecurityDescriptor: 0xE1EE76B8(22526b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1EAAE68(7896e68) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E75160(edd160) Type: 18 Key Object Header: 0xE1E75148 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\A\ OBJECT: 0xFF1A3200(362e200) Type: 8 Event Object Header: 0xFF1A31E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AB180(3354180) Type: 8 Event Object Header: 0xFF1AB168 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19DFF0(37bdff0) Type: 8 Event Object Header: 0xFF19DFD8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: ActSaverSEEvent SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xE2045D20(39e9d20) Type: 18 Key Object Header: 0xE2045D08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\C\ OBJECT: 0xFCA37920(1054920) Type: 8 Event Object Header: 0xFCA37908 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E75120(edd120) Type: 18 Key Object Header: 0xE1E75108 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\A\ OBJECT: 0xFF1A7BF0(34bfbf0) Type: 10 Mutant Object Header: 0xFF1A7BD8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: _SHuassist.mtx SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE205C300(3a71300) Type: 18 Key Object Header: 0xE205C2E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\E\ OBJECT: 0xFF1A3030(362e030) Type: 12 Semaphore Object Header: 0xFF1A3018 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: PowerProfileRegistrySemaphore SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) OBJECT: 0xFF177F60(5901f60) Type: 8 Event Object Header: 0xFF177F48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12F6580(19e1580) Type: 18 Key Object Header: 0xE12F6568 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xE12FC820(19fe820) Type: 18 Key Object Header: 0xE12FC808 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\ OBJECT: 0xE12FA300(1a03300) Type: 18 Key Object Header: 0xE12FA2E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\ OBJECT: 0xE1E332C0(7a922c0) Type: 18 Key Object Header: 0xE1E332A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\ OBJECT: 0xE1F3E680(451e680) Type: 18 Key Object Header: 0xE1F3E668 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFF1A3680(362e680) Type: 8 Event Object Header: 0xFF1A3668 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF20D020(477e020) Type: 8 Event Object Header: 0xFF20D008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A2BA0(364eba0) Type: 13 Timer Object Header: 0xFF1A2B88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A2900(364e900) Type: 6 Thread Object Header: 0xFF1A28E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000384 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xE1327C20(1a79c20) Type: 18 Key Object Header: 0xE1327C08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\ OBJECT: 0xE1EB58A0(4cf68a0) Type: 18 Key Object Header: 0xE1EB5888 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\ OBJECT: 0xE1EC26A0(4b046a0) Type: 18 Key Object Header: 0xE1EC2688 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\ZoneMap\ OBJECT: 0xFF1A10C0(36ee0c0) Type: 8 Event Object Header: 0xFF1A10A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2D8B0(104a8b0) Type: 8 Event Object Header: 0xFCA2D898 GrantedAccess: 100000 PointerCount: 6 HandleCount: 3 Directory: 0xFCC61C10 Name: WinSta0_DesktopSwitch SecurityDescriptor: 0xE132DF38(1a8af38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100000;;;WD) OBJECT: 0xFF19E320(3841320) Type: 8 Event Object Header: 0xFF19E308 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A53F0(35243f0) Type: 8 Event Object Header: 0xFF1A53D8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: SETTermEvent SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1A0440(37c0440) Type: 12 Semaphore Object Header: 0xFF1A0428 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A0280(37c0280) Type: 8 Event Object Header: 0xFF1A0268 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A0740(37c0740) Type: 6 Thread Object Header: 0xFF1A0728 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.0000038C ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1A2140(364e140) Type: 6 Thread Object Header: 0xFF1A2128 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000388 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF1A0100(37c0100) Type: 8 Event Object Header: 0xFF1A00E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE132BD00(1a86d00) Type: 18 Key Object Header: 0xE132BCE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\D\ OBJECT: 0xE1EFB230(2775230) Type: 19 Port Object Header: 0xE1EFB218 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000348.00000358 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1F034F0(4f9d4f0) Type: 19 Port Object Header: 0xE1F034D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000348.00000388 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF19DEA0(37bdea0) Type: 10 Mutant Object Header: 0xFF19DE88 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A1A00(36eea00) Type: 8 Event Object Header: 0xFF1A19E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F33620(5563620) Type: 18 Key Object Header: 0xE1F33608 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\F\ OBJECT: 0xE1E78DE0(f6cde0) Type: 18 Key Object Header: 0xE1E78DC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\E\ OBJECT: 0xFF19DEE0(37bdee0) Type: 8 Event Object Header: 0xFF19DEC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EC67D0(4e2e7d0) Type: 19 Port Object Header: 0xE1EC67B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000348.00000358 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE133B660(1aab660) Type: 18 Key Object Header: 0xE133B648 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\E\ OBJECT: 0xFF1A04C0(37c04c0) Type: 6 Thread Object Header: 0xFF1A04A8 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.00000390 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xE2046440(39f9440) Type: 18 Key Object Header: 0xE2046428 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\ZoneMap\ OBJECT: 0xE134E1E0(1af41e0) Type: 18 Key Object Header: 0xE134E1C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME\Database\Content Type\ OBJECT: 0xFF233530(6b8a530) Type: 8 Event Object Header: 0xFF233518 GrantedAccess: 100002 PointerCount: 9 HandleCount: 4 Directory: 0xFCC61C10 Name: mixercallback SecurityDescriptor: 0xE1E59F78(9eef78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xFF189C60(3a7dc60) Type: 6 Thread Object Header: 0xFF189C48 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.000003B4 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF195D20(38ebd20) Type: 8 Event Object Header: 0xFF195D08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF209320(1ad1320) Type: 8 Event Object Header: 0xFF209308 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17C7C0(42927c0) Type: 12 Semaphore Object Header: 0xFF17C7A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E46880(7ce9880) Type: 18 Key Object Header: 0xE1E46868 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\F\ OBJECT: 0xE12BA440(18ba440) Type: 18 Key Object Header: 0xE12BA428 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\F\ OBJECT: 0xE1EB4DA0(6bffda0) Type: 18 Key Object Header: 0xE1EB4D88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\F\ OBJECT: 0xE1EB63A0(1a583a0) Type: 18 Key Object Header: 0xE1EB6388 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\S\ OBJECT: 0xFF19D750(37bd750) Type: 8 Event Object Header: 0xFF19D738 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: HPlugEjectEvent SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF19C820(381c820) Type: 8 Event Object Header: 0xFF19C808 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19D280(37bd280) Type: 10 Mutant Object Header: 0xFF19D268 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1ED4340(50ee340) Type: 18 Key Object Header: 0xE1ED4328 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\E\ OBJECT: 0xFF18E400(3ac0400) Type: 8 Event Object Header: 0xFF18E3E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF187F00(3c41f00) Type: 8 Event Object Header: 0xFF187EE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF208CE0(6b92ce0) Type: 8 Event Object Header: 0xFF208CC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF183450(3ec4450) Type: 8 Event Object Header: 0xFF183438 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: Shell_NotificationCallbacksOutstanding SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xE1397C50(293bc50) Type: 19 Port Object Header: 0xE1397C38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000348.00000370 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF178720(33d1720) Type: 8 Event Object Header: 0xFF178708 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12D4380(1944380) Type: 18 Key Object Header: 0xE12D4368 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME\Database\Content Type\ OBJECT: 0xE1EE34F0(30894f0) Type: 19 Port Object Header: 0xE1EE34D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000348.00000358 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1EB7960(79a960) Type: 18 Key Object Header: 0xE1EB7948 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\S\ OBJECT: 0xE1F0C3D0(6ba63d0) Type: 4 Token Object Header: 0xE1F0C3B8 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1EE94B8(4ee34b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,1de6f} ParentToken ID: {0,0} Modified ID: {0,1d985} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x25 SeUndockPrivilege Enabled 3 0x10 SeLoadDriverPrivilege Enabled OBJECT: 0xFF1E3800(4a4a800) Type: 8 Event Object Header: 0xFF1E37E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1E3840(4a4a840) Type: 8 Event Object Header: 0xFF1E3828 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25FF30(1b16f30) Type: 8 Event Object Header: 0xFF25FF18 GrantedAccess: 100002 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: GuardEventmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D3DEB8(6947eb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xFF2564D0(29044d0) Type: 10 Mutant Object Header: 0xFF2564B8 GrantedAccess: 100000 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: GuardMutexmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D3DE38(6947e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x100000;;;WD) OBJECT: 0xFF256AF0(2904af0) Type: 12 Semaphore Object Header: 0xFF256AD8 GrantedAccess: 100002 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: GuardSemmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D3DEB8(6947eb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xE1D3DAC0(6947ac0) Type: 17 Section Object Header: 0xE1D3DAA8 GrantedAccess: 4 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: mmGlobalPnpInfo SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E8C208(6a9208) BasedAddress: 0x00000080 SizeOfSegment: 0x40000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF12F490(7abb490) Type: 12 Semaphore Object Header: 0xFF12F478 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: shell.{6D5313C0-8C62-11D1-B2CD-006097DF8C11} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1894E8(3a7d4e8) Type: 26 File Object Header: 0xFF1894D0 GrantedAccess: 12019f PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\WMIEP_348 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48D80(7c38d80) Type: 17 Section Object Header: 0xE1E48D68 GrantedAccess: 6 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: WDMAUD_Callbacks SecurityDescriptor: 0xE1DD6D78(77f7d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;DCLC;;;WD) Segment: 0xE12DFF08(1970f08) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF225190(478b190) Type: 10 Mutant Object Header: 0xFF225178 GrantedAccess: 100000 PointerCount: 9 HandleCount: 8 Directory: 0xFCC61C10 Name: mxrapi SecurityDescriptor: 0xE12A58D8(18c88d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xFF199D48(381bd48) Type: 26 File Object Header: 0xFF199D30 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000001\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFF18E3C0(3ac03c0) Type: 8 Event Object Header: 0xFF18E3A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF225190(478b190) Type: 10 Mutant Object Header: 0xFF225178 GrantedAccess: 100000 PointerCount: 9 HandleCount: 8 Directory: 0xFCC61C10 Name: mxrapi SecurityDescriptor: 0xE12A58D8(18c88d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xFF251030(4793030) Type: 8 Event Object Header: 0xFF251018 GrantedAccess: 100002 PointerCount: 10 HandleCount: 4 Directory: 0xFCC61C10 Name: hardwaremixercallback SecurityDescriptor: 0xE1E59F78(9eef78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xFF19FE60(37d0e60) Type: 8 Event Object Header: 0xFF19FE48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE20A7030(64d3030) Type: 4 Token Object Header: 0xE20A7018 GrantedAccess: c PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE1FE6898(3b3a898) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-791032918-1291200457-768897840-500)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,39be6} ParentToken ID: {0,0} Modified ID: {0,8628} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x25 SeUndockPrivilege Enabled 3 0x13 SeProfileSingleProcessPrivilege Default Enabled 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x10 SeLoadDriverPrivilege Enabled 7 0x23 SeChangeNotifyPrivilege Default Enabled 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled OBJECT: 0xFF19D1A0(37bd1a0) Type: 10 Mutant Object Header: 0xFF19D188 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF189588(3a7d588) Type: 26 File Object Header: 0xFF189570 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF15C160(6368160) Type: 8 Event Object Header: 0xFF15C148 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF189448(3a7d448) Type: 26 File Object Header: 0xFF189430 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\WMIEP_348 OBJECT: 0xFF18E300(3ac0300) Type: 8 Event Object Header: 0xFF18E2E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A5960(3524960) Type: 6 Thread Object Header: 0xFF1A5948 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.000003D0 ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF17E440(40d9440) Type: 8 Event Object Header: 0xFF17E428 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1FDCE0(4859ce0) Type: 8 Event Object Header: 0xFF1FDCC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF187AE0(3c41ae0) Type: 8 Event Object Header: 0xFF187AC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1382E0(1de62e0) Type: 8 Event Object Header: 0xFF1382C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF159200(4882200) Type: 8 Event Object Header: 0xFF1591E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E72CD0(de3cd0) Type: 19 Port Object Header: 0xE1E72CB8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000348.00000390 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF147A50(2ce4a50) Type: 8 Event Object Header: 0xFF147A38 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 Directory: 0xFCC61C10 Name: FaxStartedEvent SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) OBJECT: 0xFF24FEE0(7acee0) Type: 8 Event Object Header: 0xFF24FEC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2078EC0(4026ec0) Type: 18 Key Object Header: 0xE2078EA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\F\ OBJECT: 0xFF25B700(194a700) Type: 8 Event Object Header: 0xFF25B6E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D54480(6a97480) Type: 18 Key Object Header: 0xE1D54468 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\S\ OBJECT: 0xFF1773E0(59013e0) Type: 8 Event Object Header: 0xFF1773C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE205C420(3a71420) Type: 18 Key Object Header: 0xE205C408 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\ZoneMap\ OBJECT: 0xFF177320(5901320) Type: 8 Event Object Header: 0xFF177308 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF131640(917640) Type: 6 Thread Object Header: 0xFF131628 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000348.0000036C ThreadsProcess: 0xFF1CDA00 OBJECT: 0xFF19D360(37bd360) Type: 8 Event Object Header: 0xFF19D348 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF206660(515e660) Type: 8 Event Object Header: 0xFF206648 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32548(104f548) Type: 26 File Object Header: 0xFCA32530 GrantedAccess: 120089 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\stdole2.tlb OBJECT: 0xE1E2C9D0(7a4e9d0) Type: 17 Section Object Header: 0xE1E2C9B8 GrantedAccess: f0005 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE13DA008(59a2008) BasedAddress: 0x2EA0DCC8 SizeOfSegment: 0x240000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\shell32.dll OBJECT: 0xFF181BE0(4060be0) Type: 8 Event Object Header: 0xFF181BC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15E820(6430820) Type: 8 Event Object Header: 0xFF15E808 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF167DC0(6627dc0) Type: 12 Semaphore Object Header: 0xFF167DA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2116280(15cd280) Type: 18 Key Object Header: 0xE2116268 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\ZoneMap\ OBJECT: 0xE12DE1D0(196f1d0) Type: 17 Section Object Header: 0xE12DE1B8 GrantedAccess: f0005 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1C1AB68(a01b68) BasedAddress: 0x09A734C8 SizeOfSegment: 0x140000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\webvw.dll OBJECT: 0xE1E56EB0(9faeb0) Type: 17 Section Object Header: 0xE1E56E98 GrantedAccess: f0005 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1F6BBE8(25e3be8) BasedAddress: 0x2D71CCC0 SizeOfSegment: 0x40000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\stdole2.tlb OBJECT: 0xE1EC4120(4766120) Type: 18 Key Object Header: 0xE1EC4108 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\C\ OBJECT: 0xFF1FF7E0(4f7b7e0) Type: 8 Event Object Header: 0xFF1FF7C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF167BC8(6627bc8) Type: 26 File Object Header: 0xFF167BB0 GrantedAccess: 120089 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\system32\shell32.dll OBJECT: 0xFF1ED960(48ca960) Type: 8 Event Object Header: 0xFF1ED948 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF23B408(5686408) Type: 26 File Object Header: 0xFF23B3F0 GrantedAccess: 120089 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\webvw.dll OBJECT: 0xFF24E160(7d47160) Type: 10 Mutant Object Header: 0xFF24E148 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16BE48(45e6e48) Type: 26 File Object Header: 0xFF16BE30 GrantedAccess: 100001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0\ OBJECT: 0xE2052340(39bd340) Type: 18 Key Object Header: 0xE2052328 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\MountPoints\E\ 21. TABLE: 0xFF1A1248(36ee248): Table: 0xE2029000 QuotaProcess: 0xFF1A12E0 ProcessId: 398 HandleCount: 50 CapturedHandleCount: 50 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1334650(1a96650) Type: 17 Section Object Header: 0xE1334638 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1EDE728(3066728) BasedAddress: 0x09809C28 SizeOfSegment: 0x1a000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Apoint\Apoint.exe OBJECT: 0xFF1A0EC0(37c0ec0) Type: 8 Event Object Header: 0xFF1A0EA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19E440(3841440) Type: 8 Event Object Header: 0xFF19E428 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19E400(3841400) Type: 8 Event Object Header: 0xFF19E3E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF19E368(3841368) Type: 26 File Object Header: 0xFF19E350 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\ OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFF19F780(37d0780) Type: 8 Event Object Header: 0xFF19F768 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EF34F0(50ed4f0) Type: 19 Port Object Header: 0xE1EF34D8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000398.00000394 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF19D880(37bd880) Type: 8 Event Object Header: 0xFF19D868 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xE133F680(1abd680) Type: 18 Key Object Header: 0xE133F668 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE1353660(1b52660) Type: 18 Key Object Header: 0xE1353648 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE1D42B80(695bb80) Type: 18 Key Object Header: 0xE1D42B68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xE1352F60(1b35f60) Type: 18 Key Object Header: 0xE1352F48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE1349800(1ae5800) Type: 18 Key Object Header: 0xE13497E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF19D780(37bd780) Type: 8 Event Object Header: 0xFF19D768 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D64880(756b880) Type: 18 Key Object Header: 0xE1D64868 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF19B750(384a750) Type: 10 Mutant Object Header: 0xFF19B738 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: AlpsPointEuropa SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE2065240(3a95240) Type: 18 Key Object Header: 0xE2065228 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\Alps\Apoint\ OBJECT: 0xFF18E9C0(3ac09c0) Type: 8 Event Object Header: 0xFF18E9A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCC4EA8(12e1ea8) Type: 26 File Object Header: 0xFCCC4E90 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xE1EB4C40(6bffc40) Type: 17 Section Object Header: 0xE1EB4C28 GrantedAccess: f0007 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: ALPS_GP_DRIVER_SCROLL SecurityDescriptor: 0xE1EE76B8(22526b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1321728(1a6d728) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFCD6D750(138a750) Type: 12 Semaphore Object Header: 0xFCD6D738 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 5 Directory: 0xFCC61C10 Name: shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1A1CE0(36eece0) Type: 8 Event Object Header: 0xFF1A1CC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1FEA4E0(39744e0) Type: 18 Key Object Header: 0xE1FEA4C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xFF23B640(5686640) Type: 8 Event Object Header: 0xFF23B628 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18D360(3a3f360) Type: 8 Event Object Header: 0xFF18D348 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17D490(41c2490) Type: 8 Event Object Header: 0xFF17D478 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: AlpsPointEvent SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF17EDA0(40d9da0) Type: 8 Event Object Header: 0xFF17ED88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF176FA0(591cfa0) Type: 8 Event Object Header: 0xFF176F88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC81FD0(129efd0) Type: 10 Mutant Object Header: 0xFCC81FB8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: Alps_Auto SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF18DEE0(3a3fee0) Type: 8 Event Object Header: 0xFF18DEC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18DE60(3a3fe60) Type: 8 Event Object Header: 0xFF18DE48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18E180(3ac0180) Type: 8 Event Object Header: 0xFF18E168 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19F020(37d0020) Type: 6 Thread Object Header: 0xFF19F008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000398.00000394 ThreadsProcess: 0xFF1A12E0 OBJECT: 0xFF18DFA0(3a3ffa0) Type: 8 Event Object Header: 0xFF18DF88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E34C00(7ab4c00) Type: 19 Port Object Header: 0xE1E34BE8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCD642F0 Name: OLE9 SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000398.00000394 ClientThread: 0x00000000 ServerProcess: 0xFF1A12E0 OBJECT: 0xFF191C40(39b1c40) Type: 25 IoCompletion Object Header: 0xFF191C28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF191C40(39b1c40) Type: 25 IoCompletion Object Header: 0xFF191C28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF1898A0(3a7d8a0) Type: 6 Thread Object Header: 0xFF189888 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000398.00000350 ThreadsProcess: 0xFF1A12E0 OBJECT: 0xFCCC7190(12e4190) Type: 12 Semaphore Object Header: 0xFCCC7178 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: shell.{090851A5-EB96-11D2-8BE4-00C04FA31A66} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF18E240(3ac0240) Type: 8 Event Object Header: 0xFF18E228 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19FEA0(37d0ea0) Type: 10 Mutant Object Header: 0xFF19FE88 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 22. TABLE: 0xFF1A09C8(37c09c8): Table: 0xE2024000 QuotaProcess: 0xFF1952C0 ProcessId: 3bc HandleCount: 55 CapturedHandleCount: 55 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1E1DEB0(7902eb0) Type: 17 Section Object Header: 0xE1E1DE98 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1EEE8A8(2b488a8) BasedAddress: 0x098C8C28 SizeOfSegment: 0xc000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Sony\HotKey Utility\HKserv.exe OBJECT: 0xFF195640(38eb640) Type: 8 Event Object Header: 0xFF195628 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF195880(38eb880) Type: 8 Event Object Header: 0xFF195868 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF195840(38eb840) Type: 8 Event Object Header: 0xFF195828 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF195F28(38ebf28) Type: 26 File Object Header: 0xFF195F10 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\ OBJECT: 0xFF192340(3992340) Type: 8 Event Object Header: 0xFF192328 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE2053CB0(3a27cb0) Type: 19 Port Object Header: 0xE2053C98 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Creator: 000003BC.000003B8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF191FA0(39b1fa0) Type: 8 Event Object Header: 0xFF191F88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xE1E36B80(7a38b80) Type: 18 Key Object Header: 0xE1E36B68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF199800(381b800) Type: 8 Event Object Header: 0xFF1997E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1362460(22bc460) Type: 18 Key Object Header: 0xE1362448 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF18D440(3a3f440) Type: 8 Event Object Header: 0xFF18D428 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA33910(1050910) Type: 8 Event Object Header: 0xFCA338F8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC61C10 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE205CB80(3a71b80) Type: 18 Key Object Header: 0xE205CB68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xFF195E60(38ebe60) Type: 8 Event Object Header: 0xFF195E48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18D220(3a3f220) Type: 10 Mutant Object Header: 0xFF18D208 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18D1E0(3a3f1e0) Type: 8 Event Object Header: 0xFF18D1C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18D1A0(3a3f1a0) Type: 10 Mutant Object Header: 0xFF18D188 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF183C68(3ec4c68) Type: 26 File Object Header: 0xFF183C50 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF18E030(3ac0030) Type: 10 Mutant Object Header: 0xFF18E018 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: HKserv SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF183C30(3ec4c30) Type: 8 Event Object Header: 0xFF183C18 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 1 Directory: 0xFCC61C10 Name: SonyAsyncEvent10128 SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF182B00(3f5bb00) Type: 8 Event Object Header: 0xFF182AE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17F860(406c860) Type: 8 Event Object Header: 0xFF17F848 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A3030(362e030) Type: 12 Semaphore Object Header: 0xFF1A3018 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: PowerProfileRegistrySemaphore SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) OBJECT: 0xFF14A468(2e68468) Type: 26 File Object Header: 0xFF14A450 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 0000001f OBJECT: 0xE1EC5F60(4f00f60) Type: 18 Key Object Header: 0xE1EC5F48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xFF14A868(2e68868) Type: 26 File Object Header: 0xFF14A850 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 00000020 OBJECT: 0xFF17B140(4321140) Type: 10 Mutant Object Header: 0xFF17B128 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1808C0(98d8c0) Type: 8 Event Object Header: 0xFF1808A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF182AC0(3f5bac0) Type: 8 Event Object Header: 0xFF182AA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF184B20(3e2fb20) Type: 8 Event Object Header: 0xFF184B08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF149BA0(54caba0) Type: 6 Thread Object Header: 0xFF149B88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003BC.00000478 ThreadsProcess: 0xFF1952C0 OBJECT: 0xFF14C8A8(1fde8a8) Type: 26 File Object Header: 0xFF14C890 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF14A7C8(2e687c8) Type: 26 File Object Header: 0xFF14A7B0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 00000020 OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE1EB5440(4cf6440) Type: 18 Key Object Header: 0xE1EB5428 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xFF17AF60(43d4f60) Type: 8 Event Object Header: 0xFF17AF48 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17AF20(43d4f20) Type: 8 Event Object Header: 0xFF17AF08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17AEE0(43d4ee0) Type: 8 Event Object Header: 0xFF17AEC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF194020(38cf020) Type: 6 Thread Object Header: 0xFF194008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003BC.000003B8 ThreadsProcess: 0xFF1952C0 OBJECT: 0xFF17AE80(43d4e80) Type: 8 Event Object Header: 0xFF17AE68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE207BF20(42bbf20) Type: 19 Port Object Header: 0xE207BF08 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 Directory: 0xFCD642F0 Name: OLEa SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 000003BC.000003B8 ClientThread: 0x00000000 ServerProcess: 0xFF1952C0 OBJECT: 0xFF17BC20(4321c20) Type: 25 IoCompletion Object Header: 0xFF17BC08 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF17BC20(4321c20) Type: 25 IoCompletion Object Header: 0xFF17BC08 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF17AA40(43d4a40) Type: 6 Thread Object Header: 0xFF17AA28 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003BC.00000410 ThreadsProcess: 0xFF1952C0 OBJECT: 0xFF17ADA0(43d4da0) Type: 8 Event Object Header: 0xFF17AD88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14D780(1fdf780) Type: 8 Event Object Header: 0xFF14D768 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 23. TABLE: 0xFF194388(38cf388): Table: 0xE2050000 QuotaProcess: 0xFF192780 ProcessId: 3c8 HandleCount: 89 CapturedHandleCount: 89 TableLevel: 2 StrictFIFO: No OBJECT: 0xE20221D0(38e71d0) Type: 17 Section Object Header: 0xE20221B8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE204F7C8(39bb7c8) BasedAddress: 0x098F3438 SizeOfSegment: 0x151000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Sony\Jog Dial Utility\JogServ2.exe OBJECT: 0xFF18D080(3a3f080) Type: 8 Event Object Header: 0xFF18D068 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18DEA0(3a3fea0) Type: 8 Event Object Header: 0xFF18DE88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF191F20(39b1f20) Type: 8 Event Object Header: 0xFF191F08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF18E7C8(3ac07c8) Type: 26 File Object Header: 0xFF18E7B0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\ OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFF18D160(3a3f160) Type: 8 Event Object Header: 0xFF18D148 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EC6F50(4e2ef50) Type: 19 Port Object Header: 0xE1EC6F38 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 1 SecurityDescriptor: (null) Creator: 000003C8.000003C4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF1A1B00(36eeb00) Type: 8 Event Object Header: 0xFF1A1AE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xE1330460(1a92460) Type: 18 Key Object Header: 0xE1330448 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF18E480(3ac0480) Type: 8 Event Object Header: 0xFF18E468 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E29440(7a84440) Type: 18 Key Object Header: 0xE1E29428 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xE130D560(1a30560) Type: 18 Key Object Header: 0xE130D548 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xFF184F40(3e2ff40) Type: 8 Event Object Header: 0xFF184F28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1349780(1ae5780) Type: 18 Key Object Header: 0xE1349768 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xE1E28700(79d2700) Type: 18 Key Object Header: 0xE1E286E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE1F48460(476d460) Type: 18 Key Object Header: 0xE1F48448 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF17D940(41c2940) Type: 8 Event Object Header: 0xFF17D928 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17E080(40d9080) Type: 8 Event Object Header: 0xFF17E068 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1766A8(591c6a8) Type: 26 File Object Header: 0xFF176690 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF17D840(41c2840) Type: 8 Event Object Header: 0xFF17D828 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF195920(38eb920) Type: 8 Event Object Header: 0xFF195908 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18D880(3a3f880) Type: 6 Thread Object Header: 0xFF18D868 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C8.000003C4 ThreadsProcess: 0xFF192780 OBJECT: 0xFF17C560(4292560) Type: 8 Event Object Header: 0xFF17C548 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17C520(4292520) Type: 8 Event Object Header: 0xFF17C508 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13DBB70(59a5b70) Type: 19 Port Object Header: 0xE13DBB58 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000003C8.000003C4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE2086200(44f6200) Type: 19 Port Object Header: 0xE20861E8 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCD642F0 Name: OLEc SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 000003C8.000003C4 ClientThread: 0x00000000 ServerProcess: 0xFF192780 OBJECT: 0xFCC80940(129d940) Type: 25 IoCompletion Object Header: 0xFCC80928 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFCC80940(129d940) Type: 25 IoCompletion Object Header: 0xFCC80928 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xE2026C20(39f8c20) Type: 18 Key Object Header: 0xE2026C08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF139020(1bc6020) Type: 6 Thread Object Header: 0xFF139008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C8.000004CC ThreadsProcess: 0xFF192780 OBJECT: 0xFF1A4120(3588120) Type: 8 Event Object Header: 0xFF1A4108 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2027C80(39e4c80) Type: 18 Key Object Header: 0xE2027C68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1A40A0(35880a0) Type: 8 Event Object Header: 0xFF1A4088 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF175FA0(37effa0) Type: 8 Event Object Header: 0xFF175F88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2027D60(39e4d60) Type: 18 Key Object Header: 0xE2027D48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE2027E80(39e4e80) Type: 18 Key Object Header: 0xE2027E68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF175F20(37eff20) Type: 8 Event Object Header: 0xFF175F08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2026CE0(39f8ce0) Type: 18 Key Object Header: 0xE2026CC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF175EA0(37efea0) Type: 8 Event Object Header: 0xFF175E88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2027FA0(39e4fa0) Type: 18 Key Object Header: 0xE2027F88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF175E00(37efe00) Type: 8 Event Object Header: 0xFF175DE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2026D60(39f8d60) Type: 18 Key Object Header: 0xE2026D48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF175D60(37efd60) Type: 8 Event Object Header: 0xFF175D48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF175CC0(37efcc0) Type: 8 Event Object Header: 0xFF175CA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13633A0(22e53a0) Type: 18 Key Object Header: 0xE1363388 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF175C20(37efc20) Type: 8 Event Object Header: 0xFF175C08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12BF7E0(18ec7e0) Type: 18 Key Object Header: 0xE12BF7C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF175A20(37efa20) Type: 8 Event Object Header: 0xFF175A08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1315EA0(1a3eea0) Type: 18 Key Object Header: 0xE1315E88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF175980(37ef980) Type: 8 Event Object Header: 0xFF175968 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xE20877F0(58a37f0) Type: 19 Port Object Header: 0xE20877D8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000003C8.00000370 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCD61F90(137ef90) Type: 10 Mutant Object Header: 0xFCD61F78 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: JogServ2 SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF175460(37ef460) Type: 8 Event Object Header: 0xFF175448 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF209260(1ad1260) Type: 8 Event Object Header: 0xFF209248 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA33910(1050910) Type: 8 Event Object Header: 0xFCA338F8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC61C10 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF16CBC0(497abc0) Type: 8 Event Object Header: 0xFF16CBA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF170020(1a9d020) Type: 8 Event Object Header: 0xFF170008 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCC7130(12e4130) Type: 12 Semaphore Object Header: 0xFCCC7118 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 6 Directory: 0xFCC61C10 Name: shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF17F380(406c380) Type: 8 Event Object Header: 0xFF17F368 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A3030(362e030) Type: 12 Semaphore Object Header: 0xFF1A3018 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: PowerProfileRegistrySemaphore SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) OBJECT: 0xFF17A0C0(43d40c0) Type: 10 Mutant Object Header: 0xFF17A0A8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17F580(406c580) Type: 8 Event Object Header: 0xFF17F568 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17F1A0(406c1a0) Type: 10 Mutant Object Header: 0xFF17F188 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF171B50(eecb50) Type: 8 Event Object Header: 0xFF171B38 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 1 Directory: 0xFCC61C10 Name: SonyAsyncEvent10162 SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF174D60(5a45d60) Type: 8 Event Object Header: 0xFF174D48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15C528(6368528) Type: 26 File Object Header: 0xFF15C510 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 0000001f OBJECT: 0xE207D880(3ee0880) Type: 17 Section Object Header: 0xE207D868 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: SeCommon1999 FileMap SecurityDescriptor: 0xE1EE76B8(22526b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1DE9BC8(7856bc8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF153490(1bcf490) Type: 13 Timer Object Header: 0xFF153478 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: SeTimer0 SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF181D08(4060d08) Type: 26 File Object Header: 0xFF181CF0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF1700C0(1a9d0c0) Type: 8 Event Object Header: 0xFF1700A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15D9E8(57309e8) Type: 26 File Object Header: 0xFF15D9D0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 00000020 OBJECT: 0xFF1D0D40(22ffd40) Type: 10 Mutant Object Header: 0xFF1D0D28 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1634C0(50474c0) Type: 8 Event Object Header: 0xFF1634A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF170840(1a9d840) Type: 6 Thread Object Header: 0xFF170828 GrantedAccess: 1f03ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C8.00000414 ThreadsProcess: 0xFF192780 OBJECT: 0xFF15BE88(65f9e88) Type: 26 File Object Header: 0xFF15BE70 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 00000020 OBJECT: 0xFF159520(4882520) Type: 6 Thread Object Header: 0xFF159508 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003C8.00000400 ThreadsProcess: 0xFF192780 OBJECT: 0xFF16B4E0(45e64e0) Type: 8 Event Object Header: 0xFF16B4C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F0E80(487ee80) Type: 8 Event Object Header: 0xFF1F0E68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2D9E0(104a9e0) Type: 8 Event Object Header: 0xFCA2D9C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14DB20(1fdfb20) Type: 8 Event Object Header: 0xFF14DB08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 24. TABLE: 0xFF1AEA08(2db6a08): Table: 0xE1FE8000 QuotaProcess: 0xFF19CD60 ProcessId: 37c HandleCount: 62 CapturedHandleCount: 62 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1315F30(1a3ef30) Type: 17 Section Object Header: 0xE1315F18 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1FE6488(3b3a488) BasedAddress: 0x09555C30 SizeOfSegment: 0xa9000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe OBJECT: 0xFF19DD80(37bdd80) Type: 8 Event Object Header: 0xFF19DD68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A31C0(362e1c0) Type: 8 Event Object Header: 0xFF1A31A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A3D60(362ed60) Type: 8 Event Object Header: 0xFF1A3D48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF165728(4d87728) Type: 26 File Object Header: 0xFF165710 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF172FE0(b67fe0) Type: 8 Event Object Header: 0xFF172FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE2084E50(4393e50) Type: 19 Port Object Header: 0xE2084E38 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 0000037C.00000380 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF172E20(b67e20) Type: 8 Event Object Header: 0xFF172E08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xE12E45C0(197d5c0) Type: 18 Key Object Header: 0xE12E45A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF172D20(b67d20) Type: 8 Event Object Header: 0xFF172D08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF173180(25c5180) Type: 8 Event Object Header: 0xFF173168 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2847A0(a937a0) Type: 8 Event Object Header: 0xFF284788 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1365F80(22f8f80) Type: 18 Key Object Header: 0xE1365F68 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xE1ECB020(1959020) Type: 18 Key Object Header: 0xE1ECB008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xE1E2B3E0(7a2d3e0) Type: 18 Key Object Header: 0xE1E2B3C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE2027DA0(39e4da0) Type: 18 Key Object Header: 0xE2027D88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE12E41E0(197d1e0) Type: 18 Key Object Header: 0xE12E41C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF175880(37ef880) Type: 8 Event Object Header: 0xFF175868 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AA520(33a8520) Type: 8 Event Object Header: 0xFF1AA508 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF171420(eec420) Type: 8 Event Object Header: 0xFF171408 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1713E0(eec3e0) Type: 8 Event Object Header: 0xFF1713C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1FEA9A0(39749a0) Type: 18 Key Object Header: 0xE1FEA988 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFF1713A0(eec3a0) Type: 8 Event Object Header: 0xFF171388 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E95160(45a4160) Type: 18 Key Object Header: 0xE1E95148 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\ OBJECT: 0xFF171360(eec360) Type: 8 Event Object Header: 0xFF171348 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF171300(eec300) Type: 8 Event Object Header: 0xFF1712E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E79140(38d140) Type: 18 Key Object Header: 0xE1E79128 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE2046B40(39f9b40) Type: 18 Key Object Header: 0xE2046B28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF171260(eec260) Type: 8 Event Object Header: 0xFF171248 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF173380(25c5380) Type: 8 Event Object Header: 0xFF173368 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1705C8(1a9d5c8) Type: 26 File Object Header: 0xFF1705B0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Drag'n Drop CD\BinFiles\ OBJECT: 0xFF171B00(eecb00) Type: 8 Event Object Header: 0xFF171AE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF168B40(53dbb40) Type: 8 Event Object Header: 0xFF168B28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF165C10(4d87c10) Type: 10 Mutant Object Header: 0xFF165BF8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: DDBurnerMutex SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF1694E0(49fd4e0) Type: 8 Event Object Header: 0xFF1694C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF24DA48(766a48) Type: 26 File Object Header: 0xFF24DA30 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: PxHelperDevice0 OBJECT: 0xFF164300(4873300) Type: 8 Event Object Header: 0xFF1642E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16EE20(4721e20) Type: 8 Event Object Header: 0xFF16EE08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF233BE0(6b8abe0) Type: 8 Event Object Header: 0xFF233BC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1794C0(44054c0) Type: 8 Event Object Header: 0xFF1794A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17A640(43d4640) Type: 8 Event Object Header: 0xFF17A628 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15BCE0(65f9ce0) Type: 8 Event Object Header: 0xFF15BCC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CF8E0(22fe8e0) Type: 8 Event Object Header: 0xFF1CF8C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF153200(1bcf200) Type: 8 Event Object Header: 0xFF1531E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DC1E8(1da71e8) Type: 26 File Object Header: 0xFF1DC1D0 GrantedAccess: 120089 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0 OBJECT: 0xFF154D00(4fcbd00) Type: 8 Event Object Header: 0xFF154CE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF154D80(4fcbd80) Type: 8 Event Object Header: 0xFF154D68 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF154D40(4fcbd40) Type: 8 Event Object Header: 0xFF154D28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D7EE0(1eebee0) Type: 25 IoCompletion Object Header: 0xFF1D7EC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF1D7EE0(1eebee0) Type: 25 IoCompletion Object Header: 0xFF1D7EC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF1546C0(4fcb6c0) Type: 8 Event Object Header: 0xFF1546A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A4860(3588860) Type: 6 Thread Object Header: 0xFF1A4848 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000037C.00000380 ThreadsProcess: 0xFF19CD60 OBJECT: 0xFF1D7A88(1eeba88) Type: 26 File Object Header: 0xFF1D7A70 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF154CC0(4fcbcc0) Type: 8 Event Object Header: 0xFF154CA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 25. TABLE: 0xFF1CB548(2d34548): Table: 0xE1FF8000 QuotaProcess: 0xFF188020 ProcessId: 3e0 HandleCount: 21 CapturedHandleCount: 21 TableLevel: 2 StrictFIFO: No OBJECT: 0xE2063B50(3ae3b50) Type: 17 Section Object Header: 0xE2063B38 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1FEBE08(3979e08) BasedAddress: 0x09567C30 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\alogserv.exe OBJECT: 0xFF1CB760(2d34760) Type: 8 Event Object Header: 0xFF1CB748 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CB720(2d34720) Type: 8 Event Object Header: 0xFF1CB708 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1CB6E0(2d346e0) Type: 8 Event Object Header: 0xFF1CB6C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF188B08(3c42b08) Type: 26 File Object Header: 0xFF188AF0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\ OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFF185500(3e21500) Type: 8 Event Object Header: 0xFF1854E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1FFEF50(3da1f50) Type: 19 Port Object Header: 0xE1FFEF38 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 000003E0.000003DC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF185340(3e21340) Type: 8 Event Object Header: 0xFF185328 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xE1DFD1A0(78771a0) Type: 18 Key Object Header: 0xE1DFD188 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF1875A0(3c415a0) Type: 8 Event Object Header: 0xFF187588 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF180BE0(98dbe0) Type: 6 Thread Object Header: 0xFF180BC8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003E0.00000408 ThreadsProcess: 0xFF188020 OBJECT: 0xFF1815E0(40605e0) Type: 8 Event Object Header: 0xFF1815C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF168080(53db080) Type: 8 Event Object Header: 0xFF168068 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF180648(98d648) Type: 26 File Object Header: 0xFF180630 GrantedAccess: 100001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\Activity Log 26. TABLE: 0xFF1858E8(3e218e8): Table: 0xE204C000 QuotaProcess: 0xFF184100 ProcessId: 3f4 HandleCount: 198 CapturedHandleCount: 198 TableLevel: 2 StrictFIFO: No OBJECT: 0xE13AC5F0(2b2c5f0) Type: 17 Section Object Header: 0xE13AC5D8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE204A5E8(3e905e8) BasedAddress: 0x099DBC28 SizeOfSegment: 0xa5000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Support.com\Client\bin\tgcmd.exe OBJECT: 0xFF183FE0(3ec4fe0) Type: 8 Event Object Header: 0xFF183FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF187A00(3c41a00) Type: 8 Event Object Header: 0xFF1879E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF183D00(3ec4d00) Type: 8 Event Object Header: 0xFF183CE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF238350(64a8350) Type: 10 Mutant Object Header: 0xFF238338 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: DBWinMutex SecurityDescriptor: 0xE1336CF8(1ac3cf8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;SY)(A;;0x1f0001;;;BA) OBJECT: 0xFF17BFA0(4321fa0) Type: 8 Event Object Header: 0xFF17BF88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE2079630(42b5630) Type: 19 Port Object Header: 0xE2079618 GrantedAccess: 1f0001 PointerCount: 9 HandleCount: 1 SecurityDescriptor: (null) Creator: 000003F4.000003F0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFF17BE60(4321e60) Type: 8 Event Object Header: 0xFF17BE48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EB7BE0(79abe0) Type: 18 Key Object Header: 0xE1EB7BC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF17BD60(4321d60) Type: 8 Event Object Header: 0xFF17BD48 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xE1EB5DE0(4cf6de0) Type: 18 Key Object Header: 0xE1EB5DC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE1EC0E80(28f5e80) Type: 18 Key Object Header: 0xE1EC0E68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xE1E2BB20(7a2db20) Type: 18 Key Object Header: 0xE1E2BB08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE1E322A0(7a302a0) Type: 18 Key Object Header: 0xE1E32288 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF17BAA0(4321aa0) Type: 8 Event Object Header: 0xFF17BA88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17C880(4292880) Type: 8 Event Object Header: 0xFF17C868 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18CE80(3a59e80) Type: 8 Event Object Header: 0xFF18CE68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF187E40(3c41e40) Type: 8 Event Object Header: 0xFF187E28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18CEC0(3a59ec0) Type: 8 Event Object Header: 0xFF18CEA8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2027260(39e4260) Type: 18 Key Object Header: 0xE2027248 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\ OBJECT: 0xFF17D880(41c2880) Type: 8 Event Object Header: 0xFF17D868 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCDBE7D0(13db7d0) Type: 10 Mutant Object Header: 0xFCDBE7B8 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: ZonesCacheCounterMutex SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF287950(945950) Type: 10 Mutant Object Header: 0xFF287938 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: ZonesCounterMutex SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF174E40(5a45e40) Type: 8 Event Object Header: 0xFF174E28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCC7130(12e4130) Type: 12 Semaphore Object Header: 0xFCCC7118 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 6 Directory: 0xFCC61C10 Name: shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFCD46310(1363310) Type: 10 Mutant Object Header: 0xFCD462F8 GrantedAccess: 100000 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: WininetStartupMutex SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFCDC0850(13dd850) Type: 10 Mutant Object Header: 0xFCDC0838 GrantedAccess: 100000 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: WininetConnectionMutex SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF175340(37ef340) Type: 10 Mutant Object Header: 0xFF175328 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCDC09D0(13dd9d0) Type: 10 Mutant Object Header: 0xFCDC09B8 GrantedAccess: 100000 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: WininetProxyRegistryMutex SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF175300(37ef300) Type: 8 Event Object Header: 0xFF1752E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1752C0(37ef2c0) Type: 8 Event Object Header: 0xFF1752A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF174020(5a45020) Type: 8 Event Object Header: 0xFF174008 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF282F00(9def00) Type: 25 IoCompletion Object Header: 0xFF282EE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF282F00(9def00) Type: 25 IoCompletion Object Header: 0xFF282EE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF2895E0(85e5e0) Type: 8 Event Object Header: 0xFF2895C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF183020(3ec4020) Type: 6 Thread Object Header: 0xFF183008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.000003F0 ThreadsProcess: 0xFF184100 OBJECT: 0xFF281D08(9f9d08) Type: 26 File Object Header: 0xFF281CF0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat OBJECT: 0xFCDC1910(13de910) Type: 10 Mutant Object Header: 0xFCDC18F8 GrantedAccess: 100000 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFCDC16F0(13de6f0) Type: 10 Mutant Object Header: 0xFCDC16D8 GrantedAccess: 100000 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: _!MSFTHISTORY!_ SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE1E6B600(cb1600) Type: 17 Section Object Header: 0xE1E6B5E8 GrantedAccess: 2 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: C:_Documents and Settings_Administrator_Local Settings_Temporary Internet Files_Content.IE5_index.dat_32768 SecurityDescriptor: 0xE134B578(1aef578) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1ECB208(1959208) BasedAddress: 0x08F7D4C0 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat OBJECT: 0xFF1E7170(1c86170) Type: 10 Mutant Object Header: 0xFF1E7158 GrantedAccess: 100000 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: c:!documents and settings!administrator!cookies! SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFCD4AF30(1367f30) Type: 10 Mutant Object Header: 0xFCD4AF18 GrantedAccess: 100000 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: c:!documents and settings!administrator!local settings!history!history.ie5! SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF28FAE8(79f0ae8) Type: 26 File Object Header: 0xFF28FAD0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Cookies\index.dat OBJECT: 0xFCA318E8(104e8e8) Type: 26 File Object Header: 0xFCA318D0 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat OBJECT: 0xE1EE2900(4a9c900) Type: 17 Section Object Header: 0xE1EE28E8 GrantedAccess: 2 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_index.dat_32768 SecurityDescriptor: 0xE134B578(1aef578) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1E6CDC8(e97dc8) BasedAddress: 0x08C1CCD0 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat OBJECT: 0xFF176300(591c300) Type: 8 Event Object Header: 0xFF1762E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2875E0(9455e0) Type: 8 Event Object Header: 0xFF2875C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2D540(79af540) Type: 17 Section Object Header: 0xE1E2D528 GrantedAccess: 2 PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: C:_Documents and Settings_Administrator_Cookies_index.dat_16384 SecurityDescriptor: 0xE134B578(1aef578) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE12E2D28(1977d28) BasedAddress: 0x089A2CC8 SizeOfSegment: 0x4000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Cookies\index.dat OBJECT: 0xFF183020(3ec4020) Type: 6 Thread Object Header: 0xFF183008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.000003F0 ThreadsProcess: 0xFF184100 OBJECT: 0xE2045DE0(39e9de0) Type: 18 Key Object Header: 0xE2045DC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\ OBJECT: 0xFF287560(945560) Type: 8 Event Object Header: 0xFF287548 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1343120(1acb120) Type: 18 Key Object Header: 0xE1343108 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\ OBJECT: 0xFF173F00(25c5f00) Type: 10 Mutant Object Header: 0xFF173EE8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1744E0(5a454e0) Type: 8 Event Object Header: 0xFF1744C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF173E80(25c5e80) Type: 12 Semaphore Object Header: 0xFF173E68 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF173E40(25c5e40) Type: 12 Semaphore Object Header: 0xFF173E28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18B500(3a78500) Type: 8 Event Object Header: 0xFF18B4E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18B4C0(3a784c0) Type: 8 Event Object Header: 0xFF18B4A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18B440(3a78440) Type: 12 Semaphore Object Header: 0xFF18B428 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18B400(3a78400) Type: 12 Semaphore Object Header: 0xFF18B3E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2052680(39bd680) Type: 18 Key Object Header: 0xE2052668 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASAPI32\ OBJECT: 0xFF18B3C0(3a783c0) Type: 8 Event Object Header: 0xFF18B3A8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF173820(25c5820) Type: 8 Event Object Header: 0xFF173808 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1737E0(25c57e0) Type: 8 Event Object Header: 0xFF1737C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF27BB70(eb3b70) Type: 10 Mutant Object Header: 0xFF27BB58 GrantedAccess: 100000 PointerCount: 11 HandleCount: 10 Directory: 0xFCC61C10 Name: RasPbFile SecurityDescriptor: 0xE1E6B558(cb1558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) OBJECT: 0xFF1737A0(25c57a0) Type: 8 Event Object Header: 0xFF173788 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF173760(25c5760) Type: 8 Event Object Header: 0xFF173748 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE130E520(1a37520) Type: 18 Key Object Header: 0xE130E508 GrantedAccess: 3 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE13942E0(29762e0) Type: 17 Section Object Header: 0xE13942C8 GrantedAccess: 4 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: SENS Information Cache SecurityDescriptor: 0xE134FC18(1af6c18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;LC;;;WD)(A;;DC;;;SY) Segment: 0xE12E8AE8(198dae8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF173660(25c5660) Type: 8 Event Object Header: 0xFF173648 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E299B0(7a849b0) Type: 19 Port Object Header: 0xE1E29998 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000003F4.000003F0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1DCE300(76b6300) Type: 18 Key Object Header: 0xE1DCE2E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE1E950E0(45a40e0) Type: 18 Key Object Header: 0xE1E950C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\ OBJECT: 0xFCDA52D0(13c22d0) Type: 10 Mutant Object Header: 0xFCDA52B8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: __TgCommander__ SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF172A00(b67a00) Type: 8 Event Object Header: 0xFF1729E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA33910(1050910) Type: 8 Event Object Header: 0xFCA338F8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC61C10 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xFF1753E0(37ef3e0) Type: 8 Event Object Header: 0xFF1753C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16FF70(4591f70) Type: 8 Event Object Header: 0xFF16FF58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: TgSchedUpdateListTwoEventName SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF279388(d72388) Type: 26 File Object Header: 0xFF279370 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\program files\support.com\client\bin\ OBJECT: 0xFF16F030(4591030) Type: 8 Event Object Header: 0xFF16F018 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: TgSchedUpdateJobsTwoEventName SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF260508(228508) Type: 26 File Object Header: 0xFF2604F0 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF16FFF0(4591ff0) Type: 8 Event Object Header: 0xFF16FFD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: TgSchedUpdateJobsEventName SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16FFB0(4591fb0) Type: 8 Event Object Header: 0xFF16FF98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: TgSchedUpdateListEventName SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16FEF0(4591ef0) Type: 8 Event Object Header: 0xFF16FED8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC61C10 Name: TgSchedNewUserEventName SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16FEB0(4591eb0) Type: 8 Event Object Header: 0xFF16FE98 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 3 Directory: 0xFCC61C10 Name: TgSchedExitEvent SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16FC20(4591c20) Type: 6 Thread Object Header: 0xFF16FC08 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000042C ThreadsProcess: 0xFF184100 OBJECT: 0xFF16F960(4591960) Type: 6 Thread Object Header: 0xFF16F948 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000430 ThreadsProcess: 0xFF184100 OBJECT: 0xFF16F6A0(45916a0) Type: 6 Thread Object Header: 0xFF16F688 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000434 ThreadsProcess: 0xFF184100 OBJECT: 0xFF16FBE0(4591be0) Type: 8 Event Object Header: 0xFF16FBC8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16FC20(4591c20) Type: 6 Thread Object Header: 0xFF16FC08 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000042C ThreadsProcess: 0xFF184100 OBJECT: 0xFF16FEB0(4591eb0) Type: 8 Event Object Header: 0xFF16FE98 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 3 Directory: 0xFCC61C10 Name: TgSchedExitEvent SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16F620(4591620) Type: 8 Event Object Header: 0xFF16F608 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16FF70(4591f70) Type: 8 Event Object Header: 0xFF16FF58 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: TgSchedUpdateListTwoEventName SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16F030(4591030) Type: 8 Event Object Header: 0xFF16F018 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: TgSchedUpdateJobsTwoEventName SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16FEF0(4591ef0) Type: 8 Event Object Header: 0xFF16FED8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC61C10 Name: TgSchedNewUserEventName SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16F960(4591960) Type: 6 Thread Object Header: 0xFF16F948 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000430 ThreadsProcess: 0xFF184100 OBJECT: 0xFF16F960(4591960) Type: 6 Thread Object Header: 0xFF16F948 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000430 ThreadsProcess: 0xFF184100 OBJECT: 0xFF16FC20(4591c20) Type: 6 Thread Object Header: 0xFF16FC08 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.0000042C ThreadsProcess: 0xFF184100 OBJECT: 0xFF16F320(4591320) Type: 6 Thread Object Header: 0xFF16F308 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000438 ThreadsProcess: 0xFF184100 OBJECT: 0xFF16FFF0(4591ff0) Type: 8 Event Object Header: 0xFF16FFD8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: TgSchedUpdateJobsEventName SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16FFB0(4591fb0) Type: 8 Event Object Header: 0xFF16FF98 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: TgSchedUpdateListEventName SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16FEB0(4591eb0) Type: 8 Event Object Header: 0xFF16FE98 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 3 Directory: 0xFCC61C10 Name: TgSchedExitEvent SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16FEF0(4591ef0) Type: 8 Event Object Header: 0xFF16FED8 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 3 Directory: 0xFCC61C10 Name: TgSchedNewUserEventName SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16CCA0(497aca0) Type: 8 Event Object Header: 0xFF16CC88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E820(4721820) Type: 10 Mutant Object Header: 0xFF16E808 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E860(4721860) Type: 8 Event Object Header: 0xFF16E848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13240E0(1a730e0) Type: 18 Key Object Header: 0xE13240C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF1D0C80(22ffc80) Type: 8 Event Object Header: 0xFF1D0C68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EC5020(4f00020) Type: 18 Key Object Header: 0xE1EC5008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF16EDA0(4721da0) Type: 8 Event Object Header: 0xFF16ED88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16ED20(4721d20) Type: 8 Event Object Header: 0xFF16ED08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12B8B00(19bdb00) Type: 18 Key Object Header: 0xE12B8AE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF16ECA0(4721ca0) Type: 8 Event Object Header: 0xFF16EC88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1F60F60(2318f60) Type: 18 Key Object Header: 0xE1F60F48 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF16EC20(4721c20) Type: 8 Event Object Header: 0xFF16EC08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2046A00(39f9a00) Type: 18 Key Object Header: 0xE20469E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF16EBA0(4721ba0) Type: 8 Event Object Header: 0xFF16EB88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EC3AA0(4e65aa0) Type: 18 Key Object Header: 0xE1EC3A88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF16EB20(4721b20) Type: 8 Event Object Header: 0xFF16EB08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16EAA0(4721aa0) Type: 8 Event Object Header: 0xFF16EA88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2046B00(39f9b00) Type: 18 Key Object Header: 0xE2046AE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF16EA20(4721a20) Type: 8 Event Object Header: 0xFF16EA08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE202C340(3a08340) Type: 18 Key Object Header: 0xE202C328 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF16E9A0(47219a0) Type: 8 Event Object Header: 0xFF16E988 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2045820(39e9820) Type: 18 Key Object Header: 0xE2045808 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF16E920(4721920) Type: 8 Event Object Header: 0xFF16E908 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF16E7E0(47217e0) Type: 8 Event Object Header: 0xFF16E7C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E7A0(47217a0) Type: 10 Mutant Object Header: 0xFF16E788 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E760(4721760) Type: 12 Semaphore Object Header: 0xFF16E748 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E720(4721720) Type: 12 Semaphore Object Header: 0xFF16E708 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E6E0(47216e0) Type: 8 Event Object Header: 0xFF16E6C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE20468C0(39f98c0) Type: 18 Key Object Header: 0xE20468A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\ OBJECT: 0xFCC5D1A8(127a1a8) Type: 26 File Object Header: 0xFCC5D190 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF16E688 (4721688) Unknown1: 0xE1D3EC80 (692cc80) Unknown2: 0xe1d3ecbc OBJECT: 0xFF173028(25c5028) Type: 26 File Object Header: 0xFF173010 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Tcp Type: TDI_CONTROL_CHANNEL_FILE TDI Context: 0xFF16E648 (4721648) Unknown1: 0xE1D3EC80 (692cc80) Unknown2: 0xe1d3ecbc OBJECT: 0xFF250F88(7c7f88) Type: 26 File Object Header: 0xFF250F70 GrantedAccess: 1200a0 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFCC5D928(127a928) Type: 26 File Object Header: 0xFCC5D910 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xFCC5E488(127b488) Type: 26 File Object Header: 0xFCC5E470 GrantedAccess: 100081 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Ip OBJECT: 0xE12C2920(18f9920) Type: 18 Key Object Header: 0xE12C2908 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\ OBJECT: 0xE2054020(3a28020) Type: 18 Key Object Header: 0xE2054008 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\ OBJECT: 0xE2054FE0(3a28fe0) Type: 18 Key Object Header: 0xE2054FC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\ OBJECT: 0xFF16E520(4721520) Type: 12 Semaphore Object Header: 0xFF16E508 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16F320(4591320) Type: 6 Thread Object Header: 0xFF16F308 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000438 ThreadsProcess: 0xFF184100 OBJECT: 0xFF16E5E0(47215e0) Type: 8 Event Object Header: 0xFF16E5C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E0A0(47210a0) Type: 12 Semaphore Object Header: 0xFF16E088 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16F320(4591320) Type: 6 Thread Object Header: 0xFF16F308 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 4 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000438 ThreadsProcess: 0xFF184100 OBJECT: 0xFF16E5A0(47215a0) Type: 8 Event Object Header: 0xFF16E588 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E560(4721560) Type: 8 Event Object Header: 0xFF16E548 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC5EB48(127bb48) Type: 26 File Object Header: 0xFCC5EB30 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF16E168 (4721168) Unknown1: 0x00010000 (15e8000) Unknown2: 0x65a93890 Address Object: 0xFF16D008 (ab9008) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF250F08:FF24EC28} OBJECT: 0xE20520A0(39bd0a0) Type: 18 Key Object Header: 0xE2052088 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Tracing\RASADHLP\ OBJECT: 0xFF16E4E0(47214e0) Type: 8 Event Object Header: 0xFF16E4C8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E420(4721420) Type: 8 Event Object Header: 0xFF16E408 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16E3E0(47213e0) Type: 8 Event Object Header: 0xFF16E3C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16D8A8(ab98a8) Type: 26 File Object Header: 0xFF16D890 GrantedAccess: 1f01ff PointerCount: 3 HandleCount: 2 SecurityDescriptor: (null) Path: Tcp Type: TDI_TRANSPORT_ADDRESS_FILE TDI Context: 0xFF16D848 (ab9848) Unknown1: 0x000000BB (1) Address Object: 0xFF16D688 (ab9688) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFCC5C948:FF2518A8} OBJECT: 0xFF2509E8(7c79e8) Type: 26 File Object Header: 0xFF2509D0 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF16E1A8 (47211a8) Type: 0xafd4 Process: 0xFF184100 tgcmd.exe EndpointLinks: {0xFF1EA638:FF16D9D8} AfdTransportAddress: 0xFF272588 (e84588) DeviceString: \Device\Tcp OBJECT: 0xFF16DA68(ab9a68) Type: 26 File Object Header: 0xFF16DA50 GrantedAccess: 1f01ff PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: Afd\Endpoint Afd Endpoint: 0xFF16D928 (ab9928) Type: 0xafd4 Process: 0xFF184100 tgcmd.exe EndpointLinks: {0xFF16E258:FF16BF98} AfdTransportAddress: 0xFF272588 (e84588) DeviceString: \Device\Tcp OBJECT: 0xFF1CDA00(4703a00) Type: 5 Process Object Header: 0xFF1CD9E8 GrantedAccess: 100400 PointerCount: 152 HandleCount: 5 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: Explorer.Exe OBJECT: 0xE1F1D1B0(50351b0) Type: 17 Section Object Header: 0xE1F1D198 GrantedAccess: f0007 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE12B4388(18d4388) BasedAddress: 0x00000080 SizeOfSegment: 0x5000 OBJECT: 0xFF16F6A0(45916a0) Type: 6 Thread Object Header: 0xFF16F688 GrantedAccess: 1f03ff PointerCount: 7 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000434 ThreadsProcess: 0xFF184100 OBJECT: 0xE1EBA730(772c730) Type: 4 Token Object Header: 0xE1EBA718 GrantedAccess: 2000a PointerCount: 20 HandleCount: 2 SecurityDescriptor: 0xE12CA398(1941398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,dba0} ParentToken ID: {0,0} Modified ID: {0,1d985} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled OBJECT: 0xFF16A6A0(51c86a0) Type: 8 Event Object Header: 0xFF16A688 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF244A68(51e5a68) Type: 26 File Object Header: 0xFF244A50 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: Netbios OBJECT: 0xFF160160(708160) Type: 12 Semaphore Object Header: 0xFF160148 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16A6E0(51c86e0) Type: 8 Event Object Header: 0xFF16A6C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16BC00(45e6c00) Type: 8 Event Object Header: 0xFF16BBE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16F1A0(45911a0) Type: 8 Event Object Header: 0xFF16F188 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16F160(4591160) Type: 8 Event Object Header: 0xFF16F148 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EC6380(4e2e380) Type: 18 Key Object Header: 0xE1EC6368 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xFF16A160(51c8160) Type: 6 Thread Object Header: 0xFF16A148 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003F4.00000444 ThreadsProcess: 0xFF184100 OBJECT: 0xFF161FA0(57f2fa0) Type: 8 Event Object Header: 0xFF161F88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF161F20(57f2f20) Type: 12 Semaphore Object Header: 0xFF161F08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EE55A0(4fdf5a0) Type: 18 Key Object Header: 0xE1EE5588 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE1E6F560(ce6560) Type: 18 Key Object Header: 0xE1E6F548 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ OBJECT: 0xFF169520(49fd520) Type: 8 Event Object Header: 0xFF169508 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1330D40(1a92d40) Type: 18 Key Object Header: 0xE1330D28 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE1F4B880(7890880) Type: 18 Key Object Header: 0xE1F4B868 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xFF1601A0(7081a0) Type: 12 Semaphore Object Header: 0xFF160188 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1008340(15d9340) Type: 18 Key Object Header: 0xE1008328 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xFF147280(2ce4280) Type: 8 Event Object Header: 0xFF147268 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12F9C20(19d8c20) Type: 18 Key Object Header: 0xE12F9C08 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE20607E0(3a737e0) Type: 18 Key Object Header: 0xE20607C8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE12D61C0(194f1c0) Type: 18 Key Object Header: 0xE12D61A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE1DD4EE0(7730ee0) Type: 18 Key Object Header: 0xE1DD4EC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE2027400(39e4400) Type: 18 Key Object Header: 0xE20273E8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE2026BE0(39f8be0) Type: 18 Key Object Header: 0xE2026BC8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE1D62280(7569280) Type: 18 Key Object Header: 0xE1D62268 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xE205EE00(3a3ee00) Type: 18 Key Object Header: 0xE205EDE8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\RAS\TAPI DEVICES\ OBJECT: 0xFCD4A8E0(13678e0) Object Header: 0xFCD4A8C8 GrantedAccess: 1f0003 PointerCount: -53172024 HandleCount: 301989888 OBJECT: 0xFF15C4E0(63684e0) Type: 8 Event Object Header: 0xFF15C4C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1AA348(33a8348) Type: 26 File Object Header: 0xFF1AA330 GrantedAccess: 1f01ff PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: Afd 27. TABLE: 0xFF1CAEE8(2d33ee8): Table: 0xE2073000 QuotaProcess: 0xFF1827E0 ProcessId: 3fc HandleCount: 24 CapturedHandleCount: 24 TableLevel: 2 StrictFIFO: No OBJECT: 0xE12FB190(19ef190) Type: 17 Section Object Header: 0xE12FB178 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE20149E8(3e029e8) BasedAddress: 0x099BCC20 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Apoint\Apntex.exe OBJECT: 0xFF182460(3f5b460) Type: 8 Event Object Header: 0xFF182448 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF184960(3e2f960) Type: 8 Event Object Header: 0xFF184948 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF186260(3d57260) Type: 8 Event Object Header: 0xFF186248 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF186508(3d57508) Type: 26 File Object Header: 0xFF1864F0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\Apoint\ OBJECT: 0xFF1CBDE0(2d34de0) Type: 8 Event Object Header: 0xFF1CBDC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE204AF50(3e90f50) Type: 19 Port Object Header: 0xE204AF38 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 000003FC.000003F8 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF1848E0(3e2f8e0) Type: 8 Event Object Header: 0xFF1848C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xE13AE660(2b89660) Type: 18 Key Object Header: 0xE13AE648 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF185020(3e21020) Type: 6 Thread Object Header: 0xFF185008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000003FC.000003E8 ThreadsProcess: 0xFF1827E0 OBJECT: 0xFF1861F0(3d571f0) Type: 8 Event Object Header: 0xFF1861D8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: Alps_Apfilter_APC_Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1861F0(3d571f0) Type: 8 Event Object Header: 0xFF1861D8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 2 Directory: 0xFCC61C10 Name: Alps_Apfilter_APC_Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xE1EB4C40(6bffc40) Type: 17 Section Object Header: 0xE1EB4C28 GrantedAccess: f001f PointerCount: 3 HandleCount: 2 Directory: 0xFCC61C10 Name: ALPS_GP_DRIVER_SCROLL SecurityDescriptor: 0xE1EE76B8(22526b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1321728(1a6d728) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF1494E0(54ca4e0) Type: 8 Event Object Header: 0xFF1494C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF167380(6627380) Type: 8 Event Object Header: 0xFF167368 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17FD60(406cd60) Type: 8 Event Object Header: 0xFF17FD48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) 28. TABLE: 0xFF18D248(3a3f248): Table: 0xE2088000 QuotaProcess: 0xFF177AC0 ProcessId: 428 HandleCount: 120 CapturedHandleCount: 120 TableLevel: 2 StrictFIFO: No OBJECT: 0xE130D970(1a30970) Type: 17 Section Object Header: 0xE130D958 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE2087C68(58a3c68) BasedAddress: 0x2E9FF430 SizeOfSegment: 0xc5000 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\PowerPanel\Program\PcfMgr.exe OBJECT: 0xFF1775A0(59015a0) Type: 8 Event Object Header: 0xFF177588 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF177560(5901560) Type: 8 Event Object Header: 0xFF177548 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF177520(5901520) Type: 8 Event Object Header: 0xFF177508 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF178AE8(33d1ae8) Type: 26 File Object Header: 0xFF178AD0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\ OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFF187EC0(3c41ec0) Type: 8 Event Object Header: 0xFF187EA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1FF4C50(40b4c50) Type: 19 Port Object Header: 0xE1FF4C38 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000428.00000424 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF17CC40(4292c40) Type: 8 Event Object Header: 0xFF17CC28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xE1EB7DA0(79ada0) Type: 18 Key Object Header: 0xE1EB7D88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF17CB40(4292b40) Type: 8 Event Object Header: 0xFF17CB28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EAD9A0(45639a0) Type: 18 Key Object Header: 0xE1EAD988 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xE130F860(1a38860) Type: 18 Key Object Header: 0xE130F848 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xE130F820(1a38820) Type: 18 Key Object Header: 0xE130F808 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE1EC6180(4e2e180) Type: 18 Key Object Header: 0xE1EC6168 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE1EB7D20(79ad20) Type: 18 Key Object Header: 0xE1EB7D08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF19AA40(385ca40) Type: 8 Event Object Header: 0xFF19AA28 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF178A20(33d1a20) Type: 8 Event Object Header: 0xFF178A08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EB4960(6bff960) Type: 18 Key Object Header: 0xE1EB4948 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE201A8C0(35108c0) Type: 18 Key Object Header: 0xE201A8A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF178860(33d1860) Type: 8 Event Object Header: 0xFF178848 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA31D68(104ed68) Type: 26 File Object Header: 0xFCA31D50 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF178AA0(33d1aa0) Type: 8 Event Object Header: 0xFF178A88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA31030(104e030) Type: 10 Mutant Object Header: 0xFCA31018 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: PhoenixPowerPanel SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xFF1729C0(b679c0) Type: 8 Event Object Header: 0xFF1729A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE12C5820(1907820) Type: 18 Key Object Header: 0xE12C5808 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xE2025780(39a5780) Type: 18 Key Object Header: 0xE2025768 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF172920(b67920) Type: 8 Event Object Header: 0xFF172908 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1728A0(b678a0) Type: 8 Event Object Header: 0xFF172888 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1330D00(1a92d00) Type: 18 Key Object Header: 0xE1330CE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE2026660(39f8660) Type: 18 Key Object Header: 0xE2026648 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF172800(b67800) Type: 8 Event Object Header: 0xFF1727E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2026760(39f8760) Type: 18 Key Object Header: 0xE2026748 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF172760(b67760) Type: 8 Event Object Header: 0xFF172748 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE20267A0(39f87a0) Type: 18 Key Object Header: 0xE2026788 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF1726C0(b676c0) Type: 8 Event Object Header: 0xFF1726A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2027800(39e4800) Type: 18 Key Object Header: 0xE20277E8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF172620(b67620) Type: 8 Event Object Header: 0xFF172608 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF172580(b67580) Type: 8 Event Object Header: 0xFF172568 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EC2020(4b04020) Type: 18 Key Object Header: 0xE1EC2008 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1724E0(b674e0) Type: 8 Event Object Header: 0xFF1724C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE20278E0(39e48e0) Type: 18 Key Object Header: 0xE20278C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF172440(b67440) Type: 8 Event Object Header: 0xFF172428 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2026920(39f8920) Type: 18 Key Object Header: 0xE2026908 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF1723A0(b673a0) Type: 8 Event Object Header: 0xFF172388 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF172280(b67280) Type: 8 Event Object Header: 0xFF172268 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF172200(b67200) Type: 8 Event Object Header: 0xFF1721E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF172240(b67240) Type: 8 Event Object Header: 0xFF172228 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF177740(5901740) Type: 6 Thread Object Header: 0xFF177728 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000424 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF1721C0(b671c0) Type: 8 Event Object Header: 0xFF1721A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF172140(b67140) Type: 8 Event Object Header: 0xFF172128 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E2E410(b27410) Type: 19 Port Object Header: 0xE1E2E3F8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000428.00000424 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE2083720(bbf720) Type: 19 Port Object Header: 0xE2083708 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCD642F0 Name: OLEe SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000428.00000424 ClientThread: 0x00000000 ServerProcess: 0xFF177AC0 OBJECT: 0xFCD24660(1341660) Type: 25 IoCompletion Object Header: 0xFCD24648 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFCD24660(1341660) Type: 25 IoCompletion Object Header: 0xFCD24648 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 2 OBJECT: 0xFF16C440(497a440) Type: 8 Event Object Header: 0xFF16C428 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF171600(eec600) Type: 8 Event Object Header: 0xFF1715E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF195B00(38ebb00) Type: 8 Event Object Header: 0xFF195AE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF170540(1a9d540) Type: 8 Event Object Header: 0xFF170528 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF238350(64a8350) Type: 10 Mutant Object Header: 0xFF238338 GrantedAccess: 1f0001 PointerCount: 4 HandleCount: 3 Directory: 0xFCC61C10 Name: DBWinMutex SecurityDescriptor: 0xE1336CF8(1ac3cf8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;SY)(A;;0x1f0001;;;BA) OBJECT: 0xFCA33910(1050910) Type: 8 Event Object Header: 0xFCA338F8 GrantedAccess: 1f0003 PointerCount: 14 HandleCount: 13 Directory: 0xFCC61C10 Name: userenv: User Profile setup event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) OBJECT: 0xE12C1FD0(18f7fd0) Type: 17 Section Object Header: 0xE12C1FB8 GrantedAccess: f0005 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE208F9E8(35ad9e8) BasedAddress: 0x2DC0D4D8 SizeOfSegment: 0x180000 SecurityDescriptor: (null) Path: HarddiskVolume1\PROGRA~1\COMMON~1\SONYSH~1\UILIBR~1\UILib.dll OBJECT: 0xFF22B908(4e36908) Type: 26 File Object Header: 0xFF22B8F0 GrantedAccess: 120089 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\PROGRA~1\COMMON~1\SONYSH~1\UILIBR~1\UILib.dll OBJECT: 0xE2051D90(39bed90) Type: 17 Section Object Header: 0xE2051D78 GrantedAccess: f0005 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1F6BBE8(25e3be8) BasedAddress: 0x2D71CCC0 SizeOfSegment: 0x40000 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\stdole2.tlb OBJECT: 0xFF166C68(7c66c68) Type: 26 File Object Header: 0xFF166C50 GrantedAccess: 120089 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\stdole2.tlb OBJECT: 0xFF1D1B80(22dbb80) Type: 10 Mutant Object Header: 0xFF1D1B68 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF179F20(4405f20) Type: 8 Event Object Header: 0xFF179F08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16B5E0(45e65e0) Type: 8 Event Object Header: 0xFF16B5C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15CE28(6368e28) Type: 26 File Object Header: 0xFF15CE10 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 0000001f OBJECT: 0xFF163510(5047510) Type: 8 Event Object Header: 0xFF1634F8 GrantedAccess: 1f0003 PointerCount: 4 HandleCount: 1 Directory: 0xFCC61C10 Name: SonyAsyncEvent10160 SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF15BB80(65f9b80) Type: 10 Mutant Object Header: 0xFF15BB68 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCC7130(12e4130) Type: 12 Semaphore Object Header: 0xFCCC7118 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 6 Directory: 0xFCC61C10 Name: shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF16A0E0(51c80e0) Type: 8 Event Object Header: 0xFF16A0C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A3030(362e030) Type: 12 Semaphore Object Header: 0xFF1A3018 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: PowerProfileRegistrySemaphore SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) OBJECT: 0xFF173548(25c5548) Type: 26 File Object Header: 0xFF173530 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 00000020 OBJECT: 0xFF16F0E0(45910e0) Type: 10 Mutant Object Header: 0xFF16F0C8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16AD40(51c8d40) Type: 8 Event Object Header: 0xFF16AD28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25FF30(1b16f30) Type: 8 Event Object Header: 0xFF25FF18 GrantedAccess: 100002 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: GuardEventmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D3DEB8(6947eb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xFF17A488(43d4488) Type: 26 File Object Header: 0xFF17A470 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: NamedPipe\ntsvcs OBJECT: 0xFF160120(708120) Type: 10 Mutant Object Header: 0xFF160108 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD6D750(138a750) Type: 12 Semaphore Object Header: 0xFCD6D738 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 5 Directory: 0xFCC61C10 Name: shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF170100(1a9d100) Type: 8 Event Object Header: 0xFF1700E8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF160C68(708c68) Type: 26 File Object Header: 0xFF160C50 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 00000020 OBJECT: 0xFF15FC60(54efc60) Type: 6 Thread Object Header: 0xFF15FC48 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.000003E4 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF155560(53cf560) Type: 8 Event Object Header: 0xFF155548 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2564D0(29044d0) Type: 10 Mutant Object Header: 0xFF2564B8 GrantedAccess: 100000 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: GuardMutexmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D3DE38(6947e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x100000;;;WD) OBJECT: 0xFF256AF0(2904af0) Type: 12 Semaphore Object Header: 0xFF256AD8 GrantedAccess: 100002 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: GuardSemmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D3DEB8(6947eb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xFCCC7190(12e4190) Type: 12 Semaphore Object Header: 0xFCCC7178 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: shell.{090851A5-EB96-11D2-8BE4-00C04FA31A66} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xE1D3DAC0(6947ac0) Type: 17 Section Object Header: 0xE1D3DAA8 GrantedAccess: 4 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: mmGlobalPnpInfo SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E8C208(6a9208) BasedAddress: 0x00000080 SizeOfSegment: 0x40000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48D80(7c38d80) Type: 17 Section Object Header: 0xE1E48D68 GrantedAccess: 6 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: WDMAUD_Callbacks SecurityDescriptor: 0xE1DD6D78(77f7d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;DCLC;;;WD) Segment: 0xE12DFF08(1970f08) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF225190(478b190) Type: 10 Mutant Object Header: 0xFF225178 GrantedAccess: 100000 PointerCount: 9 HandleCount: 8 Directory: 0xFCC61C10 Name: mxrapi SecurityDescriptor: 0xE12A58D8(18c88d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xFF1DC288(1da7288) Type: 26 File Object Header: 0xFF1DC270 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000001\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFF233530(6b8a530) Type: 8 Event Object Header: 0xFF233518 GrantedAccess: 100002 PointerCount: 9 HandleCount: 4 Directory: 0xFCC61C10 Name: mixercallback SecurityDescriptor: 0xE1E59F78(9eef78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xFF225190(478b190) Type: 10 Mutant Object Header: 0xFF225178 GrantedAccess: 100000 PointerCount: 9 HandleCount: 8 Directory: 0xFCC61C10 Name: mxrapi SecurityDescriptor: 0xE12A58D8(18c88d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xFF251030(4793030) Type: 8 Event Object Header: 0xFF251018 GrantedAccess: 100002 PointerCount: 10 HandleCount: 4 Directory: 0xFCC61C10 Name: hardwaremixercallback SecurityDescriptor: 0xE1E59F78(9eef78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xFF14D020(1fdf020) Type: 6 Thread Object Header: 0xFF14D008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.00000454 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF20E780(45b4780) Type: 8 Event Object Header: 0xFF20E768 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2090E0(1ad10e0) Type: 8 Event Object Header: 0xFF2090C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF208020(6b92020) Type: 8 Event Object Header: 0xFF208008 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF134020(58c7020) Type: 6 Thread Object Header: 0xFF134008 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000428.000002C8 ThreadsProcess: 0xFF177AC0 OBJECT: 0xFF14D2C0(1fdf2c0) Type: 8 Event Object Header: 0xFF14D2A8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF14D348(1fdf348) Type: 26 File Object Header: 0xFF14D330 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: 00000026 OBJECT: 0xFF2092A0(1ad12a0) Type: 8 Event Object Header: 0xFF209288 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF208FE0(6b92fe0) Type: 8 Event Object Header: 0xFF208FC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1D3D9D0(69479d0) Type: 19 Port Object Header: 0xE1D3D9B8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000428.0000041C ClientThread: 0x00000000 ServerProcess: 0x00000000 29. TABLE: 0xFF1B3008(2d4d008): Table: 0xE1C22000 QuotaProcess: 0xFF1CB020 ProcessId: 130 HandleCount: 195 CapturedHandleCount: 195 TableLevel: 2 StrictFIFO: No OBJECT: 0xE13B0DB0(2bf0db0) Type: 17 Section Object Header: 0xE13B0D98 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1C10008(66f1008) BasedAddress: 0x08D7BCA0 SizeOfSegment: 0x26b000 SecurityDescriptor: (null) Path: CdRom0\helix.exe OBJECT: 0xFF15E720(6430720) Type: 8 Event Object Header: 0xFF15E708 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF200380(4dd8380) Type: 8 Event Object Header: 0xFF200368 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF253F60(651f60) Type: 8 Event Object Header: 0xFF253F48 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF148680(26c9680) Type: 8 Event Object Header: 0xFF148668 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFF1761A0(591c1a0) Type: 8 Event Object Header: 0xFF176188 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EE3DF0(3089df0) Type: 19 Port Object Header: 0xE1EE3DD8 GrantedAccess: 1f0001 PointerCount: 9 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000130.00000244 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFF1F05A0(487e5a0) Type: 8 Event Object Header: 0xFF1F0588 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF135100(5922100) Type: 8 Event Object Header: 0xFF1350E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xE12CEE80(192ae80) Type: 18 Key Object Header: 0xE12CEE68 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE1399B40(29adb40) Type: 18 Key Object Header: 0xE1399B28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\ OBJECT: 0xE20667C0(3ab67c0) Type: 18 Key Object Header: 0xE20667A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE1ED6D40(5390d40) Type: 18 Key Object Header: 0xE1ED6D28 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Explorer\ OBJECT: 0xFF228DE0(4f13de0) Type: 8 Event Object Header: 0xFF228DC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF154EA0(4fcbea0) Type: 8 Event Object Header: 0xFF154E88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE210E020(76fe020) Type: 18 Key Object Header: 0xE210E008 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFF19A4A0(385c4a0) Type: 8 Event Object Header: 0xFF19A488 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19FF00(37d0f00) Type: 8 Event Object Header: 0xFF19FEE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE210EFA0(76fefa0) Type: 18 Key Object Header: 0xE210EF88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32\ OBJECT: 0xFF1CE280(2704280) Type: 8 Event Object Header: 0xFF1CE268 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22A520(4f61520) Type: 8 Event Object Header: 0xFF22A508 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xFF19D200(37bd200) Type: 8 Event Object Header: 0xFF19D1E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF139AE0(1bc6ae0) Type: 8 Event Object Header: 0xFF139AC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2118AC0(777fac0) Type: 18 Key Object Header: 0xE2118AA8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500_Classes\CLSID\ OBJECT: 0xE210E3C0(76fe3c0) Type: 18 Key Object Header: 0xE210E3A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF137520(3f2a520) Type: 8 Event Object Header: 0xFF137508 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E78DA0(f6cda0) Type: 18 Key Object Header: 0xE1E78D88 GrantedAccess: 2001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Internet Settings\ OBJECT: 0xFF154B28(4fcbb28) Type: 26 File Object Header: 0xFF154B10 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KsecDD OBJECT: 0xFF181EE0(4060ee0) Type: 8 Event Object Header: 0xFF181EC8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF180780(98d780) Type: 8 Event Object Header: 0xFF180768 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF25FF30(1b16f30) Type: 8 Event Object Header: 0xFF25FF18 GrantedAccess: 100002 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: GuardEventmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D3DEB8(6947eb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xFF2564D0(29044d0) Type: 10 Mutant Object Header: 0xFF2564B8 GrantedAccess: 100000 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: GuardMutexmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D3DE38(6947e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x100000;;;WD) OBJECT: 0xFF256AF0(2904af0) Type: 12 Semaphore Object Header: 0xFF256AD8 GrantedAccess: 100002 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: GuardSemmmGlobalPnpInfoGuard SecurityDescriptor: 0xE1D3DEB8(6947eb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) OBJECT: 0xE1D3DAC0(6947ac0) Type: 17 Section Object Header: 0xE1D3DAA8 GrantedAccess: 4 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: mmGlobalPnpInfo SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E8C208(6a9208) BasedAddress: 0x00000080 SizeOfSegment: 0x40000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section Object Header: 0xE1E48DE8 GrantedAccess: 4 PointerCount: 23 HandleCount: 22 Directory: 0xFCC61C10 Name: WDMAUD_Path_Size SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xE1E48D80(7c38d80) Type: 17 Section Object Header: 0xE1E48D68 GrantedAccess: 6 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: WDMAUD_Callbacks SecurityDescriptor: 0xE1DD6D78(77f7d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;DCLC;;;WD) Segment: 0xE12DFF08(1970f08) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 OBJECT: 0xFF225190(478b190) Type: 10 Mutant Object Header: 0xFF225178 GrantedAccess: 100000 PointerCount: 9 HandleCount: 8 Directory: 0xFCC61C10 Name: mxrapi SecurityDescriptor: 0xE12A58D8(18c88d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xFF1D93A8(1ee93a8) Type: 26 File Object Header: 0xFF1D9390 GrantedAccess: 12019f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000001\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFF233530(6b8a530) Type: 8 Event Object Header: 0xFF233518 GrantedAccess: 100002 PointerCount: 9 HandleCount: 4 Directory: 0xFCC61C10 Name: mixercallback SecurityDescriptor: 0xE1E59F78(9eef78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xFF225190(478b190) Type: 10 Mutant Object Header: 0xFF225178 GrantedAccess: 100000 PointerCount: 9 HandleCount: 8 Directory: 0xFCC61C10 Name: mxrapi SecurityDescriptor: 0xE12A58D8(18c88d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) OBJECT: 0xFF251030(4793030) Type: 8 Event Object Header: 0xFF251018 GrantedAccess: 100002 PointerCount: 10 HandleCount: 4 Directory: 0xFCC61C10 Name: hardwaremixercallback SecurityDescriptor: 0xE1E59F78(9eef78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) OBJECT: 0xFF12E620(664620) Type: 6 Thread Object Header: 0xFF12E608 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.0000027C ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF15C980(6368980) Type: 8 Event Object Header: 0xFF15C968 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15B780(65f9780) Type: 10 Mutant Object Header: 0xFF15B768 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15C1A0(63681a0) Type: 10 Mutant Object Header: 0xFF15C188 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF18A460(3a7e460) Type: 8 Event Object Header: 0xFF18A448 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15A7E0(23a87e0) Type: 8 Event Object Header: 0xFF15A7C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15CB00(6368b00) Type: 8 Event Object Header: 0xFF15CAE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15C280(6368280) Type: 8 Event Object Header: 0xFF15C268 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE20EA700(46db700) Type: 17 Section Object Header: 0xE20EA6E8 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: DirectSound Administrator shared thread array SecurityDescriptor: 0xE1EE76B8(22526b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1E30FA8(7b23fa8) BasedAddress: 0x00000080 SizeOfSegment: 0x5000 OBJECT: 0xFF20A7C0(7df07c0) Type: 8 Event Object Header: 0xFF20A7A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2F7C0(104c7c0) Type: 8 Event Object Header: 0xFCA2F7A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF218320(4b15320) Type: 8 Event Object Header: 0xFF218308 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2FD40(104cd40) Type: 8 Event Object Header: 0xFCA2FD28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15C860(6368860) Type: 8 Event Object Header: 0xFF15C848 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15C7E0(63687e0) Type: 8 Event Object Header: 0xFF15C7C8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15CF00(6368f00) Type: 8 Event Object Header: 0xFF15CEE8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF218D40(4b15d40) Type: 25 IoCompletion Object Header: 0xFF218D28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF218D40(4b15d40) Type: 25 IoCompletion Object Header: 0xFF218D28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 OBJECT: 0xFF15CF40(6368f40) Type: 8 Event Object Header: 0xFF15CF28 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12E8A0(6648a0) Type: 6 Thread Object Header: 0xFF12E888 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000244 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF15CEC0(6368ec0) Type: 8 Event Object Header: 0xFF15CEA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2FD80(104cd80) Type: 8 Event Object Header: 0xFCA2FD68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28EF10(7b2df10) Type: 10 Mutant Object Header: 0xFF28EEF8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: DirectSound Administrator shared thread array (lock) SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE21126A0(6a996a0) Type: 18 Key Object Header: 0xE2112688 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\SYSTEM\CurrentControlSet\Enum\PCI\VEN_8086&DEV_2445&SUBSYS_80E0104D&REV_03\3&61AAA01&0&FD\ OBJECT: 0xFCA2FDC0(104cdc0) Type: 8 Event Object Header: 0xFCA2FDA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF206200(515e200) Type: 8 Event Object Header: 0xFF2061E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15C820(6368820) Type: 8 Event Object Header: 0xFF15C808 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F3BC0(1d08bc0) Type: 8 Event Object Header: 0xFF1F3BA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F3CC0(1d08cc0) Type: 8 Event Object Header: 0xFF1F3CA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F3D80(1d08d80) Type: 8 Event Object Header: 0xFF1F3D68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF15F0A8(54ef0a8) Type: 26 File Object Header: 0xFF15F090 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000002\{9B365890-165F-11D0-A195-0020AFD156E4} OBJECT: 0xFF206140(515e140) Type: 8 Event Object Header: 0xFF206128 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F3C80(1d08c80) Type: 8 Event Object Header: 0xFF1F3C68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2F780(104c780) Type: 8 Event Object Header: 0xFCA2F768 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF20A880(7df0880) Type: 8 Event Object Header: 0xFF20A868 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2F740(104c740) Type: 8 Event Object Header: 0xFCA2F728 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF163940(5047940) Type: 8 Event Object Header: 0xFF163928 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16B400(45e6400) Type: 8 Event Object Header: 0xFF16B3E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF190D80(3a07d80) Type: 8 Event Object Header: 0xFF190D68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16B3A0(45e63a0) Type: 8 Event Object Header: 0xFF16B388 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16B220(45e6220) Type: 8 Event Object Header: 0xFF16B208 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1715C0(eec5c0) Type: 8 Event Object Header: 0xFF1715A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF16B280(45e6280) Type: 8 Event Object Header: 0xFF16B268 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF161420(57f2420) Type: 8 Event Object Header: 0xFF161408 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF164380(4873380) Type: 8 Event Object Header: 0xFF164368 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF190D40(3a07d40) Type: 8 Event Object Header: 0xFF190D28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA30C80(104dc80) Type: 8 Event Object Header: 0xFCA30C68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA30CC0(104dcc0) Type: 8 Event Object Header: 0xFCA30CA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA30C40(104dc40) Type: 8 Event Object Header: 0xFCA30C28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26CD60(fadd60) Type: 8 Event Object Header: 0xFF26CD48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26CD20(fadd20) Type: 8 Event Object Header: 0xFF26CD08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF26CBE0(fadbe0) Type: 8 Event Object Header: 0xFF26CBC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28FCA0(79f0ca0) Type: 8 Event Object Header: 0xFF28FC88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF28FA60(79f0a60) Type: 8 Event Object Header: 0xFF28FA48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F1F20(1d42f20) Type: 8 Event Object Header: 0xFF1F1F08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A3AE0(362eae0) Type: 8 Event Object Header: 0xFF1A3AC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF192B80(3992b80) Type: 8 Event Object Header: 0xFF192B68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF165CC0(4d87cc0) Type: 8 Event Object Header: 0xFF165CA8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF169700(49fd700) Type: 8 Event Object Header: 0xFF1696E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1669C0(7c669c0) Type: 8 Event Object Header: 0xFF1669A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F1EA0(1d42ea0) Type: 8 Event Object Header: 0xFF1F1E88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F1F60(1d42f60) Type: 8 Event Object Header: 0xFF1F1F48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF138360(1de6360) Type: 8 Event Object Header: 0xFF138348 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1356A0(59226a0) Type: 8 Event Object Header: 0xFF135688 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF19A460(385c460) Type: 8 Event Object Header: 0xFF19A448 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1A8E40(3492e40) Type: 8 Event Object Header: 0xFF1A8E28 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF17B1A0(43211a0) Type: 8 Event Object Header: 0xFF17B188 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF139A20(1bc6a20) Type: 8 Event Object Header: 0xFF139A08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1396C0(1bc66c0) Type: 8 Event Object Header: 0xFF1396A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF13AEA0(38adea0) Type: 8 Event Object Header: 0xFF13AE88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF178640(33d1640) Type: 8 Event Object Header: 0xFF178628 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF2371E0(646c1e0) Type: 8 Event Object Header: 0xFF2371C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF135E20(5922e20) Type: 8 Event Object Header: 0xFF135E08 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1346C0(58c76c0) Type: 8 Event Object Header: 0xFF1346A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF13A1A0(38ad1a0) Type: 8 Event Object Header: 0xFF13A188 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF138520(1de6520) Type: 8 Event Object Header: 0xFF138508 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF22A4E0(4f614e0) Type: 8 Event Object Header: 0xFF22A4C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF147200(2ce4200) Type: 8 Event Object Header: 0xFF1471E8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1529C0(21ce9c0) Type: 8 Event Object Header: 0xFF1529A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF132380(6678380) Type: 8 Event Object Header: 0xFF132368 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1688C0(53db8c0) Type: 8 Event Object Header: 0xFF1688A8 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12E3A0(6643a0) Type: 6 Thread Object Header: 0xFF12E388 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000144 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF219FD0(4571fd0) Type: 10 Mutant Object Header: 0xFF219FB8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: DirectSound Administrator capture focus array (lock) SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) OBJECT: 0xE211A460(7789460) Type: 18 Key Object Header: 0xE211A448 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\SYSTEM\CurrentControlSet\Enum\PCI\VEN_8086&DEV_2445&SUBSYS_80E0104D&REV_03\3&61AAA01&0&FD\DirectSound\ OBJECT: 0xFCD4A028(1367028) Type: 26 File Object Header: 0xFCD4A010 GrantedAccess: 120116 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000002{146F1A80-4791-11D0-A5D6-28DB04C10000}\ f‡ÎbÏ¥Ö(ÛÁ OBJECT: 0xE1E8C760(6a9760) Type: 17 Section Object Header: 0xE1E8C748 GrantedAccess: f0007 PointerCount: 2 HandleCount: 1 Directory: 0xFCC61C10 Name: DirectSound Administrator capture focus array SecurityDescriptor: 0xE1EE76B8(22526b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE2114FA8(6b26fa8) BasedAddress: 0x00000080 SizeOfSegment: 0x4000 OBJECT: 0xFF195C60(38ebc60) Type: 8 Event Object Header: 0xFF195C48 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF195C20(38ebc20) Type: 8 Event Object Header: 0xFF195C08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF12A8A0(49328a0) Type: 6 Thread Object Header: 0xFF12A888 GrantedAccess: 1f03ff PointerCount: 5 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.0000018C ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF136280(3629280) Type: 8 Event Object Header: 0xFF136268 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1D6628(202e628) Type: 26 File Object Header: 0xFF1D6610 GrantedAccess: 120116 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Path: KSENUM#00000002{146F1A80-4791-11D0-A5D6-28DB04C10000}\ f‡ÎbÏ¥Ö(ÛÁ OBJECT: 0xFF111020(35d6020) Type: 6 Thread Object Header: 0xFF111008 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.000004EC ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF111DA0(35d6da0) Type: 6 Thread Object Header: 0xFF111D88 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000300 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF1A64E0(35064e0) Type: 8 Event Object Header: 0xFF1A64C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCCC7130(12e4130) Type: 12 Semaphore Object Header: 0xFCCC7118 GrantedAccess: 1f0003 PointerCount: 7 HandleCount: 6 Directory: 0xFCC61C10 Name: shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFCD6D750(138a750) Type: 12 Semaphore Object Header: 0xFCD6D738 GrantedAccess: 1f0003 PointerCount: 6 HandleCount: 5 Directory: 0xFCC61C10 Name: shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1F1080(1d42080) Type: 8 Event Object Header: 0xFF1F1068 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EB840(49a7840) Type: 8 Event Object Header: 0xFF1EB828 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1338D00(1aa6d00) Type: 18 Key Object Header: 0xE1338CE8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xE2114AE0(6b26ae0) Type: 18 Key Object Header: 0xE2114AC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xE21128C0(6a998c0) Type: 18 Key Object Header: 0xE21128A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF1EAC80(17dc80) Type: 8 Event Object Header: 0xFF1EAC68 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F0560(487e560) Type: 8 Event Object Header: 0xFF1F0548 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2114CE0(6b26ce0) Type: 18 Key Object Header: 0xE2114CC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\ OBJECT: 0xE21170C0(6a420c0) Type: 18 Key Object Header: 0xE21170A8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1F01C0(487e1c0) Type: 8 Event Object Header: 0xFF1F01A8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE211CFA0(7760fa0) Type: 18 Key Object Header: 0xE211CF88 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFF1F0280(487e280) Type: 8 Event Object Header: 0xFF1F0268 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE21171E0(6a421e0) Type: 18 Key Object Header: 0xE21171C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\ OBJECT: 0xFF1EEFA0(1cc0fa0) Type: 8 Event Object Header: 0xFF1EEF88 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE211A2E0(77892e0) Type: 18 Key Object Header: 0xE211A2C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1A7240(34bf240) Type: 8 Event Object Header: 0xFF1A7228 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1F0380(487e380) Type: 8 Event Object Header: 0xFF1F0368 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E7AD20(24fd20) Type: 18 Key Object Header: 0xE1E7AD08 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1F0140(487e140) Type: 8 Event Object Header: 0xFF1F0128 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE133C220(1aac220) Type: 18 Key Object Header: 0xE133C208 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\MICROSOFT\COM3\ OBJECT: 0xFF1F49E0(1d049e0) Type: 8 Event Object Header: 0xFF1F49C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EC2820(4b04820) Type: 18 Key Object Header: 0xE1EC2808 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\ OBJECT: 0xFCDC73A0(13e43a0) Type: 8 Event Object Header: 0xFCDC7388 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section Object Header: 0xE1E6CFA8 GrantedAccess: 4 PointerCount: 18 HandleCount: 17 Directory: 0xFCC61C10 Name: __R_0000000000d4_SMem__ SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb OBJECT: 0xFF1497A0(54ca7a0) Type: 8 Event Object Header: 0xFF149788 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2057F50(3a2ff50) Type: 19 Port Object Header: 0xE2057F38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000130.00000244 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xE1F4AA00(4bffa00) Type: 19 Port Object Header: 0xE1F4A9E8 GrantedAccess: 1f0001 PointerCount: 5 HandleCount: 1 Directory: 0xFCD642F0 Name: OLE13 SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000130.00000244 ClientThread: 0x00000000 ServerProcess: 0xFF1CB020 OBJECT: 0xFCCC7190(12e4190) Type: 12 Semaphore Object Header: 0xFCCC7178 GrantedAccess: 1f0003 PointerCount: 5 HandleCount: 4 Directory: 0xFCC61C10 Name: shell.{090851A5-EB96-11D2-8BE4-00C04FA31A66} SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) OBJECT: 0xFF1F05E0(487e5e0) Type: 10 Mutant Object Header: 0xFF1F05C8 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF142488(422c488) Type: 26 File Object Header: 0xFF142470 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0\AutoPlay\Images OBJECT: 0xFF163980(5047980) Type: 8 Event Object Header: 0xFF163968 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF191B08(39b1b08) Type: 26 File Object Header: 0xFF191AF0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0\ OBJECT: 0xFF284120(a93120) Type: 8 Event Object Header: 0xFF284108 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF141288(319a288) Type: 26 File Object Header: 0xFF141270 GrantedAccess: 100001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0\AutoPlay\Images OBJECT: 0xFF208C20(6b92c20) Type: 8 Event Object Header: 0xFF208C08 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF13A1E0(38ad1e0) Type: 8 Event Object Header: 0xFF13A1C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF218880(4b15880) Type: 8 Event Object Header: 0xFF218868 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1DA020(1f40020) Type: 6 Thread Object Header: 0xFF1DA008 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 000002D8.000003CC ThreadsProcess: 0xFF1906A0 OBJECT: 0xE1FF6290(3ca6290) Type: 19 Port Object Header: 0xE1FF6278 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 00000130.000001F0 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF163F88(5047f88) Type: 26 File Object Header: 0xFF163F70 GrantedAccess: 120089 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0\AutoPlay\Audio\High1.ogg OBJECT: 0xFF13A800(38ad800) Type: 6 Thread Object Header: 0xFF13A7E8 GrantedAccess: 1f03ff PointerCount: 4 HandleCount: 2 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 00000130.00000464 ThreadsProcess: 0xFF1CB020 OBJECT: 0xFF208BA0(6b92ba0) Type: 8 Event Object Header: 0xFF208B88 GrantedAccess: 1f0003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1ED9E0(48ca9e0) Type: 6 Thread Object Header: 0xFF1ED9C8 GrantedAccess: 1f03ff PointerCount: 6 HandleCount: 3 SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Cid: 0000041C.000003A4 ThreadsProcess: 0xFF19C020 OBJECT: 0xFF208B20(6b92b20) Type: 8 Event Object Header: 0xFF208B08 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) 30. TABLE: 0xFF146668(2ee3668): Table: 0xE1C52000 QuotaProcess: 0xFF1906A0 ProcessId: 2d8 HandleCount: 22 CapturedHandleCount: 22 TableLevel: 2 StrictFIFO: No OBJECT: 0xE2114590(6b26590) Type: 17 Section Object Header: 0xE2114578 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1F2BD08(64b9d08) BasedAddress: 0x09814420 SizeOfSegment: 0x48000 SecurityDescriptor: (null) Path: CdRom0\Shells\cmd2k.exe OBJECT: 0xFF17FFA0(406cfa0) Type: 8 Event Object Header: 0xFF17FF88 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF1EB880(49a7880) Type: 8 Event Object Header: 0xFF1EB868 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF20EC00(45b4c00) Type: 8 Event Object Header: 0xFF20EBE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF142888(422c888) Type: 26 File Object Header: 0xFF142870 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0\Shells OBJECT: 0xFF1A5460(3524460) Type: 8 Event Object Header: 0xFF1A5448 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1FFDF50(3d3ef50) Type: 19 Port Object Header: 0xE1FFDF38 GrantedAccess: 1f0001 PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Creator: 000002D8.000003CC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFF2050E0(49d80e0) Type: 8 Event Object Header: 0xFF2050C8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF1F0F00(487ef00) Type: 8 Event Object Header: 0xFF1F0EE8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xE211D780(76f8780) Type: 18 Key Object Header: 0xE211D768 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFF2053A0(49d83a0) Type: 8 Event Object Header: 0xFF205388 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE2114420(6b26420) Type: 18 Key Object Header: 0xE2114408 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\ OBJECT: 0xE211C7E0(77607e0) Type: 18 Key Object Header: 0xE211C7C8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE2115660(63c9660) Type: 18 Key Object Header: 0xE2115648 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\ OBJECT: 0xE211C7A0(77607a0) Type: 18 Key Object Header: 0xE211C788 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\ 31. TABLE: 0xFF163008(5047008): Table: 0xE1CAB000 QuotaProcess: 0xFF19C020 ProcessId: 41c HandleCount: 23 CapturedHandleCount: 23 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1FE4C10(3ae5c10) Type: 17 Section Object Header: 0xE1FE4BF8 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1F2BD08(64b9d08) BasedAddress: 0x09814420 SizeOfSegment: 0x48000 SecurityDescriptor: (null) Path: CdRom0\Shells\cmd2k.exe OBJECT: 0xFCC80EC0(129dec0) Type: 8 Event Object Header: 0xFCC80EA8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC5C100(1279100) Type: 8 Event Object Header: 0xFCC5C0E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC8D800(12aa800) Type: 8 Event Object Header: 0xFCC8D7E8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF157F88(4054f88) Type: 26 File Object Header: 0xFF157F70 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0\Shells OBJECT: 0xFCD62480(137f480) Type: 8 Event Object Header: 0xFCD62468 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xE1E30E70(7b23e70) Type: 19 Port Object Header: 0xE1E30E58 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 0000041C.000003A4 ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xFCC81880(129e880) Type: 8 Event Object Header: 0xFCC81868 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF162DE0(51d3de0) Type: 8 Event Object Header: 0xFF162DC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 3 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xE2046080(39f9080) Type: 18 Key Object Header: 0xE2046068 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFCA30620(104d620) Type: 8 Event Object Header: 0xFCA30608 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE1EC1AA0(b1baa0) Type: 18 Key Object Header: 0xE1EC1A88 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\ OBJECT: 0xE1EC1AE0(b1bae0) Type: 18 Key Object Header: 0xE1EC1AC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\USER\S-1-5-21-791032918-1291200457-768897840-500\ OBJECT: 0xE1EC1A60(b1ba60) Type: 18 Key Object Header: 0xE1EC1A48 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\ OBJECT: 0xE1EE0340(571a340) Type: 18 Key Object Header: 0xE1EE0328 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\ OBJECT: 0xFF151B40(1e44b40) Type: 5 Process Object Header: 0xFF151B28 GrantedAccess: 1f0fff PointerCount: 10 HandleCount: 3 SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) ImageFileName: dd.exe 32. TABLE: 0xFF133AE8(6673ae8): Table: 0xE1CC5000 QuotaProcess: 0xFF151B40 ProcessId: 4a4 HandleCount: 27 CapturedHandleCount: 27 TableLevel: 2 StrictFIFO: No OBJECT: 0xE1EF3C70(50edc70) Type: 17 Section Object Header: 0xE1EF3C58 GrantedAccess: f001f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Segment: 0xE1F00F48(4e7af48) BasedAddress: 0x08E0A430 SizeOfSegment: 0xe000 SecurityDescriptor: (null) Path: CdRom0\Acquisition\FAU\dd.exe OBJECT: 0xFCA31D00(104ed00) Type: 8 Event Object Header: 0xFCA31CE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCD28680(1345680) Type: 8 Event Object Header: 0xFCD28668 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA2EC00(104bc00) Type: 8 Event Object Header: 0xFCA2EBE8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCC82930(129f930) Type: 2 Directory Object Header: 0xFCC82918 GrantedAccess: 3 PointerCount: 57 HandleCount: 30 Directory: 0xFCE00850 Name: KnownDlls SecurityDescriptor: 0xE100DAB8(1610ab8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCRC;;;RC)(A;;CCDCLCSWSDRCWDWO;;;BA)(A;OICIIO;GXGWGR;;;WD)(A;OICIIO;GXGWGR;;;RC)(A;OICIIO;GA;;;BA) FullPath: \KnownDlls OBJECT: 0xFF141EE8(319aee8) Type: 26 File Object Header: 0xFF141ED0 GrantedAccess: 100020 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: CdRom0\Shells OBJECT: 0xFCC90030(12ad030) Type: 2 Directory Object Header: 0xFCC90018 GrantedAccess: f000f PointerCount: 33 HandleCount: 29 Directory: 0xFCE00850 Name: Windows SecurityDescriptor: 0xE1D393D8(689e3d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY) FullPath: \Windows OBJECT: 0xFF1D9360(1ee9360) Type: 8 Event Object Header: 0xFF1D9348 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xE13941F0(29761f0) Type: 19 Port Object Header: 0xE13941D8 GrantedAccess: 1f0001 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) Creator: 000004A4.000003AC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant Object Header: 0xFCDA5608 GrantedAccess: 1 PointerCount: 31 HandleCount: 30 Directory: 0xFCE00850 Name: NlsCacheMutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) OBJECT: 0xE1320370(1a6a370) Type: 17 Section Object Header: 0xE1320358 GrantedAccess: f001f PointerCount: 29 HandleCount: 28 SecurityDescriptor: (null) Segment: 0xE1D1F788(66a5788) BasedAddress: 0x00000080 SizeOfSegment: 0x43000 OBJECT: 0xFF1A16E0(36ee6e0) Type: 8 Event Object Header: 0xFF1A16C8 GrantedAccess: 100003 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFF162DE0(51d3de0) Type: 8 Event Object Header: 0xFF162DC8 GrantedAccess: 1f0003 PointerCount: 3 HandleCount: 3 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFF15EFE0(6430fe0) Type: 8 Event Object Header: 0xFF15EFC8 GrantedAccess: 1f0003 PointerCount: 2 HandleCount: 1 SecurityDescriptor: (null) OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation Object Header: 0xFCA32D80 GrantedAccess: f037f PointerCount: 65 HandleCount: 42 Directory: 0xFCC5FD10 Name: WinSta0 OBJECT: 0xFCA2D4D8(104a4d8) Type: 16 Desktop Object Header: 0xFCA2D4C0 GrantedAccess: f01ff PointerCount: 1112 HandleCount: 26 Directory: 0x00000000 Name: Default OBJECT: 0xE1D52DE0(6a6cde0) Type: 18 Key Object Header: 0xE1D52DC8 GrantedAccess: f003f PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\ OBJECT: 0xFCC61C10(127ec10) Type: 2 Directory Object Header: 0xFCC61BF8 GrantedAccess: 2000f PointerCount: 196 HandleCount: 26 Directory: 0xFCE00850 Name: BaseNamedObjects SecurityDescriptor: 0xE1D40AF8(6970af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWSDRCWDWO;;;SY)(A;;DC;;;RC) FullPath: \BaseNamedObjects OBJECT: 0xE20AF8A0(4c6c8a0) Type: 18 Key Object Header: 0xE20AF888 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\ OBJECT: 0xE20AF860(4c6c860) Type: 18 Key Object Header: 0xE20AF848 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\ OBJECT: 0xE20570C0(3a2f0c0) Type: 18 Key Object Header: 0xE20570A8 GrantedAccess: 20019 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Path: REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\ OBJECT: 0xFF170388(1a9d388) Type: 26 File Object Header: 0xFF170370 GrantedAccess: 12019f PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) Path: HarddiskVolume3\intrusion2005\memory-audit.log OBJECT: 0xFF170388(1a9d388) Type: 26 File Object Header: 0xFF170370 GrantedAccess: 12019f PointerCount: 2 HandleCount: 2 SecurityDescriptor: (null) Path: HarddiskVolume3\intrusion2005\memory-audit.log OBJECT: 0xE10010E0(159b0e0) Type: 17 Section Object Header: 0xE10010C8 GrantedAccess: 4 PointerCount: 3 HandleCount: 1 Directory: 0xFCDFD570 Name: PhysicalMemory SecurityDescriptor: 0xE1008B78(15d9b78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;CCLCSWRC;;;BA) Segment: 0xE10007E8(159a7e8) OBJECT: 0xE207CF50(438cf50) Type: 19 Port Object Header: 0xE207CF38 GrantedAccess: 1f0001 PointerCount: 1 HandleCount: 1 SecurityDescriptor: (null) Creator: 000004A4.000003AC ClientThread: 0x00000000 ServerProcess: 0x00000000 OBJECT: 0xFF18C7C8(3a597c8) Type: 26 File Object Header: 0xFF18C7B0 GrantedAccess: 12019f PointerCount: 3 HandleCount: 1 SecurityDescriptor: (null) Path: HarddiskVolume3\intrusion2005\memory-image.dd Handle Tables: 32 ObpRootDirectoryObject: 0x8046AE28(46ae28) \ Directory: 0xFCE00850(141d850) \SeLsaCommandPort OBJECT: 0xE1E38DC0(7b5fdc0) Type: 19 Port SecurityDescriptor: 0xE131B438(1a3b438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000F0.000000EC ClientThread: 0x00000000 ServerProcess: 0xFCA2A500 \REGISTRY OBJECT: 0xE10087F0(15d97f0) Type: 18 Key SecurityDescriptor: (null) Path: REGISTRY\ \XactSrvLpcPort OBJECT: 0xE1E2DB40(79afb40) Type: 19 Port SecurityDescriptor: 0xE131B438(1a3b438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000E4.00000208 ClientThread: 0x00000000 ServerProcess: 0xFCA2BBC0 \DbgUiApiPort OBJECT: 0xE1D398A0(689e8a0) Type: 19 Port SecurityDescriptor: 0xE137A9D8(281b9d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD) Creator: 00000098.00000094 ClientThread: 0x00000000 ServerProcess: 0xFCD64D60 \DosDevices OBJECT: 0xFCE00510(141d510) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007C38(15a8c38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;OICIIO;GX;;;WD)(A;OICIIO;GA;;;BA)(A;OICIIO;GA;;;SY)(A;OICIIO;GA;;;CO) Target: \?? \SeRmCommandPort OBJECT: 0xE130EE20(1a37e20) Type: 19 Port SecurityDescriptor: 0xE131B438(1a3b438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 00000008.00000004 ClientThread: 0x00000000 ServerProcess: 0xFCE00C60 \LsaAuthenticationPort OBJECT: 0xE1E4CCC0(908cc0) Type: 19 Port SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000000F0.00000120 ClientThread: 0x00000000 ServerProcess: 0xFCA2A500 \NlsCacheMutant OBJECT: 0xFCDA5620(13c2620) Type: 10 Mutant SecurityDescriptor: 0xE1D3F4D8(692f4d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD) \LanmanServerAnnounceEvent OBJECT: 0xFCD67A10(1384a10) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \Dfs OBJECT: 0xFCDA5F10(13c2f10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD4E6D0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25788 Mup.sys \DbgSsApiPort OBJECT: 0xE1CEF5A0(633d5a0) Type: 19 Port SecurityDescriptor: 0xE137A9D8(281b9d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD) Creator: 00000098.00000094 ClientThread: 0x00000000 ServerProcess: 0xFCD64D60 \SAM_SERVICE_STARTED OBJECT: 0xFF27DBD0(b4fbd0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \SmApiPort OBJECT: 0xE13D1F40(4450f40) Type: 19 Port SecurityDescriptor: 0xE13C5C38(2cf2c38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCRC;;;RC)(A;;0x1f0001;;;BA) Creator: 00000098.00000094 ClientThread: 0x00000000 ServerProcess: 0xFCD64D60 \Fat OBJECT: 0xFCD50750(136d750) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD4E470 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE259A8 Fastfat.sys \ErrorLogPort OBJECT: 0xE1E64780(9cb780) Type: 19 Port SecurityDescriptor: 0xE131B438(1a3b438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000E4.00000168 ClientThread: 0x00000000 ServerProcess: 0xFCA2BBC0 \SystemRoot OBJECT: 0xFCDFD8D0(141a8d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE13B1678(2c13678) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCSDRCWDWO;;;SY)(A;;CCRC;;;BA) Target: \Device\Harddisk0\Partition1\WINNT \Cdfs OBJECT: 0xFF1FCA70(198aa70) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF1FCB90 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF1FDB08 \SystemRoot\System32\Drivers\Cdfs.SYS \EFSInitEvent OBJECT: 0xFF283670(a77670) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \SeLsaInitEvent OBJECT: 0xFCC83470(12a0470) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \UniqueSessionIdEvent OBJECT: 0xFCD5FF10(137cf10) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \ArcName\ Directory: 0xFCDFD650(141a650) \ArcName\multi(0)disk(0)rdisk(0) OBJECT: 0xFCD4E5F0(136b5f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk0\Partition0 \ArcName\multi(0)disk(0)rdisk(0)partition(1) OBJECT: 0xFCD4E570(136b570) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk0\Partition1 \ArcName\multi(0)disk(0)fdisk(0) OBJECT: 0xFCD3CF70(1359f70) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Floppy0 \ArcName\multi(0)disk(0)rdisk(0)partition(2) OBJECT: 0xFCDA53D0(13c23d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk0\Partition2 \NLS\ Directory: 0xFCC616C0(127e6c0) \NLS\NlsSectionCType OBJECT: 0xE1D40220(6970220) Type: 17 Section SecurityDescriptor: 0xE1D405F8(69705f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D3F548(692f548) BasedAddress: 0x2DC21CC0 SizeOfSegment: 0x1b9e SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\ctype.nls \NLS\NlsSectionSortTbls OBJECT: 0xE1D421C0(695b1c0) Type: 17 Section SecurityDescriptor: 0xE1D405F8(69705f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D40188(6970188) BasedAddress: 0x2EC10CC8 SizeOfSegment: 0x3580 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\sorttbls.nls \NLS\NlsSectionSortkey OBJECT: 0xE1D41FC0(697ffc0) Type: 17 Section SecurityDescriptor: 0xE1D405F8(69705f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D41008(697f008) BasedAddress: 0x2EC0ECC8 SizeOfSegment: 0x40004 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\sortkey.nls \NLS\NlsSectionLocale OBJECT: 0xE1D40420(6970420) Type: 17 Section SecurityDescriptor: 0xE1D405F8(69705f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D40468(6970468) BasedAddress: 0x2DC314D8 SizeOfSegment: 0x2eeec SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\locale.nls \NLS\NlsSectionUnicode OBJECT: 0xE1D42040(695b040) Type: 17 Section SecurityDescriptor: 0xE1D405F8(69705f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCLCRC;;;WD) Segment: 0xE1D3F0E8(692f0e8) BasedAddress: 0x2D7BD4D8 SizeOfSegment: 0x15df4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\System32\unicode.nls \Driver\ Directory: 0xFCDF8310(1415310) \Driver\WMI OBJECT: 0xFCDF4A30(1411a30) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Driver\KSecDD OBJECT: 0xFCD50650(136d650) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25928 KSecDD.sys \Driver\NDIS OBJECT: 0xFCD4E8F0(136b8f0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE258A8 NDIS.sys \Driver\Beep OBJECT: 0xFCD8E5D0(13ab5d0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD8E708 \SystemRoot\System32\Drivers\Beep.SYS \Driver\V124 OBJECT: 0xFF217E50(53cae50) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF1FEF08 \SystemRoot\System32\DRIVERS\v124nt.sys \Driver\Raspti OBJECT: 0xFCD253B0(13423b0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD25548 \SystemRoot\System32\DRIVERS\raspti.sys \Driver\Mouclass OBJECT: 0xFCD4BED0(1368ed0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA3428 \SystemRoot\System32\DRIVERS\mouclass.sys \Driver\Diskperf OBJECT: 0xFCD59570(1376570) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25008 Diskperf.sys \Driver\Kbdclass OBJECT: 0xFCDC6810(13e3810) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC69E8 \SystemRoot\System32\DRIVERS\kbdclass.sys \Driver\Compbatt OBJECT: 0xFCD2B670(1348670) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26D68 compbatt.sys \Driver\NDProxy OBJECT: 0xFCD9A3D0(13b73d0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD9A568 \SystemRoot\System32\Drivers\NDProxy.SYS \Driver\VgaSave OBJECT: 0xFCCC87D0(12e57d0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC8A88 \SystemRoot\System32\drivers\vga.sys \Driver\MountMgr OBJECT: 0xFCDAEA30(13cba30) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25D88 MountMgr.sys \Driver\Ptilink OBJECT: 0xFCD25030(1342030) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD451E8 \SystemRoot\System32\DRIVERS\ptilink.sys \Driver\SonyUSBL OBJECT: 0xFCD963F0(13b33f0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD96A28 \SystemRoot\System32\DRIVERS\SonyUSBL.sys \Driver\wdmaud OBJECT: 0xFF2507D0(7c77d0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF250B88 \SystemRoot\system32\drivers\wdmaud.sys \Driver\ohci1394 OBJECT: 0xFCD57590(1374590) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26E88 ohci1394.sys \Driver\Aspi32 OBJECT: 0xFF26A030(f99030) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF26B1C8 \SystemRoot\System32\Drivers\Aspi32.SYS \Driver\SoftFax OBJECT: 0xFF2253F0(478b3f0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF225788 \SystemRoot\System32\DRIVERS\faxnt.sys \Driver\isapnp OBJECT: 0xFCD2EB70(134bb70) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F08 isapnp.sys \Driver\atapi OBJECT: 0xFCDAE730(13cb730) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25CE8 atapi.sys \Driver\E100B OBJECT: 0xFCD28390(1345390) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD284C8 \SystemRoot\System32\DRIVERS\e100bnt5.sys \Driver\K56 OBJECT: 0xFF250D50(7c7d50) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF253708 \SystemRoot\System32\DRIVERS\k56nt.sys \Driver\dmio OBJECT: 0xFCD59470(1376470) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25FA8 dmio.sys \Driver\USBSTOR OBJECT: 0xFCD31910(134e910) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD97DA8 \SystemRoot\System32\DRIVERS\USBSTOR.SYS \Driver\RasAcd OBJECT: 0xFCD8DBD0(13aabd0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD8DD68 \SystemRoot\System32\DRIVERS\rasacd.sys \Driver\DFRWSDRV2005 OBJECT: 0xFF25C490(1982490) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25C7E8 \??\c:\winnt\system32\dfrwsdrv.sys \Driver\uhcd OBJECT: 0xFCD47B10(1364b10) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD47EE8 \SystemRoot\System32\DRIVERS\uhcd.sys \Driver\audstub OBJECT: 0xFCDC0750(13dd750) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC08E8 \SystemRoot\System32\DRIVERS\audstub.sys \Driver\Win32k OBJECT: 0xFCA2E430(104b430) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Driver\winachsf OBJECT: 0xFCDC17D0(13de7d0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC1948 \SystemRoot\System32\DRIVERS\winachsf.sys \Driver\swenum OBJECT: 0xFCD44750(1361750) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD448E8 \SystemRoot\System32\DRIVERS\swenum.sys \Driver\usbhub OBJECT: 0xFCDB0110(13cd110) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD3C4E8 \SystemRoot\System32\DRIVERS\usbhub.sys \Driver\Update OBJECT: 0xFCD24B70(1341b70) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD24D08 \SystemRoot\System32\DRIVERS\update.sys \Driver\Ftdisk OBJECT: 0xFCD59C90(1376c90) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27D28 ftdisk.sys \Driver\smwdm OBJECT: 0xFCDC2AF0(13dfaf0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD471E8 \SystemRoot\system32\drivers\smwdm.sys \Driver\Modem OBJECT: 0xFCDC1410(13de410) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC1548 \SystemRoot\System32\Drivers\Modem.SYS \Driver\sysaudio OBJECT: 0xFF24AE50(3bde50) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24E528 \SystemRoot\system32\drivers\sysaudio.sys \Driver\Fdc OBJECT: 0xFCD48690(1365690) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD48828 \SystemRoot\System32\DRIVERS\fdc.sys \Driver\Rasl2tp OBJECT: 0xFCD46770(1363770) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD46908 \SystemRoot\System32\DRIVERS\rasl2tp.sys \Driver\AmosNT OBJECT: 0xFF26B510(250510) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF26B6E8 \SystemRoot\System32\DRIVERS\amosnt.sys \Driver\Ich OBJECT: 0xFF24E930(7d47930) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24ED08 \SystemRoot\System32\DRIVERS\Ich.sys \Driver\ACPIEC OBJECT: 0xFCDA77D0(13c47d0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25E88 ACPIEC.sys \Driver\ParVdm OBJECT: 0xFF275030(dbd030) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF26C9C8 \SystemRoot\System32\Drivers\ParVdm.SYS \Driver\Fallback OBJECT: 0xFF2527B0(7c87b0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25E848 \SystemRoot\System32\DRIVERS\fallback.sys \Driver\ACPI_HAL OBJECT: 0xFCDF4B30(1411b30) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Driver\serenum OBJECT: 0xFCD49B50(1366b50) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD49D88 \SystemRoot\System32\DRIVERS\serenum.sys \Driver\PptpMiniport OBJECT: 0xFCD45C10(1362c10) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD45FA8 \SystemRoot\System32\DRIVERS\raspptp.sys \Driver\NetBT OBJECT: 0xFCD8B470(13a8470) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC8EFA8 \SystemRoot\System32\DRIVERS\netbt.sys \Driver\PCIIde OBJECT: 0xFCDABDD0(13c8dd0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27F48 PCIIde.sys \Driver\va16w2 OBJECT: 0xFCD29210(1346210) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25B48 va16w2.sys \Driver\Cdrom OBJECT: 0xFCD28030(1345030) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC7308 \SystemRoot\System32\DRIVERS\cdrom.sys \Driver\Tones OBJECT: 0xFF24D170(766170) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24DAC8 \SystemRoot\System32\DRIVERS\tonesnt.sys \Driver\Pcmcia OBJECT: 0xFCD59D90(1376d90) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27DA8 pcmcia.sys \Driver\va32w2 OBJECT: 0xFCD29450(1346450) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25C68 va32w2.sys \Driver\SNC OBJECT: 0xFCD4A590(1367590) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD4A728 \SystemRoot\System32\Drivers\SonyNC.sys \Driver\kmixer OBJECT: 0xFF227030(4ff5030) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF226168 \SystemRoot\system32\drivers\kmixer.sys \Driver\mnmdd OBJECT: 0xFCCC7210(12e4210) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC73A8 \SystemRoot\System32\Drivers\mnmdd.SYS \Driver\Tcpip OBJECT: 0xFCCC5E10(12e2e10) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC5FA8 \SystemRoot\System32\DRIVERS\tcpip.sys \Driver\Wanarp OBJECT: 0xFCC8D6F0(12aa6f0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC8D848 \SystemRoot\System32\DRIVERS\wanarp.sys \Driver\PxHelper OBJECT: 0xFCDC7710(13e4710) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC7928 \??\C:\WINNT\System32\drivers\PxHelper.sys \Driver\biosview OBJECT: 0xFCCC94B0(12e64b0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC93C8 \SystemRoot\system32\drivers\biosview.sys \Driver\Rksample OBJECT: 0xFCDC1C10(13dec10) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC1D88 \SystemRoot\System32\DRIVERS\rksample.sys \Driver\Null OBJECT: 0xFCD8E9D0(13ab9d0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC8548 \SystemRoot\System32\Drivers\Null.SYS \Driver\PCI OBJECT: 0xFCE03950(1420950) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Driver\sbp2port OBJECT: 0xFCD2D470(134a470) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25F28 sbp2port.sys \Driver\Disk OBJECT: 0xFCDA6030(13c3030) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Driver\IPSEC OBJECT: 0xFF1E7D70(1c86d70) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA5588 \SystemRoot\System32\DRIVERS\ipsec.sys \Driver\NdisWan OBJECT: 0xFCDBFAB0(13dcab0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBFC48 \SystemRoot\System32\DRIVERS\ndiswan.sys \Driver\NdisTapi OBJECT: 0xFCD461B0(13631b0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD46348 \SystemRoot\System32\DRIVERS\ndistapi.sys \Driver\PartMgr OBJECT: 0xFCDAEB30(13cbb30) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25E08 PartMgr.sys \Driver\Serial OBJECT: 0xFCD49E70(1366e70) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD4A0E8 \SystemRoot\System32\DRIVERS\serial.sys \Driver\Gpc OBJECT: 0xFCD6EF30(138bf30) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC90C68 \SystemRoot\System32\DRIVERS\msgpc.sys \Driver\ACPI OBJECT: 0xFCDF3030(1410030) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Driver\PnpManager OBJECT: 0xFCE18EF0(1435ef0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Driver\Parallel OBJECT: 0xFCDBE630(13db630) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBE808 \SystemRoot\System32\DRIVERS\parallel.sys \Driver\Flpydisk OBJECT: 0xFCD9E330(13bb330) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDB03A8 \SystemRoot\System32\DRIVERS\flpydisk.sys \Driver\i81x OBJECT: 0xFCDC7D30(13e4d30) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA42A8 \SystemRoot\System32\DRIVERS\i81xnt5.sys \Driver\AFD OBJECT: 0xFF27F8D0(a068d0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF282F68 \SystemRoot\System32\drivers\afd.sys \Driver\Fsks OBJECT: 0xFF253E10(651e10) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF251A08 \SystemRoot\System32\DRIVERS\fsksnt.sys \Driver\Parport OBJECT: 0xFCD48D50(1365d50) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD48EE8 \SystemRoot\System32\DRIVERS\parport.sys \Driver\IntelIde OBJECT: 0xFCDCB0F0(13e80f0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27E48 intelide.sys \Driver\ApfiltrService OBJECT: 0xFCDA35B0(13c05b0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA3748 \SystemRoot\System32\DRIVERS\Apfiltr.sys \Driver\CmBatt OBJECT: 0xFCD27BD0(1344bd0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD27D68 \SystemRoot\System32\DRIVERS\CmBatt.sys \Driver\SPI OBJECT: 0xFCD4ADD0(1367dd0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD4AF68 \SystemRoot\System32\Drivers\SonyPI.sys \Driver\iLINKnet OBJECT: 0xFCDBED10(13dbd10) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBEE88 \SystemRoot\System32\DRIVERS\SonyiNet.sys \Driver\i8042prt OBJECT: 0xFCDC6C90(13e3c90) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC6E68 \SystemRoot\System32\DRIVERS\i8042prt.sys \WmiGuid\ Directory: 0xFCDF4930(1411930) \Device\ Directory: 0xFCDFD570(141a570) \Device\KsecDD OBJECT: 0xFCD4EF10(136bf10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD50650 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25928 KSecDD.sys \Device\FSKS0 OBJECT: 0xFF253CB0(651cb0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF253E10 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF251A08 \SystemRoot\System32\DRIVERS\fsksnt.sys \Device\Beep OBJECT: 0xFCD8E450(13ab450) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD8E5D0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD8E708 \SystemRoot\System32\Drivers\Beep.SYS \Device\00000032 OBJECT: 0xFCD93550(13b0550) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD31910 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD97DA8 \SystemRoot\System32\DRIVERS\USBSTOR.SYS \Device\00512a OBJECT: 0xFCDF4F10(1411f10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Ndis OBJECT: 0xFCD4E7D0(136b7d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD4E8F0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE258A8 NDIS.sys \Device\00000025 OBJECT: 0xFCD59030(1376030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000019 OBJECT: 0xFCDAB270(13c8270) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\Netbios OBJECT: 0xFCD6CD90(1389d90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD6CF30 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD6C348 \SystemRoot\System32\DRIVERS\netbios.sys \Device\00000033 OBJECT: 0xFCD24750(1341750) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000026 OBJECT: 0xFCDAEF10(13cbf10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\003928 OBJECT: 0xFCDF5910(1412910) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\003327 OBJECT: 0xFCE16510(1433510) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\002926 OBJECT: 0xFCE16D10(1433d10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\002325 OBJECT: 0xFCDF6A30(1413a30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Ip OBJECT: 0xFCCC5CD0(12e2cd0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCC5E10 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC5FA8 \SystemRoot\System32\DRIVERS\tcpip.sys \Device\KSENUM#00000001 OBJECT: 0xFF24FD90(7acd90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD44750 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD448E8 \SystemRoot\System32\DRIVERS\swenum.sys \Device\004529 OBJECT: 0xFCE15C30(1432c30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\00000027 OBJECT: 0xFCDAEDF0(13cbdf0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\003026 OBJECT: 0xFCE16B10(1433b10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\KSENUM#00000002 OBJECT: 0xFF24E030(7d47030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD44750 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD448E8 \SystemRoot\System32\DRIVERS\swenum.sys \Device\Video0 OBJECT: 0xFCD4C038(1369038) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC7D30 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA42A8 \SystemRoot\System32\DRIVERS\i81xnt5.sys \Device\KeyboardClass0 OBJECT: 0xFCDA3E30(13c0e30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC6810 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC69E8 \SystemRoot\System32\DRIVERS\kbdclass.sys \Device\00000028 OBJECT: 0xFCD296F0(13466f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\003628 OBJECT: 0xFCDF5F10(1412f10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\NDProxy OBJECT: 0xFCD39030(1356030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD9A3D0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD9A568 \SystemRoot\System32\Drivers\NDProxy.SYS \Device\Video1 OBJECT: 0xFCCC7760(12e4760) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCC87D0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC8A88 \SystemRoot\System32\drivers\vga.sys \Device\{48B2AFEE-E0A0-41E0-B2FD-B0E4E3993429} OBJECT: 0xFCDBF030(13dc030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD46770 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD46908 \SystemRoot\System32\DRIVERS\rasl2tp.sys \Device\00000029 OBJECT: 0xFCDC2750(13df750) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC2AF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD471E8 \SystemRoot\system32\drivers\smwdm.sys \Device\004229 OBJECT: 0xFCDF5310(1412310) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Video2 OBJECT: 0xFCCC6CE0(12e3ce0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCC7210 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC73A8 \SystemRoot\System32\Drivers\mnmdd.SYS \Device\Serial0 OBJECT: 0xFCD493E0(13663e0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD49E70 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD4A0E8 \SystemRoot\System32\DRIVERS\serial.sys \Device\PointerClass0 OBJECT: 0xFCD4B8D0(13688d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD4BED0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA3428 \SystemRoot\System32\DRIVERS\mouclass.sys \Device\0000000a OBJECT: 0xFCDCD550(13ea550) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\KSENUM#00000005 OBJECT: 0xFF237230(646c230) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD44750 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD448E8 \SystemRoot\System32\DRIVERS\swenum.sys \Device\USBPDO-0 OBJECT: 0xFCD3C830(1359830) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD47B10 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD47EE8 \SystemRoot\System32\DRIVERS\uhcd.sys \Device\CompositeBattery OBJECT: 0xFCD5A030(1377030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD2B670 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26D68 compbatt.sys \Device\Processor OBJECT: 0xFCD24A50(1341a50) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD24B70 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD24D08 \SystemRoot\System32\DRIVERS\update.sys \Device\AcAdapter OBJECT: 0xFCD4B0F0(13680f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD27BD0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD27D68 \SystemRoot\System32\DRIVERS\CmBatt.sys \Device\0000000b OBJECT: 0xFCDCD430(13ea430) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\USBPDO-1 OBJECT: 0xFCD3BBB0(1358bb0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD47B10 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD47EE8 \SystemRoot\System32\DRIVERS\uhcd.sys \Device\SPIDevice0 OBJECT: 0xFCD4A970(1367970) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD4ADD0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD4AF68 \SystemRoot\System32\Drivers\SonyPI.sys \Device\0000000c OBJECT: 0xFCDCD310(13ea310) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\RawTape OBJECT: 0xFCE14950(1431950) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE14CB0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\WMIDataDevice OBJECT: 0xFCDF4230(1411230) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF4A30 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\USBPDO-2 OBJECT: 0xFCD97BD0(13b4bd0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDB0110 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD3C4E8 \SystemRoot\System32\DRIVERS\usbhub.sys \Device\FloppyPDO0 OBJECT: 0xFCDB06F0(13cd6f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD48690 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD48828 \SystemRoot\System32\DRIVERS\fdc.sys \Device\0000001a OBJECT: 0xFCD58030(1375030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\0000000d OBJECT: 0xFCD2F030(134c030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\NTPNP_PCI0000 OBJECT: 0xFCD304F0(134d4f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE03950 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\000521 OBJECT: 0xFCDF7F10(1414f10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\FAX0 OBJECT: 0xFF225A10(478ba10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF2253F0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF225788 \SystemRoot\System32\DRIVERS\faxnt.sys \Device\UdfReadr OBJECT: 0xFCD8DDF0(13aadf0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCC4DB0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC4208 \SystemRoot\System32\Drivers\UdfReadr.SYS \Device\USBPDO-3 OBJECT: 0xFCD96850(13b3850) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDB0110 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD3C4E8 \SystemRoot\System32\DRIVERS\usbhub.sys \Device\0000001b OBJECT: 0xFCD58F10(1375f10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\0000000e OBJECT: 0xFCD2FF10(134cf10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\NTPNP_PCI0001 OBJECT: 0xFCDAC030(13c9030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE03950 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\001823 OBJECT: 0xFCE17510(1434510) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\001222 OBJECT: 0xFCE17030(1434030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\RasAcd OBJECT: 0xFCD8DAB0(13aaab0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD8DBD0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD8DD68 \SystemRoot\System32\DRIVERS\rasacd.sys \Device\0000001c OBJECT: 0xFCD58DF0(1375df0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\0000000f OBJECT: 0xFCD2FDF0(134cdf0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\NTPNP_PCI0002 OBJECT: 0xFCDACE30(13c9e30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE03950 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\00522a OBJECT: 0xFCDF4D10(1411d10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\000822 OBJECT: 0xFCDF7910(1414910) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\000221 OBJECT: 0xFCE185F0(14355f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Tcp OBJECT: 0xFCD7E150(139b150) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCC5E10 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC5FA8 \SystemRoot\System32\DRIVERS\tcpip.sys \Device\V1240 OBJECT: 0xFF217D30(53cad30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF217E50 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF1FEF08 \SystemRoot\System32\DRIVERS\v124nt.sys \Device\ParallelVdm0 OBJECT: 0xFF26BA50(250a50) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF275030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF26C9C8 \SystemRoot\System32\Drivers\ParVdm.SYS \Device\ParallelPort0 OBJECT: 0xFCD48A70(1365a70) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD48D50 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD48EE8 \SystemRoot\System32\DRIVERS\parport.sys \Device\0000001d OBJECT: 0xFCD58CD0(1375cd0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\HCD0 OBJECT: 0xFCD47550(1364550) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD47B10 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD47EE8 \SystemRoot\System32\DRIVERS\uhcd.sys \Device\NTPNP_PCI0010 OBJECT: 0xFCD2E810(134b810) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE03950 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\NTPNP_PCI0003 OBJECT: 0xFCDACC30(13c9c30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE03950 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\002425 OBJECT: 0xFCDF6830(1413830) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\001523 OBJECT: 0xFCE17B10(1434b10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\00482a OBJECT: 0xFCE15630(1432630) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\0000002a OBJECT: 0xFCDC0BB0(13ddbb0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC1410 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC1548 \SystemRoot\System32\Drivers\Modem.SYS \Device\HCD1 OBJECT: 0xFCDC2030(13df030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD47B10 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD47EE8 \SystemRoot\System32\DRIVERS\uhcd.sys \Device\SNCDevice0 OBJECT: 0xFCD4A350(1367350) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD4A590 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD4A728 \SystemRoot\System32\Drivers\SonyNC.sys \Device\0000001e OBJECT: 0xFCD58BB0(1375bb0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\ReadDataPort_0 OBJECT: 0xFCDAB810(13c8810) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD2EB70 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F08 isapnp.sys \Device\NTPNP_PCI0011 OBJECT: 0xFCD2E4B0(134b4b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE03950 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\NTPNP_PCI0004 OBJECT: 0xFCDACA30(13c9a30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE03950 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\003126 OBJECT: 0xFCE16910(1433910) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\002124 OBJECT: 0xFCDF6E30(1413e30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\HarddiskVolume1 OBJECT: 0xFCD51990(136e990) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD59C90 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27D28 ftdisk.sys \Device\{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFCDC6030(13e3030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD28390 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD284C8 \SystemRoot\System32\DRIVERS\e100bnt5.sys \Device\0000001f OBJECT: 0xFCD58A90(1375a90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\NTPNP_PCI0012 OBJECT: 0xFCDAB030(13c8030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE03950 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\RKSAMPLE0 OBJECT: 0xFCDC11D0(13de1d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC1C10 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC1D88 \SystemRoot\System32\DRIVERS\rksample.sys \Device\NTPNP_PCI0005 OBJECT: 0xFCDAC830(13c9830) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE03950 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\CdRom0 OBJECT: 0xFCD28950(1345950) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD28030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC7308 \SystemRoot\System32\DRIVERS\cdrom.sys \Device\HarddiskVolume2 OBJECT: 0xFCD51530(136e530) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD59C90 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27D28 ftdisk.sys \Device\TONES0 OBJECT: 0xFF24C830(4605830) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF24D170 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24DAC8 \SystemRoot\System32\DRIVERS\tonesnt.sys \Device\sysaudio OBJECT: 0xFF24AC70(3bdc70) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF24AE50 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24E528 \SystemRoot\system32\drivers\sysaudio.sys \Device\FsWrap OBJECT: 0xFCD67030(1384030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCC8CA10 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC864C8 \SystemRoot\System32\DRIVERS\rdbss.sys \Device\0000002c OBJECT: 0xFCDB05D0(13cd5d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\NTPNP_PCI0006 OBJECT: 0xFCDAC4D0(13c94d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE03950 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\003728 OBJECT: 0xFCDF5D10(1412d10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\002726 OBJECT: 0xFCDF6230(1413230) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\HarddiskVolume3 OBJECT: 0xFCCCAE70(12e7e70) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD59C90 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27D28 ftdisk.sys \Device\MbMmDp32 OBJECT: 0xFF26AE90(f99e90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF26A030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF26B1C8 \SystemRoot\System32\Drivers\Aspi32.SYS \Device\Parallel0 OBJECT: 0xFCD97040(13b4040) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDBE630 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBE808 \SystemRoot\System32\DRIVERS\parallel.sys \Device\0000002d OBJECT: 0xFCD3B030(1358030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDB0110 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD3C4E8 \SystemRoot\System32\DRIVERS\usbhub.sys \Device\NTPNP_PCI0007 OBJECT: 0xFCDCD030(13ea030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE03950 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\004329 OBJECT: 0xFCE15030(1432030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\VideoPdo1 OBJECT: 0xFCC5A030(1277030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC7D30 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA42A8 \SystemRoot\System32\DRIVERS\i81xnt5.sys \Device\004629 OBJECT: 0xFCE15A30(1432a30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\NTPNP_PCI0008 OBJECT: 0xFCDCDCD0(13eacd0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE03950 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\0000002e OBJECT: 0xFCD3B7F0(13587f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDB0110 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD3C4E8 \SystemRoot\System32\DRIVERS\usbhub.sys \Device\ACPIEC OBJECT: 0xFCDA74B0(13c44b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDA77D0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25E88 ACPIEC.sys \Device\003428 OBJECT: 0xFCE16310(1433310) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\HxDefDriver OBJECT: 0xFF25C330(1982330) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF25C490 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25C7E8 \??\c:\winnt\system32\dfrwsdrv.sys \Device\VolumesSafeForWriteAccess OBJECT: 0xFCD644F0(13814f0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \Device\0000002f OBJECT: 0xFCD977D0(13b47d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD31910 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD97DA8 \SystemRoot\System32\DRIVERS\USBSTOR.SYS \Device\NTPNP_PCI0009 OBJECT: 0xFCDCD970(13ea970) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE03950 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26F88 pci.sys \Device\Apfiltr OBJECT: 0xFCD9D9F0(13ba9f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDA35B0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA3748 \SystemRoot\System32\DRIVERS\Apfiltr.sys \Device\PxHelperDevice0 OBJECT: 0xFCDC7590(13e4590) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC7710 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC7928 \??\C:\WINNT\System32\drivers\PxHelper.sys \Device\wgnthlpr OBJECT: 0xFCDA5670(13c2670) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDA5790 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25828 NaiFsRec.sys \Device\Pcmcia0 OBJECT: 0xFCD59670(1376670) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD59D90 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27DA8 pcmcia.sys \Device\004029 OBJECT: 0xFCDF5710(1412710) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\NetBT_Tcpip_{E41F8207-9EAD-4C09-8BC4-06F8E425196E} OBJECT: 0xFCD6C710(1389710) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD8B470 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC8EFA8 \SystemRoot\System32\DRIVERS\netbt.sys \Device\ControlMethodBattery1 OBJECT: 0xFCD4B290(1368290) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD27BD0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD27D68 \SystemRoot\System32\DRIVERS\CmBatt.sys \Device\NetBt_Wins_Export OBJECT: 0xFCC8E890(12ab890) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD8B470 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC8EFA8 \SystemRoot\System32\DRIVERS\netbt.sys \Device\NetBT_Tcpip_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFCD67590(1384590) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD8B470 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC8EFA8 \SystemRoot\System32\DRIVERS\netbt.sys \Device\Sbp2Port0 OBJECT: 0xFCD2C030(1349030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD2D470 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25F28 sbp2port.sys \Device\000321 OBJECT: 0xFCE183B0(14353b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\NetbiosSmb OBJECT: 0xFCC8E550(12ab550) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD8B470 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC8EFA8 \SystemRoot\System32\DRIVERS\netbt.sys \Device\001022 OBJECT: 0xFCDF7510(1414510) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\000922 OBJECT: 0xFCDF7710(1414710) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\00492a OBJECT: 0xFCE15430(1432430) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\001623 OBJECT: 0xFCE17910(1434910) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\000621 OBJECT: 0xFCDF7D10(1414d10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\{E41F8207-9EAD-4C09-8BC4-06F8E425196E} OBJECT: 0xFCD44030(1361030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDBED10 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBEE88 \SystemRoot\System32\DRIVERS\SonyiNet.sys \Device\MountPointManager OBJECT: 0xFCDAE890(13cb890) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDAEA30 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25D88 MountMgr.sys \Device\Smwdm0 OBJECT: 0xFCDC29B0(13df9b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC2AF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD471E8 \SystemRoot\system32\drivers\smwdm.sys \Device\00502a OBJECT: 0xFCE15230(1432230) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\002224 OBJECT: 0xFCDF6C30(1413c30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\001322 OBJECT: 0xFCE17F10(1434f10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\LanmanServer OBJECT: 0xFF24DBB0(766bb0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF24DCD0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24A828 \SystemRoot\System32\DRIVERS\srv.sys \Device\Mup OBJECT: 0xFCDA5890(13c2890) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD4E6D0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25788 Mup.sys \Device\K560 OBJECT: 0xFF248AD0(4b88ad0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF250D50 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF253708 \SystemRoot\System32\DRIVERS\k56nt.sys \Device\WANARP OBJECT: 0xFCD6C1B0(13891b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCC8D6F0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC8D848 \SystemRoot\System32\DRIVERS\wanarp.sys \Device\002826 OBJECT: 0xFCE16F10(1433f10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\001924 OBJECT: 0xFCE17310(1434310) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Udp OBJECT: 0xFCC9A030(12b7030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCC5E10 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC5FA8 \SystemRoot\System32\DRIVERS\tcpip.sys \Device\BiosView OBJECT: 0xFCCC8C70(12e5c70) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCC94B0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC93C8 \SystemRoot\system32\drivers\biosview.sys \Device\002525 OBJECT: 0xFCDF6630(1413630) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\RawIp OBJECT: 0xFCC9AF10(12b7f10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCC5E10 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC5FA8 \SystemRoot\System32\DRIVERS\tcpip.sys \Device\ChangeEventCdRom0 OBJECT: 0xFF226910(778910) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \Device\ICH0 OBJECT: 0xFF24E790(7d47790) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF24E930 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24ED08 \SystemRoot\System32\DRIVERS\Ich.sys \Device\NdisWanIp OBJECT: 0xFCDA2A50(13bfa50) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDBFAB0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBFC48 \SystemRoot\System32\DRIVERS\ndiswan.sys \Device\00000001 OBJECT: 0xFCDF46D0(14116d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF4B30 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\003528 OBJECT: 0xFCDF5030(1412030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Floppy0 OBJECT: 0xFCD3C030(1359030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD9E330 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDB03A8 \SystemRoot\System32\DRIVERS\flpydisk.sys \Device\AmosNTDevice0 OBJECT: 0xFF26B3D0(2503d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF26B510 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF26B6E8 \SystemRoot\System32\DRIVERS\amosnt.sys \Device\004729 OBJECT: 0xFCE15830(1432830) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\00000002 OBJECT: 0xFCD5B1F0(13781f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\RawDisk OBJECT: 0xFCE14B90(1431b90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE14CB0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\004129 OBJECT: 0xFCDF5510(1412510) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\003227 OBJECT: 0xFCE16710(1433710) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Null OBJECT: 0xFCD8E8B0(13ab8b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD8E9D0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC8548 \SystemRoot\System32\Drivers\Null.SYS \Device\1394BUS0 OBJECT: 0xFCD55028(1372028) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD57590 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26E88 ohci1394.sys \Device\00000010 OBJECT: 0xFCD2FCD0(134ccd0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000003 OBJECT: 0xFCE02450(141f450) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\003828 OBJECT: 0xFCDF5B10(1412b10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\IPSEC OBJECT: 0xFF1E6150(507f150) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF1E7D70 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDA5588 \SystemRoot\System32\DRIVERS\ipsec.sys \Device\ParTechInc0 OBJECT: 0xFCD25D90(1342d90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD25030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD451E8 \SystemRoot\System32\DRIVERS\ptilink.sys \Device\00000011 OBJECT: 0xFCD2FBB0(134cbb0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000004 OBJECT: 0xFCE03170(1420170) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\004429 OBJECT: 0xFCE15E30(1432e30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\PhysicalMemory OBJECT: 0xE10010E0(159b0e0) Type: 17 Section SecurityDescriptor: 0xE1008B78(15d9b78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;CCLCSWRC;;;BA) Segment: 0xE10007E8(159a7e8) \Device\LanmanDatagramReceiver OBJECT: 0xFCC84870(12a1870) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCC91590 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD6D688 \SystemRoot\System32\DRIVERS\mrxsmb.sys \Device\NdisTapi OBJECT: 0xFCDBFED0(13dced0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD461B0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD46348 \SystemRoot\System32\DRIVERS\ndistapi.sys \Device\IPMULTICAST OBJECT: 0xFCD7E270(139b270) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCC5E10 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC5FA8 \SystemRoot\System32\DRIVERS\tcpip.sys \Device\NdisWan OBJECT: 0xFCD99030(13b6030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDBFAB0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDBFC48 \SystemRoot\System32\DRIVERS\ndiswan.sys \Device\ParTechInc1 OBJECT: 0xFCD25AF0(1342af0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD25030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD451E8 \SystemRoot\System32\DRIVERS\ptilink.sys \Device\00000012 OBJECT: 0xFCD2E230(134b230) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000005 OBJECT: 0xFCDDE490(13fb490) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\LanmanRedirector OBJECT: 0xFCC84990(12a1990) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCC91590 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD6D688 \SystemRoot\System32\DRIVERS\mrxsmb.sys \Device\Gpc OBJECT: 0xFCD6E8F0(138b8f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD6EF30 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC90C68 \SystemRoot\System32\DRIVERS\msgpc.sys \Device\ParTechInc2 OBJECT: 0xFCD25850(1342850) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD25030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD451E8 \SystemRoot\System32\DRIVERS\ptilink.sys \Device\00000013 OBJECT: 0xFCDABC10(13c8c10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000006 OBJECT: 0xFCDDE370(13fb370) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\NamedPipe OBJECT: 0xFCCC4350(12e1350) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCC6250 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC63E8 \SystemRoot\System32\Drivers\Npfs.SYS \Device\00000020 OBJECT: 0xFCD58970(1375970) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\FtControl OBJECT: 0xFCD59AF0(1376af0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD59C90 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27D28 ftdisk.sys \Device\00000014 OBJECT: 0xFCDABAF0(13c8af0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000007 OBJECT: 0xFCDDE250(13fb250) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\000721 OBJECT: 0xFCDF7B10(1414b10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Mailslot OBJECT: 0xFCCC68D0(12e38d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCCC6A70 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC72E8 \SystemRoot\System32\Drivers\Msfs.SYS \Device\FALLBACK0 OBJECT: 0xFF252690(7c8690) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF2527B0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF25E848 \SystemRoot\System32\DRIVERS\fallback.sys \Device\00000021 OBJECT: 0xFCD58850(1375850) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000015 OBJECT: 0xFCDAB6F0(13c86f0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000008 OBJECT: 0xFCDAC250(13c9250) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\WMIServiceDevice OBJECT: 0xFCDF4350(1411350) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF4A30 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\000121 OBJECT: 0xFCE18910(1435910) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\Afd OBJECT: 0xFF27F7B0(a067b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFF27F8D0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF282F68 \SystemRoot\System32\drivers\afd.sys \Device\{A5F8B43B-175B-45CA-9615-2BD6B11D4F33} OBJECT: 0xFCDBE030(13db030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD253B0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD25548 \SystemRoot\System32\DRIVERS\raspti.sys \Device\00000022 OBJECT: 0xFCD58730(1375730) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\Winachsf0 OBJECT: 0xFCDC0040(13dd040) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDC17D0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCDC1948 \SystemRoot\System32\DRIVERS\winachsf.sys \Device\000421 OBJECT: 0xFCE181B0(14351b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\00000016 OBJECT: 0xFCDAB5D0(13c85d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000009 OBJECT: 0xFCD5B370(1378370) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\RawCdRom OBJECT: 0xFCE14A70(1431a70) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE14CB0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\001423 OBJECT: 0xFCE17D10(1434d10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\ScsiPort0 OBJECT: 0xFCDADE90(13cae90) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Ide\IdePort0 \Device\00000030 OBJECT: 0xFCD96130(13b3130) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD31910 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD97DA8 \SystemRoot\System32\DRIVERS\USBSTOR.SYS \Device\00000023 OBJECT: 0xFCD58610(1375610) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\00000017 OBJECT: 0xFCDAB4B0(13c84b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\002024 OBJECT: 0xFCDF6030(1413030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\001122 OBJECT: 0xFCDF7310(1414310) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\00000031 OBJECT: 0xFCCCFAD0(12ecad0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD31910 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD97DA8 \SystemRoot\System32\DRIVERS\USBSTOR.SYS \Device\{0CC8543F-8126-4073-8C04-07B3E7BFB4C3} OBJECT: 0xFCD45450(1362450) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD45C10 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD45FA8 \SystemRoot\System32\DRIVERS\raspptp.sys \Device\00000024 OBJECT: 0xFCD30710(134d710) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD57590 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE26E88 ohci1394.sys \Device\00000018 OBJECT: 0xFCDAB390(13c8390) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDF3030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE280E8 ACPI.sys \Device\002625 OBJECT: 0xFCDF6430(1413430) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Device\001723 OBJECT: 0xFCE17710(1434710) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCE18EF0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \Windows\ Directory: 0xFCC90030(12ad030) \Windows\SbApiPort OBJECT: 0xE1DC89C0(76629c0) Type: 19 Port SecurityDescriptor: 0xE131B438(1a3b438) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;CCRC;;;BA) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0xFCC62B00 \Windows\ApiPort OBJECT: 0xE1DC2D80(7573d80) Type: 19 Port SecurityDescriptor: 0xE1DC1378(7552378) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD)(A;;0x1f0001;;;RC) Creator: 000000B4.000000B0 ClientThread: 0x00000000 ServerProcess: 0xFCC62B00 \RPC Control\ Directory: 0xFCD642F0(13812f0) \RPC Control\tapsrvlpc OBJECT: 0xE207C680(438c680) Type: 19 Port SecurityDescriptor: 0xE137A9D8(281b9d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;WD) Creator: 000001EC.0000034C ClientThread: 0x00000000 ServerProcess: 0xFF277960 \RPC Control\spoolss OBJECT: 0xE13534C0(1b524c0) Type: 19 Port SecurityDescriptor: 0xE1E75398(edd398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100001;;;BU)(A;;0x100001;;;PU)(A;;0x120001;;;WD)(A;;0x1f0001;;;CO)(A;;0x1f0001;;;SY)(A;;0x1f0001;;;BA) Creator: 000001B0.000001B4 ClientThread: 0x00000000 ServerProcess: 0xFF2748A0 \RPC Control\OLE2 OBJECT: 0xE1E2F8C0(7b938c0) Type: 19 Port SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000001EC.000001FC ClientThread: 0x00000000 ServerProcess: 0xFF277960 \RPC Control\OLE3 OBJECT: 0xE1E2D1C0(79af1c0) Type: 19 Port SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000002D0.000002E8 ClientThread: 0x00000000 ServerProcess: 0xFF1FD720 \RPC Control\OLE4 OBJECT: 0xE1E2AA60(7ae7a60) Type: 19 Port SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000000B0.00000290 ClientThread: 0x00000000 ServerProcess: 0xFCA36620 \RPC Control\OLE5 OBJECT: 0xE1DCD4E0(76754e0) Type: 19 Port SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000348.00000344 ClientThread: 0x00000000 ServerProcess: 0xFF1CDA00 \RPC Control\ntsvcs OBJECT: 0xE1E4E040(943040) Type: 19 Port SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000000E4.000000E0 ClientThread: 0x00000000 ServerProcess: 0xFCA2BBC0 \RPC Control\OLE9 OBJECT: 0xE1E34C00(7ab4c00) Type: 19 Port SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000398.00000394 ClientThread: 0x00000000 ServerProcess: 0xFF1A12E0 \RPC Control\policyagent OBJECT: 0xE1397EC0(293bec0) Type: 19 Port SecurityDescriptor: 0xE1F35178(6539178) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCSDRC;;;WD)(A;;CCSDRC;;;RC)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;BA) Creator: 000000F0.00000218 ClientThread: 0x00000000 ServerProcess: 0xFCA2A500 \RPC Control\OLE12 OBJECT: 0xE1E8D3C0(46f73c0) Type: 19 Port SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000001B0.00000484 ClientThread: 0x00000000 ServerProcess: 0xFF2748A0 \RPC Control\OLE13 OBJECT: 0xE1F4AA00(4bffa00) Type: 19 Port SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000130.00000244 ClientThread: 0x00000000 ServerProcess: 0xFF1CB020 \RPC Control\LRPC00000240.00000001 OBJECT: 0xE1E4D880(900880) Type: 19 Port SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 00000240.00000238 ClientThread: 0x00000000 ServerProcess: 0xFF23ED60 \RPC Control\OLEa OBJECT: 0xE207BF20(42bbf20) Type: 19 Port SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 000003BC.000003B8 ClientThread: 0x00000000 ServerProcess: 0xFF1952C0 \RPC Control\OLEc OBJECT: 0xE2086200(44f6200) Type: 19 Port SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 000003C8.000003C4 ClientThread: 0x00000000 ServerProcess: 0xFF192780 \RPC Control\OLEe OBJECT: 0xE2083720(bbf720) Type: 19 Port SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) Creator: 00000428.00000424 ClientThread: 0x00000000 ServerProcess: 0xFF177AC0 \RPC Control\senssvc OBJECT: 0xE1E32480(7a30480) Type: 19 Port SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Creator: 000001EC.00000254 ClientThread: 0x00000000 ServerProcess: 0xFF277960 \BaseNamedObjects\ Directory: 0xFCC61C10(127ec10) \BaseNamedObjects\WINMGMT_COREDLL_UNLOADED OBJECT: 0xFF1E5550(626550) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\SonyAsyncEvent10128 OBJECT: 0xFF183C30(3ec4c30) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\ZonesCacheCounterMutex OBJECT: 0xFCDBE7D0(13db7d0) Type: 10 Mutant SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\AgentToWkssvcEvent OBJECT: 0xFF23A4B0(64004b0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AvSyncStateEventAvSynMgr OBJECT: 0xFF23BD70(5686d70) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\NAI_VIRUSSCAN_DAVCONSOL OBJECT: 0xE1E29560(7a84560) Type: 17 Section SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1EBE6E8(78036e8) BasedAddress: 0x08F33CC0 SizeOfSegment: 0xdf318 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Cons.mmf \BaseNamedObjects\userenv: Machine Group Policy has been applied OBJECT: 0xFF21C470(50ad470) Type: 8 Event SecurityDescriptor: 0xE12A66D8(18c96d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) \BaseNamedObjects\Local OBJECT: 0xFCD5C610(1379610) Type: 3 SymbolicLink SecurityDescriptor: 0xE1D40A58(6970a58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;;;;RC) Target: \BaseNamedObjects \BaseNamedObjects\Shell_NotificationCallbacksOutstanding OBJECT: 0xFF183450(3ec4450) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\PhoenixPowerPanel OBJECT: 0xFCA31030(104e030) Type: 10 Mutant SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\SETTermEvent OBJECT: 0xFF1A53F0(35243f0) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\PowerProfileRegistrySemaphore OBJECT: 0xFF1A3030(362e030) Type: 12 Semaphore SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) \BaseNamedObjects\__TgCommander__ OBJECT: 0xFCDA52D0(13c22d0) Type: 10 Mutant SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\AlpsPointEvent OBJECT: 0xFF17D490(41c2490) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\AvSyncStateEventEMail OBJECT: 0xFF23BEF0(5686ef0) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\NAI_VIRUSSCAN_ODS OBJECT: 0xE1E4CDC0(908dc0) Type: 17 Section SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12EE128(19c1128) BasedAddress: 0x08EB2CD8 SizeOfSegment: 0x2ca8 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\VScanOds.mmf \BaseNamedObjects\WFP_IDLE_TRIGGER OBJECT: 0xFF24A610(3bd610) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\jjCSCSharedEvent_UM_KM OBJECT: 0xFF2839F0(a779f0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\userenv: refresh timer for 176:796 OBJECT: 0xFCA2B8B0(10488b0) Type: 13 Profile SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\WkssvcToAgentStartEvent OBJECT: 0xFF23A530(6400530) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\PnP_Init_Mutex OBJECT: 0xFF279110(d72110) Type: 10 Mutant SecurityDescriptor: 0xE1398218(29b8218) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\ScNetDrvMsg OBJECT: 0xFF28AD10(fc4d10) Type: 8 Event SecurityDescriptor: 0xE13855F8(288b5f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;DC;;;WD)(A;;0x1f0003;;;SY) \BaseNamedObjects\AvSyncStateEventAvsmcpa OBJECT: 0xFF23BBB0(5686bb0) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventCCMail OBJECT: 0xFF23BDF0(5686df0) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\DHCPNEWIPADDRESS OBJECT: 0xFF27A1D0(cd91d0) Type: 8 Event SecurityDescriptor: 0xE13AD9D8(2b2a9d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100002;;;WD) \BaseNamedObjects\DirectSound Administrator shared thread array (lock) OBJECT: 0xFF28EF10(7b2df10) Type: 10 Mutant SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\mixercallback OBJECT: 0xFF233530(6b8a530) Type: 8 Event SecurityDescriptor: 0xE1E59F78(9eef78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) \BaseNamedObjects\SonyAsyncEvent10160 OBJECT: 0xFF163510(5047510) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\C:_Documents and Settings_Administrator_Cookies_index.dat_16384 OBJECT: 0xE1E2D540(79af540) Type: 17 Section SecurityDescriptor: 0xE134B578(1aef578) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE12E2D28(1977d28) BasedAddress: 0x089A2CC8 SizeOfSegment: 0x4000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Cookies\index.dat \BaseNamedObjects\AUTOENRL: user refresh timer for 176:340 OBJECT: 0xFF1D7C70(1eebc70) Type: 13 Profile SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AvSyncStateEventDownScan OBJECT: 0xFF23BF70(5686f70) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\WINMGMT_LOADED OBJECT: 0xFF229330(4f32330) Type: 8 Event SecurityDescriptor: 0xE1D3DCF8(6947cf8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA)(A;;0x100002;;;WD) \BaseNamedObjects\WINMGMT_REGISTRATION_DONE OBJECT: 0xFF1E5450(626450) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\mxrapi OBJECT: 0xFF225190(478b190) Type: 10 Mutant SecurityDescriptor: 0xE12A58D8(18c88d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;WD) \BaseNamedObjects\GuardSemmmGlobalPnpInfoGuard OBJECT: 0xFF256AF0(2904af0) Type: 12 Semaphore SecurityDescriptor: 0xE1D3DEB8(6947eb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) \BaseNamedObjects\AvSyncStateEventInternet OBJECT: 0xFF23BF30(5686f30) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\NAI_VIRUSSCAN_AVCONSOLEXCL OBJECT: 0xE134EFC0(1af4fc0) Type: 17 Section SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1EBEAC8(7803ac8) BasedAddress: 0x08F124C0 SizeOfSegment: 0x13d620 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Scan.mmf \BaseNamedObjects\__R_0000000000d4_SMem__ OBJECT: 0xE1E6CFC0(e97fc0) Type: 17 Section SecurityDescriptor: 0xE1E6CF18(e97f18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1398968(29b8968) BasedAddress: 0x089E2CD0 SizeOfSegment: 0x3ba4 SecurityDescriptor: (null) Path: HarddiskVolume1\WINNT\Registration\R0000000000d4.clb \BaseNamedObjects\SonyAsyncEvent10162 OBJECT: 0xFF171B50(eecb50) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\c:!documents and settings!administrator!cookies! OBJECT: 0xFF1E7170(1c86170) Type: 10 Mutant SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\AvSynchOnReqStateChangeMutex OBJECT: 0xFF239810(65e2810) Type: 10 Mutant SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\LSA_RPC_SERVER_ACTIVE OBJECT: 0xFF28FC70(79f0c70) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\crypt32LogoffEvent OBJECT: 0xFF28A470(fc4470) Type: 8 Event SecurityDescriptor: 0xE1E48458(7c38458) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100000;;;WD) \BaseNamedObjects\TgSchedUpdateJobsEventName OBJECT: 0xFF16FFF0(4591ff0) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\AUTOENRL:TriggerUserEnrollment OBJECT: 0xFF273BF0(ec5bf0) Type: 8 Event SecurityDescriptor: 0xE12A66D8(18c96d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) \BaseNamedObjects\winlogon: User GPO Event 104810 OBJECT: 0xFF255850(23a6850) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\SENS Started Event OBJECT: 0xFF1D69B0(202e9b0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AvSynchStackMutex OBJECT: 0xFF23B850(5686850) Type: 10 Mutant SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\userenv: User Profile setup event OBJECT: 0xFCA33910(1050910) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\DirectSound Administrator capture focus array OBJECT: 0xE1E8C760(6a9760) Type: 17 Section SecurityDescriptor: 0xE1EE76B8(22526b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE2114FA8(6b26fa8) BasedAddress: 0x00000080 SizeOfSegment: 0x4000 \BaseNamedObjects\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! OBJECT: 0xFCDC1910(13de910) Type: 10 Mutant SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\DDBurnerMutex OBJECT: 0xFF165C10(4d87c10) Type: 10 Mutant SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\Alps_Apfilter_APC_Event OBJECT: 0xFF1861F0(3d571f0) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\WMI_SysEvent_UnLodCtr OBJECT: 0xFF1E4F70(4d3cf70) Type: 8 Event SecurityDescriptor: 0xE1D3DCF8(6947cf8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA)(A;;0x100002;;;WD) \BaseNamedObjects\WINMGMT_MARSHALLING_SERVER OBJECT: 0xFF1E5710(626710) Type: 10 Mutant SecurityDescriptor: 0xE1398218(29b8218) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\ReSyncKernel OBJECT: 0xFF2511F0(47931f0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\mmGlobalPnpInfo OBJECT: 0xE1D3DAC0(6947ac0) Type: 17 Section SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1E8C208(6a9208) BasedAddress: 0x00000080 SizeOfSegment: 0x40000 \BaseNamedObjects\AvSyncStateMapping OBJECT: 0xE1E466E0(7ce96e0) Type: 17 Section SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E48008(7c38008) BasedAddress: 0x08E66CD0 SizeOfSegment: 0xdea80 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\Sync_map.mmf \BaseNamedObjects\NAI_VIRUSSCAN_AVCONSOLSCAN OBJECT: 0xE1D3FAA0(692faa0) Type: 17 Section SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1EBE008(7803008) BasedAddress: 0x08EF6CC8 SizeOfSegment: 0x13d620 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dAV_Excl.mmf \BaseNamedObjects\NAI_VIRUSSCAN_OAS_EXL OBJECT: 0xE1EB8420(6b5b420) Type: 17 Section SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12E22A8(19772a8) BasedAddress: 0x08C1FCD0 SizeOfSegment: 0x6590 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dVS_Excl.mmf \BaseNamedObjects\shell.{6D5313C0-8C62-11D1-B2CD-006097DF8C11} OBJECT: 0xFF12F490(7abb490) Type: 12 Semaphore SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\WINMGMT_CORE_DB_WRITE OBJECT: 0xFF1E54D0(6264d0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\ShellReadyEvent OBJECT: 0xFF1A62B0(35062b0) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57} OBJECT: 0xFCD8EB30(13abb30) Type: 12 Semaphore SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\userenv: User Group Policy has been applied OBJECT: 0xFF21BBB0(4ec9bb0) Type: 8 Event SecurityDescriptor: 0xE12A66D8(18c96d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) \BaseNamedObjects\SC_AutoStartComplete OBJECT: 0xFCA25810(1042810) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\_.-=[DFRWS2005]=-._ OBJECT: 0xE1D3EB80(692cb80) Type: 17 Section SecurityDescriptor: 0xE1D3EBD8(692cbd8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;WD) Segment: 0xE1D3EC48(692cc48) BasedAddress: 0x00000080 SizeOfSegment: 0x10000 \BaseNamedObjects\NAI_VIRUSSCAN_GEN OBJECT: 0xE1E47580(897580) Type: 17 Section SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12D9248(195f248) BasedAddress: 0x08E87CC0 SizeOfSegment: 0x2630 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\VScanGen.mmf \BaseNamedObjects\UrlZonesSM_Administrator OBJECT: 0xE134A940(1af5940) Type: 17 Section SecurityDescriptor: 0xE1EE76B8(22526b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1EAAE68(7896e68) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 \BaseNamedObjects\NtmsDatafileBackupEvent OBJECT: 0xFF14AC30(2e68c30) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\TgSchedUpdateListTwoEventName OBJECT: 0xFF16FF70(4591f70) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\DBWinMutex OBJECT: 0xFF238350(64a8350) Type: 10 Mutant SecurityDescriptor: 0xE1336CF8(1ac3cf8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;SY)(A;;0x1f0001;;;BA) \BaseNamedObjects\TgSchedNewUserEventName OBJECT: 0xFF16FEF0(4591ef0) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\ScmCreatedEvent OBJECT: 0xFF26F830(f74830) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\WINMGMT_MARSHALLING_SERVER_TERMINATE OBJECT: 0xFF1E5590(626590) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\Global OBJECT: 0xFCD5C910(1379910) Type: 3 SymbolicLink SecurityDescriptor: 0xE1D40A58(6970a58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;;;;RC) Target: \BaseNamedObjects \BaseNamedObjects\WINMGMT_COREDLL_CANSHUTDOWN OBJECT: 0xFF1E55D0(6265d0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AlpsPointEuropa OBJECT: 0xFF19B750(384a750) Type: 10 Mutant SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\ActSaverSEEvent OBJECT: 0xFF19DFF0(37bdff0) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\AUTOENRL:TriggerMachineEnrollment OBJECT: 0xFF1D5930(2220930) Type: 8 Event SecurityDescriptor: 0xE12A66D8(18c96d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x1f0003;;;BA)(A;;0x120003;;;WD) \BaseNamedObjects\WINMGMT_KEEP_NEW_CLIENTS_AT_BAY OBJECT: 0xFF1E4F10(4d3cf10) Type: 10 Mutant SecurityDescriptor: 0xE1398218(29b8218) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\Microsoft.RPC_Registry_Server OBJECT: 0xFF23E130(560a130) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\DmioLoaded OBJECT: 0xFF251230(4793230) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\Alps_Auto OBJECT: 0xFCC81FD0(129efd0) Type: 10 Mutant SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\VSCAN_GEN_SEMAPHORE OBJECT: 0xFF236490(7774490) Type: 10 Mutant SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AgentExistsEvent OBJECT: 0xFF2802B0(ae52b0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\NAI_VIRUSSCAN_AVCONSOL OBJECT: 0xE1EB7560(79a560) Type: 17 Section SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12E17C8(19757c8) BasedAddress: 0x08EDC4C8 SizeOfSegment: 0x6160 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\AVConsol.mmf \BaseNamedObjects\c:!documents and settings!administrator!local settings!history!history.ie5! OBJECT: 0xFCD4AF30(1367f30) Type: 10 Mutant SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\WininetProxyRegistryMutex OBJECT: 0xFCDC09D0(13dd9d0) Type: 10 Mutant SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\WinSta0_DesktopSwitch OBJECT: 0xFCA2D8B0(104a8b0) Type: 8 Event SecurityDescriptor: 0xE132DF38(1a8af38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100000;;;WD) \BaseNamedObjects\WDMAUD_Path_Size OBJECT: 0xE1E48E00(7c38e00) Type: 17 Section SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE1363988(22e5988) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 \BaseNamedObjects\NtmsSvcStopEvent OBJECT: 0xFF1AA730(33a8730) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\HKserv OBJECT: 0xFF18E030(3ac0030) Type: 10 Mutant SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\NAI_VS_STAT OBJECT: 0xFF237B90(646cb90) Type: 10 Mutant SecurityDescriptor: 0xE1398218(29b8218) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\SvcctrlStartEvent_A3752DX OBJECT: 0xFCA25330(1042330) Type: 8 Event SecurityDescriptor: 0xE1E294B8(7a844b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-18 G: S-1-5-18 D:(A;;0x100000;;;WD)(A;;0x1f0003;;;SY) \BaseNamedObjects\WINMGMT_CORE_BACKUP_DONE OBJECT: 0xFF1E4FF0(4d3cff0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\C:_Documents and Settings_Administrator_Local Settings_Temporary Internet Files_Content.IE5_index.dat_32768 OBJECT: 0xE1E6B600(cb1600) Type: 17 Section SecurityDescriptor: 0xE134B578(1aef578) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1ECB208(1959208) BasedAddress: 0x08F7D4C0 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat \BaseNamedObjects\_!MSFTHISTORY!_ OBJECT: 0xFCDC16F0(13de6f0) Type: 10 Mutant SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\HPlugEjectEvent OBJECT: 0xFF19D750(37bd750) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\AvSyncStateEventVsStat OBJECT: 0xFF23BFF0(5686ff0) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\IPSEC_POLICY_CHANGE_NOTIFY OBJECT: 0xFF235B10(7799b10) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AvSyncStateEventScan32USER OBJECT: 0xFF23BB70(5686b70) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\Sens Hidden Window Cleanup Event OBJECT: 0xFF24AAD0(3bdad0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\hardwaremixercallback OBJECT: 0xFF251030(4793030) Type: 8 Event SecurityDescriptor: 0xE1E59F78(9eef78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;WD) \BaseNamedObjects\WininetStartupMutex OBJECT: 0xFCD46310(1363310) Type: 10 Mutant SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\SENS Information Cache OBJECT: 0xE13942E0(29762e0) Type: 17 Section SecurityDescriptor: 0xE134FC18(1af6c18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;LC;;;WD)(A;;DC;;;SY) Segment: 0xE12E8AE8(198dae8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 \BaseNamedObjects\TgSchedExitEvent OBJECT: 0xFF16FEB0(4591eb0) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\JogServ2 OBJECT: 0xFCD61F90(137ef90) Type: 10 Mutant SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\AUTOENRL: machine refresh timer for 176:528 OBJECT: 0xFF280190(ae5190) Type: 13 Profile SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\RasPbFile OBJECT: 0xFF27BB70(eb3b70) Type: 10 Mutant SecurityDescriptor: 0xE1E6B558(cb1558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x130001;;;WD) \BaseNamedObjects\NtmsDbChangeNotificationMutex OBJECT: 0xFF140950(3442950) Type: 10 Mutant SecurityDescriptor: 0xE1398218(29b8218) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\FaxStartedEvent OBJECT: 0xFF147A50(2ce4a50) Type: 8 Event SecurityDescriptor: 0xE1F43B58(4addb58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 (null) \BaseNamedObjects\NAI_VIRUSSCAN_ODS_EXL OBJECT: 0xE1EC5900(4f00900) Type: 17 Section SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE12EE4E8(19c14e8) BasedAddress: 0x08D084D0 SizeOfSegment: 0x6590 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dExclDef.mmf \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1} OBJECT: 0xFCD6D750(138a750) Type: 12 Semaphore SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\WDMAUD_Device_Interface_Path OBJECT: 0xE136B660(25a3660) Type: 17 Section SecurityDescriptor: 0xE1D3DF38(6947f38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LC;;;WD) Segment: 0xE12E2128(1977128) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 \BaseNamedObjects\GuardEventmmGlobalPnpInfoGuard OBJECT: 0xFF25FF30(1b16f30) Type: 8 Event SecurityDescriptor: 0xE1D3DEB8(6947eb8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x100002;;;WD) \BaseNamedObjects\AvSyncStateEventAvConsole OBJECT: 0xFF23C110(65f7110) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\DmAdminStop OBJECT: 0xFF2511B0(47931b0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\_SHuassist.mtx OBJECT: 0xFF1A7BF0(34bfbf0) Type: 10 Mutant SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\WINMGMT_PROVIDER_CANSHUTDOWN OBJECT: 0xFF1E5770(626770) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\ZonesCounterMutex OBJECT: 0xFF287950(945950) Type: 10 Mutant SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\RotHintTable OBJECT: 0xE1E416A0(7cc26a0) Type: 17 Section SecurityDescriptor: 0xE1E41AF8(7cc2af8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-18 G: S-1-5-18 D:(A;;LC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1E75C68(eddc68) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 \BaseNamedObjects\NAI_VIRUSSCAN_OAS OBJECT: 0xE1EB1740(6b54740) Type: 17 Section SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1EB23A8(78753a8) BasedAddress: 0x08DA04C8 SizeOfSegment: 0x4a8c SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\VScanOas.mmf \BaseNamedObjects\userenv: user policy refresh event OBJECT: 0xFF2738D0(ec58d0) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventManagement0 OBJECT: 0xFF23BCF0(5686cf0) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventVsConfig OBJECT: 0xFF23BDB0(5686db0) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventVshWin32 OBJECT: 0xFF23BFB0(5686fb0) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\NAI_VIRUSSCAN_ODS_SCAN OBJECT: 0xE1EC7960(5041960) Type: 17 Section SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) Segment: 0xE1E656A8(b686a8) BasedAddress: 0x08DB2CC0 SizeOfSegment: 0x6590 SecurityDescriptor: (null) Path: HarddiskVolume1\Program Files\McAfee\McAfee VirusScan\dScanDef.mmf \BaseNamedObjects\shell.{090851A5-EB96-11D2-8BE4-00C04FA31A66} OBJECT: 0xFCCC7190(12e4190) Type: 12 Semaphore SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\RouterPreInitEvent OBJECT: 0xFF26C730(fad730) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_index.dat_32768 OBJECT: 0xE1EE2900(4a9c900) Type: 17 Section SecurityDescriptor: 0xE134B578(1aef578) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1E6CDC8(e97dc8) BasedAddress: 0x08C1CCD0 SizeOfSegment: 0x8000 SecurityDescriptor: (null) Path: HarddiskVolume1\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat \BaseNamedObjects\WininetConnectionMutex OBJECT: 0xFCDC0850(13dd850) Type: 10 Mutant SecurityDescriptor: 0xE1E2A998(7ae7998) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120001;;;WD)(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\WkssvcToAgentStopEvent OBJECT: 0xFF23A4F0(64004f0) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AvSyncStateEventManagement1 OBJECT: 0xFF23BCB0(5686cb0) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\IPSEC_POLICY_CHANGE_EVENT OBJECT: 0xFF235BD0(7799bd0) Type: 8 Event SecurityDescriptor: 0xE1EB1218(6b54218) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-18 G: S-1-5-18 D:(A;;0x1f0003;;;BA) \BaseNamedObjects\LDMAdmin OBJECT: 0xFF251170(4793170) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\PnP_No_Pending_Install_Events OBJECT: 0xFF278670(dfa670) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\Session OBJECT: 0xFCC84810(12a1810) Type: 3 SymbolicLink SecurityDescriptor: 0xE1D40A58(6970a58) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;;;;RC) Target: \Sessions\BNOLINKS \BaseNamedObjects\SeTimer0 OBJECT: 0xFF153490(1bcf490) Type: 13 Profile SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\ALPS_GP_DRIVER_SCROLL OBJECT: 0xE1EB4C40(6bffc40) Type: 17 Section SecurityDescriptor: 0xE1EE76B8(22526b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1321728(1a6d728) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 \BaseNamedObjects\ExplorerIsShellMutex OBJECT: 0xFF1E4E30(4d3ce30) Type: 10 Mutant SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\AvSyncStateEventManagement2 OBJECT: 0xFF23BC70(5686c70) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\wkssvc: MUP finished initializing event OBJECT: 0xFF21D890(6623890) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D} OBJECT: 0xFCCC7130(12e4130) Type: 12 Semaphore SecurityDescriptor: 0xE12F9278(19d8278) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x120003;;;WD)(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\TgSchedUpdateListEventName OBJECT: 0xFF16FFB0(4591fb0) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\AvSyncStateEventManagement3 OBJECT: 0xFF23BC30(5686c30) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\SeCommon1999 FileMap OBJECT: 0xE207D880(3ee0880) Type: 17 Section SecurityDescriptor: 0xE1EE76B8(22526b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1DE9BC8(7856bc8) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 \BaseNamedObjects\WINMGMT_COREDLL_LOADED OBJECT: 0xFF1E5510(626510) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\AvSyncStateEventManagement4 OBJECT: 0xFF23BBF0(5686bf0) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventLauncher OBJECT: 0xFF23BD30(5686d30) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventScan32 OBJECT: 0xFF23BEB0(5686eb0) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\userenv: machine policy refresh event OBJECT: 0xFF219030(4571030) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\winlogon: machine GPO Event 94906 OBJECT: 0xFF219190(4571190) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\DirectSound Administrator shared thread array OBJECT: 0xE20EA700(46db700) Type: 17 Section SecurityDescriptor: 0xE1EE76B8(22526b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPSDRCWDWO;;;BA)(A;;CCDCLCSWRPSDRCWDWO;;;SY) Segment: 0xE1E30FA8(7b23fa8) BasedAddress: 0x00000080 SizeOfSegment: 0x5000 \BaseNamedObjects\VSCAN_OAS_SEMAPHORE OBJECT: 0xFF246E90(4be5e90) Type: 10 Mutant SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventConfWiz OBJECT: 0xFF23BE30(5686e30) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventMcUpdate OBJECT: 0xFF23BE70(5686e70) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\WDMAUD_Callbacks OBJECT: 0xE1E48D80(7c38d80) Type: 17 Section SecurityDescriptor: 0xE1DD6D78(77f7d78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;DCLC;;;WD) Segment: 0xE12DFF08(1970f08) BasedAddress: 0x00000080 SizeOfSegment: 0x1000 \BaseNamedObjects\userenv: refresh timer for 176:784 OBJECT: 0xFF1D6EB0(202eeb0) Type: 13 Profile SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\WINMGMT_NEED_REGISTRATION OBJECT: 0xFF1E5490(626490) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \BaseNamedObjects\PS_SERVICE_STARTED OBJECT: 0xFF23B570(5686570) Type: 8 Event SecurityDescriptor: 0xE132DF38(1a8af38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x100000;;;WD) \BaseNamedObjects\DirectSound Administrator capture focus array (lock) OBJECT: 0xFF219FD0(4571fd0) Type: 10 Mutant SecurityDescriptor: 0xE12E57B8(19857b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0001;;;BA)(A;;0x1f0001;;;SY) \BaseNamedObjects\GuardMutexmmGlobalPnpInfoGuard OBJECT: 0xFF2564D0(29044d0) Type: 10 Mutant SecurityDescriptor: 0xE1D3DE38(6947e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x100000;;;WD) \BaseNamedObjects\TgSchedUpdateJobsTwoEventName OBJECT: 0xFF16F030(4591030) Type: 8 Event SecurityDescriptor: 0xE13680D8(237f0d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0003;;;BA)(A;;0x1f0003;;;SY) \BaseNamedObjects\AvSyncStateEventNaAmgCfg OBJECT: 0xFF23BAF0(5686af0) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\AvSyncStateEventMcStub OBJECT: 0xFF23BB30(5686b30) Type: 8 Event SecurityDescriptor: 0xE1DD1E38(7704e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 (null) \BaseNamedObjects\WMI_SysEvent_LodCtr OBJECT: 0xFF1E4FB0(4d3cfb0) Type: 8 Event SecurityDescriptor: 0xE1D3DCF8(6947cf8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA)(A;;0x100002;;;WD) \BaseNamedObjects\AvServiceOptionsFlushEvent OBJECT: 0xFF238450(64a8450) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \??\ Directory: 0xFCE00630(141d630) \??\D: OBJECT: 0xFCD51370(136e370) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume2 TargetObject: 0xFCD51530 \??\NDIS OBJECT: 0xFCD51270(136e270) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Ndis TargetObject: 0xFCD4E7D0 \??\Volume{bf50ce30-d140-11d9-9869-806d6172696f} OBJECT: 0xFCD502F0(136d2f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume1 TargetObject: 0xFCD51990 \??\PCI#VEN_8086&DEV_2445&SUBSYS_80E0104D&REV_03#3&61aaa01&0&FD#{65e8773d-8f56-11d0-a3b9-00a0c9223196} OBJECT: 0xFCD9AA90(13b7a90) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0008 TargetObject: 0xFCDCDCD0 \??\FSKS0 OBJECT: 0xFF253F10(651f10) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\FSKS0 TargetObject: 0xFF253CB0 \??\DISPLAY1 OBJECT: 0xFCDBEB10(13dbb10) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Video0 TargetObject: 0xFCD4C038 \??\STORAGE#Volume#1&30a96598&0&Signature5CDFECDCOffset7E00Length2629FF3200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCCC9890(12e6890) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume3 TargetObject: 0xFCCCAE70 \??\FDC#GENERIC_FLOPPY_DRIVE#5&35ef02a&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCD980F0(13b50f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\FloppyPDO0 TargetObject: 0xFCDB06F0 \??\ACPI#PNP0303#4&2ab4e1f1&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} OBJECT: 0xFCD9E190(13bb190) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\0000001c TargetObject: 0xFCD58DF0 \??\DISPLAY2 OBJECT: 0xFCCC8990(12e5990) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Video1 TargetObject: 0xFCCC7760 \??\Root#SYSTEM#0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196} OBJECT: 0xFCD983B0(13b53b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00512a TargetObject: 0xFCDF4F10 \??\ACPI#PNP0401#4&2ab4e1f1&0#{97f76ef0-f883-11d0-af1f-0000f800845c} OBJECT: 0xFCDB0DD0(13cddd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000022 TargetObject: 0xFCD58730 \??\DmIoDaemon OBJECT: 0xFCDABD70(13c8d70) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\DmControl\DmIoDaemon TargetObject: 0xFCD2DDB0 \??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} OBJECT: 0xFCDE01F0(13fd1f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000003 TargetObject: 0xFCE02450 \??\Ip OBJECT: 0xFCCC5F10(12e2f10) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Ip TargetObject: 0xFCCC5CD0 \??\DISPLAY3 OBJECT: 0xFCCC7430(12e4430) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Video2 TargetObject: 0xFCCC6CE0 \??\E: OBJECT: 0xFCDBDDD0(13dadd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\CdRom0 TargetObject: 0xFCD28950 \??\IPSECDev OBJECT: 0xFF1E6770(507f770) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\IPSEC TargetObject: 0xFF1E6150 \??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} OBJECT: 0xFCD1A9D0(13379d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\004629 TargetObject: 0xFCE15A30 \??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857} OBJECT: 0xFCDDF790(13fc790) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000002 TargetObject: 0xFCD5B1F0 \??\{48B2AFEE-E0A0-41E0-B2FD-B0E4E3993429} OBJECT: 0xFCD9A8B0(13b78b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\{48B2AFEE-E0A0-41E0-B2FD-B0E4E3993429} TargetObject: 0xFCDBF030 \??\$VDMLPT1 OBJECT: 0xFF26BBB0(250bb0) Type: 3 SymbolicLink SecurityDescriptor: 0xE13384B8(1aa64b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\ParallelVdm0 TargetObject: 0xFF26BA50 \??\USB#Vid_054c&Pid_0056#5&c3eea8&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} OBJECT: 0xFCD93B10(13b0b10) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\USBPDO-3 TargetObject: 0xFCD96850 \??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} OBJECT: 0xFCD31C70(134ec70) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00512a TargetObject: 0xFCDF4F10 \??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a} OBJECT: 0xFCDBD590(13da590) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000026 TargetObject: 0xFCDAEF10 \??\CompositeBattery OBJECT: 0xFCDF4130(1411130) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\CompositeBattery TargetObject: 0xFCD5A030 \??\F: OBJECT: 0xFCCC6B70(12e3b70) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume3 TargetObject: 0xFCCCAE70 \??\Volume{bf50ce31-d140-11d9-9869-806d6172696f} OBJECT: 0xFCD51310(136e310) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume2 TargetObject: 0xFCD51530 \??\SBP2#Sony&i.LINK_DVD-ROM_Drive&LUN0#0800460300ca8454#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCD43150(1360150) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Sbp2\Sony&i.LINK DVD-ROM Drive&0&08004603_00ca8454_Instance00 TargetObject: 0xFCD2CB70 \??\WMIDataDevice OBJECT: 0xFCDF61D0(14131d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\WMIDataDevice TargetObject: 0xFCDF4230 \??\COM1 OBJECT: 0xFCDB15F0(13ce5f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Serial0 TargetObject: 0xFCD493E0 \??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196} OBJECT: 0xFCD31CD0(134ecd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00512a TargetObject: 0xFCDF4F10 \??\PIPE OBJECT: 0xFCC82FD0(129ffd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE13384B8(1aa64b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\NamedPipe TargetObject: 0xFCCC4350 \??\FAX0 OBJECT: 0xFF22AC30(4f61c30) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\FAX0 TargetObject: 0xFF225A10 \??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000} OBJECT: 0xFCD31D90(134ed90) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00512a TargetObject: 0xFCDF4F10 \??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788} OBJECT: 0xFF24A970(3bd970) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\KSENUM#00000002 TargetObject: 0xFF24E030 \??\UdfReadr OBJECT: 0xFCCC4170(12e1170) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\UdfReadr TargetObject: 0xFCD8DDF0 \??\COM3 OBJECT: 0xFCDC1110(13de110) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Winachsf0 TargetObject: 0xFCDC0040 \??\UNC OBJECT: 0xFCC82F10(129ff10) Type: 3 SymbolicLink SecurityDescriptor: 0xE13384B8(1aa64b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\Mup TargetObject: 0xFCDA5890 \??\USB#ROOT_HUB#4&13d6cd5a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} OBJECT: 0xFCD31530(134e530) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\USBPDO-0 TargetObject: 0xFCD3C830 \??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196} OBJECT: 0xFCD31D30(134ed30) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00512a TargetObject: 0xFCDF4F10 \??\HCD0 OBJECT: 0xFCD4BFD0(1368fd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HCD0 TargetObject: 0xFCD47550 \??\V1240 OBJECT: 0xFF217F50(53caf50) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\V1240 TargetObject: 0xFF217D30 \??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} OBJECT: 0xFCD32490(134f490) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00482a TargetObject: 0xFCE15630 \??\HCD1 OBJECT: 0xFCD474B0(13644b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HCD1 TargetObject: 0xFCDC2030 \??\PhysicalDrive0 OBJECT: 0xFCDA62F0(13c32f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk0\DR0 TargetObject: 0xFCDA6A10 \??\Volume{3b8360a0-d5cb-11d9-9872-0800460222f0} OBJECT: 0xFCCC8A50(12e5a50) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume3 TargetObject: 0xFCCCAE70 \??\PRN OBJECT: 0xFCC82F70(129ff70) Type: 3 SymbolicLink SecurityDescriptor: 0xE13384B8(1aa64b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \DosDevices\LPT1 \??\USB#Vid_0d49&Pid_5020#Y42L8W0E____#{a5dcbf10-6530-11d2-901f-00c04fb951ed} OBJECT: 0xFCD96710(13b3710) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\USBPDO-2 TargetObject: 0xFCD97BD0 \??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} OBJECT: 0xFCD31C10(134ec10) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00512a TargetObject: 0xFCDF4F10 \??\PCI#VEN_8086&DEV_2449&SUBSYS_30138086&REV_03#4&13b53951&0&40F0#{ad498944-762f-11d0-8dcb-00c04fc3358c} OBJECT: 0xFCDB40D0(13d10d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0012 TargetObject: 0xFCDAB030 \??\{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} OBJECT: 0xFCDBDC30(13dac30) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} TargetObject: 0xFCDC6030 \??\RKSAMPLE0 OBJECT: 0xFCD47450(1364450) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\RKSAMPLE0 TargetObject: 0xFCDC11D0 \??\CdRom0 OBJECT: 0xFCDC71F0(13e41f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\CdRom0 TargetObject: 0xFCD28950 \??\TONES0 OBJECT: 0xFF24D270(766270) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\TONES0 TargetObject: 0xFF24C830 \??\sysaudio OBJECT: 0xFF24EDF0(7d47df0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\sysaudio TargetObject: 0xFF24AC70 \??\PhysicalDrive1 OBJECT: 0xFCD909B0(13ad9b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk1\DR3 TargetObject: 0xFCCCF350 \??\fsWrap OBJECT: 0xFCC863F0(12a33f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\FsWrap \??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} OBJECT: 0xFCD982F0(13b52f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00512a TargetObject: 0xFCDF4F10 \??\ACPI#ThermalZone#ATF0#{4afa3d51-74a7-11d0-be5e-00a0c9062857} OBJECT: 0xFCE02310(141f310) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000006 TargetObject: 0xFCDDE370 \??\S: OBJECT: 0xFCCC98F0(12e68f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk2\DP(1)0-0+6 TargetObject: 0xFCCC9D90 \??\Volume{bf50ce32-d140-11d9-9869-0800460222f0} OBJECT: 0xFCDBDC90(13dac90) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\CdRom0 TargetObject: 0xFCD28950 \??\PhysicalDrive2 OBJECT: 0xFCCCA0B0(12e70b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk2\DR4 TargetObject: 0xFCD90030 \??\MbMmDp32 OBJECT: 0xFF26B0F0(2500f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\MbMmDp32 TargetObject: 0xFF26AE90 \??\ACPI#PNP0501#4&2ab4e1f1&0#{86e0d1e0-8089-11d0-9ce4-08003e301f73} OBJECT: 0xFCDBD4D0(13da4d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000021 TargetObject: 0xFCD58850 \??\Global OBJECT: 0xFCE00570(141d570) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007C38(15a8c38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;OICIIO;GX;;;WD)(A;OICIIO;GA;;;BA)(A;OICIIO;GA;;;SY)(A;OICIIO;GA;;;CO) Target: \?? \??\Apfiltr OBJECT: 0xFCDBD710(13da710) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Apfiltr TargetObject: 0xFCD9D9F0 \??\PxHelperDevice0 OBJECT: 0xFCDC7530(13e4530) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\PxHelperDevice0 TargetObject: 0xFCDC7590 \??\HxDefDriver OBJECT: 0xFF25C590(1982590) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HxDefDriver TargetObject: 0xFF25C330 \??\USB#ROOT_HUB#4&889adf6&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} OBJECT: 0xFCD96BF0(13b3bf0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\USBPDO-1 TargetObject: 0xFCD3BBB0 \??\WGNTHLPR OBJECT: 0xFCD505D0(136d5d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\wgnthlpr TargetObject: 0xFCDA5670 \??\Pcmcia0 OBJECT: 0xFCE03030(1420030) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Pcmcia0 TargetObject: 0xFCD59670 \??\Volume{6ef5db51-0826-11d5-91ea-d8eb1c843889} OBJECT: 0xFCCC9A10(12e6a10) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk2\DP(1)0-0+6 TargetObject: 0xFCCC9D90 \??\Volume{77c3bd41-075c-11d5-9f1a-806d6172696f} OBJECT: 0xFCD31710(134e710) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Floppy0 TargetObject: 0xFCD3C030 \??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788} OBJECT: 0xFF24A910(3bd910) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\KSENUM#00000002 TargetObject: 0xFF24E030 \??\PCI#VEN_8086&DEV_2446&SUBSYS_80E0104D&REV_03#3&61aaa01&0&FE#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42} OBJECT: 0xFCD9AA30(13b7a30) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0009 TargetObject: 0xFCDCD970 \??\PCI#VEN_8086&DEV_2445&SUBSYS_80E0104D&REV_03#3&61aaa01&0&FD#{6994ad04-93ef-11d0-a3cc-00a0c9223196} OBJECT: 0xFCD9ABB0(13b7bb0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0008 TargetObject: 0xFCDCDCD0 \??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1} OBJECT: 0xFCD98350(13b5350) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00512a TargetObject: 0xFCDF4F10 \??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000} OBJECT: 0xFCD98030(13b5030) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00512a TargetObject: 0xFCDF4F10 \??\Root#SYSTEM#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196} OBJECT: 0xFCD98410(13b5410) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00512a TargetObject: 0xFCDF4F10 \??\Root#NET#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} OBJECT: 0xFCD31450(134e450) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00492a TargetObject: 0xFCE15430 \??\STORAGE#Volume#1&30a96598&0&SignatureC5E4C5E4Offset7E00Length179FE0800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCD51850(136e850) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume1 TargetObject: 0xFCD51990 \??\Root#SYSTEM#0000#{085aff00-62ce-11cf-a5d6-28db04c10000} OBJECT: 0xFCD98470(13b5470) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00512a TargetObject: 0xFCDF4F10 \??\ACPI#SNY6001#4&2ab4e1f1&0#{08f3ee1a-8854-11d2-bd7a-080046019d65} OBJECT: 0xFCDBD530(13da530) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\0000001f TargetObject: 0xFCD58A90 \??\MountPointManager OBJECT: 0xFCDAE830(13cb830) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\MountPointManager TargetObject: 0xFCDAE890 \??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788} OBJECT: 0xFF24A8B0(3bd8b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\KSENUM#00000002 TargetObject: 0xFF24E030 \??\{E41F8207-9EAD-4C09-8BC4-06F8E425196E} OBJECT: 0xFCD31B10(134eb10) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\{E41F8207-9EAD-4C09-8BC4-06F8E425196E} TargetObject: 0xFCD44030 \??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} OBJECT: 0xFCD9A170(13b7170) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\004529 TargetObject: 0xFCE15C30 \??\DmConfig OBJECT: 0xFCD59A90(1376a90) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\DmControl\DmConfig TargetObject: 0xFCD2D030 \??\WanArp OBJECT: 0xFCC8CFD0(12a9fd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\WANARP TargetObject: 0xFCD6C1B0 \??\K560 OBJECT: 0xFF248C70(4b88c70) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\K560 TargetObject: 0xFF248AD0 \??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCDA80D0(13c50d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\000421 TargetObject: 0xFCE181B0 \??\BiosView OBJECT: 0xFCCC95B0(12e65b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\BiosView TargetObject: 0xFCCC8C70 \??\STORAGE#Volume#1&30a96598&0&SignatureC5E4C5E4Offset179FF0400Length20A215400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCD50510(136d510) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume2 TargetObject: 0xFCD51530 \??\SBP2#Sony&i.LINK_DVD-ROM_Drive&LUN0#0800460300ca8454#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCDBDE30(13dae30) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Sbp2\Sony&i.LINK DVD-ROM Drive&0&08004603_00ca8454_Instance00 TargetObject: 0xFCD2CB70 \??\DmTrace OBJECT: 0xFCD5A350(1377350) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\DmControl\DmTrace \??\A: OBJECT: 0xFCD316B0(134e6b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Floppy0 TargetObject: 0xFCD3C030 \??\ICH0 OBJECT: 0xFF24EA30(7d47a30) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\ICH0 TargetObject: 0xFF24E790 \??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCD2DD50(134ad50) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\000321 TargetObject: 0xFCE183B0 \??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} OBJECT: 0xFCD98290(13b5290) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00512a TargetObject: 0xFCDF4F10 \??\NDISWANIP OBJECT: 0xFCD9A4D0(13b74d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NdisWanIp TargetObject: 0xFCDA2A50 \??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788} OBJECT: 0xFF24FFD0(7acfd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\KSENUM#00000002 TargetObject: 0xFF24E030 \??\AmosNTDevice0 OBJECT: 0xFF26B610(250610) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\AmosNTDevice0 TargetObject: 0xFF26B3D0 \??\Scsi0: OBJECT: 0xFCDAE230(13cb230) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Ide\IdePort0 TargetObject: 0xFCDAD030 \??\ACPI#PNP0501#4&2ab4e1f1&0#{4d36e978-e325-11ce-bfc1-08002be10318} OBJECT: 0xFCDB1870(13ce870) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000021 TargetObject: 0xFCD58850 \??\STORAGE#RemovableMedia#7&1f016071&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCCC9CB0(12e6cb0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk2\DP(1)0-0+6 TargetObject: 0xFCCC9D90 \??\PCI#VEN_8086&DEV_2445&SUBSYS_80E0104D&REV_03#3&61aaa01&0&FD#{dda54a40-1e4c-11d1-a050-405705c10000} OBJECT: 0xFCD9AB50(13b7b50) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0008 TargetObject: 0xFCDCDCD0 \??\1394BUS0 OBJECT: 0xFCDE1030(13fe030) Type: 3 SymbolicLink SecurityDescriptor: 0xE13384B8(1aa64b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\1394BUS0 TargetObject: 0xFCD55028 \??\USBSTOR#Disk&Ven_Sony&Prod_MSC-U02&Rev_1.00#6&b6e8466&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCCCAB90(12e7b90) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000032 TargetObject: 0xFCD93550 \??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} OBJECT: 0xFCD29610(1346610) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00512a TargetObject: 0xFCDF4F10 \??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} OBJECT: 0xFCD32D50(134fd50) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\004729 TargetObject: 0xFCE15830 \??\PTILINK1 OBJECT: 0xFCD45150(1362150) Type: 3 SymbolicLink SecurityDescriptor: 0xE13384B8(1aa64b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\ParTechInc0 TargetObject: 0xFCD25D90 \??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407} OBJECT: 0xFCD31BB0(134ebb0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00512a TargetObject: 0xFCDF4F10 \??\NdisWan OBJECT: 0xFCD1A330(1337330) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NdisWan TargetObject: 0xFCD99030 \??\IPMULTICAST OBJECT: 0xFCCC5C10(12e2c10) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\IPMULTICAST TargetObject: 0xFCD7E270 \??\STORAGE#RemovableMedia#7&1f016071&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCD326B0(134f6b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk2\DP(1)0-0+6 TargetObject: 0xFCCC9D90 \??\LPT1 OBJECT: 0xFCDB1C50(13cec50) Type: 3 SymbolicLink SecurityDescriptor: 0xE13384B8(1aa64b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\Parallel0 TargetObject: 0xFCD97040 \??\PTILINK2 OBJECT: 0xFCD450F0(13620f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE13384B8(1aa64b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\ParTechInc1 TargetObject: 0xFCD25AF0 \??\Shadow OBJECT: 0xFCD67A70(1384a70) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\LanmanRedirector TargetObject: 0xFCC84990 \??\PTILINK3 OBJECT: 0xFCD257F0(13427f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE13384B8(1aa64b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\ParTechInc2 TargetObject: 0xFCD25850 \??\SmwdmDev OBJECT: 0xFCDC2950(13df950) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Smwdm0 TargetObject: 0xFCDC29B0 \??\FtControl OBJECT: 0xFCD5B8F0(13788f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\FtControl TargetObject: 0xFCD59AF0 \??\C: OBJECT: 0xFCD504B0(136d4b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume1 TargetObject: 0xFCD51990 \??\MAILSLOT OBJECT: 0xFCC835F0(12a05f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE13384B8(1aa64b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\MailSlot \??\WMIServiceDevice OBJECT: 0xFCE18150(1435150) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\WMIServiceDevice TargetObject: 0xFCDF4350 \??\FALLBACK0 OBJECT: 0xFF2565D0(29045d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\FALLBACK0 TargetObject: 0xFF252690 \??\ACPI#PNP0F13#4&2ab4e1f1&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd} OBJECT: 0xFCDBD5F0(13da5f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\0000001d TargetObject: 0xFCD58CD0 \??\AUX OBJECT: 0xFCC85490(12a2490) Type: 3 SymbolicLink SecurityDescriptor: 0xE13384B8(1aa64b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \DosDevices\COM1 \??\PCI#VEN_8086&DEV_2446&SUBSYS_80E0104D&REV_03#3&61aaa01&0&FE#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4} OBJECT: 0xFCD9A910(13b7910) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0009 TargetObject: 0xFCDCD970 \??\PCI#VEN_8086&DEV_2445&SUBSYS_80E0104D&REV_03#3&61aaa01&0&FD#{65e8773e-8f56-11d0-a3b9-00a0c9223196} OBJECT: 0xFCD9AAF0(13b7af0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0008 TargetObject: 0xFCDCDCD0 \??\NUL OBJECT: 0xFCC83590(12a0590) Type: 3 SymbolicLink SecurityDescriptor: 0xE13384B8(1aa64b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;BA)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA) Target: \Device\Null TargetObject: 0xFCD8E8B0 \??\{A5F8B43B-175B-45CA-9615-2BD6B11D4F33} OBJECT: 0xFCD32CF0(134fcf0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\{A5F8B43B-175B-45CA-9615-2BD6B11D4F33} TargetObject: 0xFCDBE030 \??\Conexant-Ambit SoftK56 Data,Fax ICH Modem OBJECT: 0xFCDC10B0(13de0b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\NTPNP_PCI0009 TargetObject: 0xFCDCD970 \??\GLOBALROOT OBJECT: 0xFCE005D0(141d5d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007C38(15a8c38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;OICIIO;GX;;;WD)(A;OICIIO;GA;;;BA)(A;OICIIO;GA;;;SY)(A;OICIIO;GA;;;CO) Target: \??\USBSTOR#Disk&Ven_Maxtor&Prod_5000DV_v01.00.00&Rev_0100#6&204eb1f5&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCD904B0(13ad4b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000031 TargetObject: 0xFCCCFAD0 \??\ACPI#SNY5001#4&2ab4e1f1&0#{f304eb09-5c5f-11d2-b53f-0800460198ac} OBJECT: 0xFCDB18D0(13ce8d0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\00000020 TargetObject: 0xFCD58970 \??\IDE#DiskHITACHI_DK23BA-15_______________________00E1A0E2#5&33f38e66&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} OBJECT: 0xFCD51CD0(136ecd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Ide\IdeDeviceP0T0L0-2 TargetObject: 0xFCD29A50 \??\{0CC8543F-8126-4073-8C04-07B3E7BFB4C3} OBJECT: 0xFCD1A970(1337970) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\{0CC8543F-8126-4073-8C04-07B3E7BFB4C3} TargetObject: 0xFCD45450 \??\DmInfo OBJECT: 0xFCD59170(1376170) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\DmControl\DmInfo TargetObject: 0xFCD2DEF0 \FileSystem\ Directory: 0xFCE18030(1435030) \FileSystem\NetBIOS OBJECT: 0xFCD6CF30(1389f30) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD6C348 \SystemRoot\System32\DRIVERS\netbios.sys \FileSystem\Fastfat OBJECT: 0xFCD4E470(136b470) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE259A8 Fastfat.sys \FileSystem\Rdbss OBJECT: 0xFCC8CA10(12a9a10) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCC864C8 \SystemRoot\System32\DRIVERS\rdbss.sys \FileSystem\UdfReadr OBJECT: 0xFCCC4DB0(12e1db0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC4208 \SystemRoot\System32\Drivers\UdfReadr.SYS \FileSystem\Msfs OBJECT: 0xFCCC6A70(12e3a70) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC72E8 \SystemRoot\System32\Drivers\Msfs.SYS \FileSystem\MRxSmb OBJECT: 0xFCC91590(12ae590) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCD6D688 \SystemRoot\System32\DRIVERS\mrxsmb.sys \FileSystem\NtfsRecognizer OBJECT: 0xFCD8EC30(13abc30) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD90510 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC8608 \SystemRoot\System32\Drivers\Fs_Rec.SYS \FileSystem\UdfsCdRomRecognizer OBJECT: 0xFCD8EF10(13abf10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD90510 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC8608 \SystemRoot\System32\Drivers\Fs_Rec.SYS \FileSystem\Srv OBJECT: 0xFF24DCD0(766cd0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF24A828 \SystemRoot\System32\DRIVERS\srv.sys \FileSystem\NaiFsRec OBJECT: 0xFCDA5790(13c2790) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25828 NaiFsRec.sys \FileSystem\Mup OBJECT: 0xFCD4E6D0(136b6d0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25788 Mup.sys \FileSystem\RAW OBJECT: 0xFCE14CB0(1431cb0) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0x00000000 \FileSystem\Npfs OBJECT: 0xFCCC6250(12e3250) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC63E8 \SystemRoot\System32\Drivers\Npfs.SYS \FileSystem\Fs_Rec OBJECT: 0xFCD90510(13ad510) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC8608 \SystemRoot\System32\Drivers\Fs_Rec.SYS \FileSystem\Cdfs OBJECT: 0xFF1FCB90(198ab90) Type: 24 Driver SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFF1FDB08 \SystemRoot\System32\Drivers\Cdfs.SYS \FileSystem\CdfsRecognizer OBJECT: 0xFCD8E030(13ab030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD90510 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC8608 \SystemRoot\System32\Drivers\Fs_Rec.SYS \FileSystem\UdfsDiskRecognizer OBJECT: 0xFCD8EDF0(13abdf0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD90510 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCCC8608 \SystemRoot\System32\Drivers\Fs_Rec.SYS \ObjectTypes\ Directory: 0xFCE00730(141d730) \ObjectTypes\Directory OBJECT: 0xFCE254A0(14424a0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Mutant OBJECT: 0xFCDFE940(141b940) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Thread OBJECT: 0xFCE00040(141d040) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Controller OBJECT: 0xFCDF8820(1415820) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Profile OBJECT: 0xFCDFE320(141b320) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Event OBJECT: 0xFCE001A0(141d1a0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Type OBJECT: 0xFCE255A0(14425a0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Section OBJECT: 0xFCDFD480(141a480) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\EventPair OBJECT: 0xFCDFEA40(141ba40) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\SymbolicLink OBJECT: 0xFCE253A0(14423a0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Desktop OBJECT: 0xFCDFDF40(141af40) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Timer OBJECT: 0xFCDFE420(141b420) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\File OBJECT: 0xFCDF8420(1415420) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\WindowStation OBJECT: 0xFCDFD040(141a040) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Driver OBJECT: 0xFCDF8620(1415620) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\WmiGuid OBJECT: 0xFCDF45E0(14115e0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Device OBJECT: 0xFCDF8720(1415720) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Token OBJECT: 0xFCE252A0(14422a0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\IoCompletion OBJECT: 0xFCDF8520(1415520) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Process OBJECT: 0xFCE25160(1442160) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Adapter OBJECT: 0xFCDF8920(1415920) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Key OBJECT: 0xFCDFCA40(1419a40) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Job OBJECT: 0xFCE00F40(141df40) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\WaitablePort OBJECT: 0xFCDF8BE0(1415be0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Port OBJECT: 0xFCDF8CE0(1415ce0) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Callback OBJECT: 0xFCDFE840(141b840) Type: 1 Type SecurityDescriptor: (null) \ObjectTypes\Semaphore OBJECT: 0xFCDFE520(141b520) Type: 1 Type SecurityDescriptor: (null) \Security\ Directory: 0xFCDFD730(141a730) \Security\TRKWKS_EVENT OBJECT: 0xFCDF8A10(1415a10) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \Security\TRKWKS_PORT OBJECT: 0xFF1FC740(198a740) Type: 20 Adapter \Security\LSA_AUTHENTICATION_INITIALIZED OBJECT: 0xFCE00150(141d150) Type: 8 Event SecurityDescriptor: 0xE136A1B8(254e1b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x120001;;;WD)(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \Security\NetworkProviderLoad OBJECT: 0xFCA2CFF0(1049ff0) Type: 8 Event SecurityDescriptor: 0xE133C2D8(1aac2d8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120003;;;BA) \Callback\ Directory: 0xFCDFF2D0(141c2d0) \Callback\SetSystemTime OBJECT: 0xFCDFE6D0(141b6d0) Type: 11 Callback SecurityDescriptor: 0xE1007A18(15a8a18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120000;;;BA) \Callback\PowerState OBJECT: 0xFCDFE610(141b610) Type: 11 Callback SecurityDescriptor: 0xE1007A18(15a8a18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120000;;;BA) \Callback\SetSystemState OBJECT: 0xFCDFE670(141b670) Type: 11 Callback SecurityDescriptor: 0xE1007A18(15a8a18) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0001;;;SY)(A;;0x120000;;;BA) \KnownDlls\ Directory: 0xFCC82930(129f930) \KnownDlls\gdi32.dll OBJECT: 0xE13D58A0(44ef8a0) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13D4CC8(5859cc8) BasedAddress: 0x2DBE2430 SizeOfSegment: 0x3c000 SecurityDescriptor: (null) Path: HarddiskVolume1gdi32.dll \KnownDlls\imagehlp.dll OBJECT: 0xE13D55C0(44ef5c0) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13D5608(44ef608) BasedAddress: 0x2DBE5C38 SizeOfSegment: 0x22000 SecurityDescriptor: (null) Path: HarddiskVolume1imagehlp.dll \KnownDlls\url.dll OBJECT: 0xE13D9580(59c1580) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13D8D28(58ded28) BasedAddress: 0x2DBF4430 SizeOfSegment: 0x17000 SecurityDescriptor: (null) Path: HarddiskVolume1url.dll \KnownDlls\MPR.dll OBJECT: 0xE13DE040(59ec040) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE137DE48(28e0e48) BasedAddress: 0x2EA1CC30 SizeOfSegment: 0x10000 SecurityDescriptor: (null) Path: HarddiskVolume1MPR.dll \KnownDlls\ole32.dll OBJECT: 0xE13D4400(5859400) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13D6948(58ba948) BasedAddress: 0x2DBEDC30 SizeOfSegment: 0xf5000 SecurityDescriptor: (null) Path: HarddiskVolume1ole32.dll \KnownDlls\urlmon.dll OBJECT: 0xE13D8220(58de220) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13D9248(59c1248) BasedAddress: 0x2DBF7420 SizeOfSegment: 0x71000 SecurityDescriptor: (null) Path: HarddiskVolume1urlmon.dll \KnownDlls\lz32.dll OBJECT: 0xE13D6E60(58bae60) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13D5B88(44efb88) BasedAddress: 0x2DBEAC30 SizeOfSegment: 0x6000 SecurityDescriptor: (null) Path: HarddiskVolume1lz32.dll \KnownDlls\olesvr32.dll OBJECT: 0xE13D7960(58bb960) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13D6188(58ba188) BasedAddress: 0x2EA08420 SizeOfSegment: 0x9000 SecurityDescriptor: (null) Path: HarddiskVolume1olesvr32.dll \KnownDlls\wldap32.dll OBJECT: 0xE13DC8A0(59878a0) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13DC8E8(59878e8) BasedAddress: 0x2EA11C28 SizeOfSegment: 0x29000 SecurityDescriptor: (null) Path: HarddiskVolume1wldap32.dll \KnownDlls\user32.dll OBJECT: 0xE13DAA80(59a2a80) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13DB008(59a5008) BasedAddress: 0x2DBF9C38 SizeOfSegment: 0x64000 SecurityDescriptor: (null) Path: HarddiskVolume1user32.dll \KnownDlls\version.dll OBJECT: 0xE13D9080(59c1080) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13D83C8(58de3c8) BasedAddress: 0x2DBFC420 SizeOfSegment: 0x7000 SecurityDescriptor: (null) Path: HarddiskVolume1version.dll \KnownDlls\olecli32.dll OBJECT: 0xE13D7BC0(58bbbc0) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE1377508(2817508) BasedAddress: 0x2EA03428 SizeOfSegment: 0x13000 SecurityDescriptor: (null) Path: HarddiskVolume1olecli32.dll \KnownDlls\KnownDllPath OBJECT: 0xFCC82370(129f370) Type: 3 SymbolicLink SecurityDescriptor: 0xE13D1E78(4450e78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCRC;;;RC)(A;;CCSDRCWDWO;;;BA) Target: C:\WINNT\system32 \KnownDlls\advapi32.dll OBJECT: 0xE13D32C0(44c72c0) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13D5E28(44efe28) BasedAddress: 0x2E9F7C30 SizeOfSegment: 0x5a000 SecurityDescriptor: (null) Path: HarddiskVolume1advapi32.dll \KnownDlls\SHLWAPI.DLL OBJECT: 0xE13DC560(5987560) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13DB8E8(59a58e8) BasedAddress: 0x2EA14438 SizeOfSegment: 0x4a000 SecurityDescriptor: (null) Path: HarddiskVolume1SHLWAPI.DLL \KnownDlls\wow32.dll OBJECT: 0xE13DEAC0(59ecac0) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13DD888(59a9888) BasedAddress: 0x2DC02428 SizeOfSegment: 0x40000 SecurityDescriptor: (null) Path: HarddiskVolume1wow32.dll \KnownDlls\olecnv32.dll OBJECT: 0xE13D7AA0(58bbaa0) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13D6428(58ba428) BasedAddress: 0x2EA05C38 SizeOfSegment: 0xb000 SecurityDescriptor: (null) Path: HarddiskVolume1olecnv32.dll \KnownDlls\comdlg32.dll OBJECT: 0xE13D3220(44c7220) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13D5C28(44efc28) BasedAddress: 0x2E9F3C30 SizeOfSegment: 0x3e000 SecurityDescriptor: (null) Path: HarddiskVolume1comdlg32.dll \KnownDlls\wininet.dll OBJECT: 0xE13DCBA0(5987ba0) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13DBCE8(59a5ce8) BasedAddress: 0x2EA1F430 SizeOfSegment: 0x74000 SecurityDescriptor: (null) Path: HarddiskVolume1wininet.dll \KnownDlls\olethk32.dll OBJECT: 0xE13D7820(58bb820) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13D4B48(5859b48) BasedAddress: 0x2EA0B438 SizeOfSegment: 0x15000 SecurityDescriptor: (null) Path: HarddiskVolume1olethk32.dll \KnownDlls\MSVCRT.DLL OBJECT: 0xE13DDE40(59a9e40) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13DB328(59a5328) BasedAddress: 0x2EA19C38 SizeOfSegment: 0x46000 SecurityDescriptor: (null) Path: HarddiskVolume1MSVCRT.DLL \KnownDlls\rpcrt4.dll OBJECT: 0xE13D88E0(58de8e0) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13D74E8(58bb4e8) BasedAddress: 0x2EA0E428 SizeOfSegment: 0x70000 SecurityDescriptor: (null) Path: HarddiskVolume1rpcrt4.dll \KnownDlls\kernel32.dll OBJECT: 0xE13D6040(58ba040) Type: 17 Section SecurityDescriptor: 0xE13C5558(2cf2558) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRC;;;WD)(A;;CCDCLCSWRC;;;RC)(A;;CCDCLCSWRPSDRCWDWO;;;BA) Segment: 0xE13D4728(5859728) BasedAddress: 0x2DBE8C20 SizeOfSegment: 0xb5000 SecurityDescriptor: (null) Path: HarddiskVolume1kernel32.dll \Device\DmControl\ Directory: 0xFCD59990(1376990) \Device\DmControl\VxKernel2VoldEvent OBJECT: 0xFCE02410(141f410) Type: 8 Event SecurityDescriptor: 0xE1008638(15d9638) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0003;;;SY)(A;;0x120001;;;BA) \Device\DmControl\DmIoDaemon OBJECT: 0xFCD2DDB0(134adb0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD59470 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25FA8 dmio.sys \Device\DmControl\DmConfig OBJECT: 0xFCD2D030(134a030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD59470 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25FA8 dmio.sys \Device\DmControl\DmPnP OBJECT: 0xFCD2D230(134a230) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD59470 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25FA8 dmio.sys \Device\DmControl\DmInfo OBJECT: 0xFCD2DEF0(134aef0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD59470 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25FA8 dmio.sys \Device\HarddiskDmVolumes\ Directory: 0xFCD59390(1376390) \Device\Ide\ Directory: 0xFCDCB1F0(13e81f0) \Device\Ide\IdeDeviceP0T0L0-2 OBJECT: 0xFCD29A50(1346a50) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDAE730 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25CE8 atapi.sys \Device\Ide\IdePort0 OBJECT: 0xFCDAD030(13ca030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDAE730 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25CE8 atapi.sys \Device\Ide\PciIde0Channel0-0 OBJECT: 0xFCD5A3B0(13773b0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDCB0F0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27E48 intelide.sys \Device\Ide\PciIde0 OBJECT: 0xFCD5A910(1377910) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDCB0F0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE27E48 intelide.sys \Device\Harddisk0\ Directory: 0xFCDA6E50(13c3e50) \Device\Harddisk0\DP(2)0x179ff0400-0x20a215400+2 OBJECT: 0xFCD50D90(136dd90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDA6030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Device\Harddisk0\DR0 OBJECT: 0xFCDA6A10(13c3a10) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDA6030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Device\Harddisk0\DP(1)0x7e00-0x179fe0800+1 OBJECT: 0xFCD50030(136d030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDA6030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Device\Harddisk0\Partition0 OBJECT: 0xFCD51EF0(136eef0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk0\DR0 \Device\Harddisk0\Partition1 OBJECT: 0xFCD518B0(136e8b0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume1 \Device\Harddisk0\Partition2 OBJECT: 0xFCD516F0(136e6f0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume2 \Device\Harddisk1\ Directory: 0xFCCCF790(12ec790) \Device\Harddisk1\DP(1)0x7e00-0x2629ff3200+5 OBJECT: 0xFCCCA510(12e7510) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDA6030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Device\Harddisk1\DR3 OBJECT: 0xFCCCF350(12ec350) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDA6030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Device\Harddisk1\Partition0 OBJECT: 0xFCD90950(13ad950) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk1\DR3 \Device\Harddisk1\Partition1 OBJECT: 0xFCCCA110(12e7110) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\HarddiskVolume3 \Device\Harddisk2\ Directory: 0xFCD93170(13b0170) \Device\Harddisk2\DR4 OBJECT: 0xFCD90030(13ad030) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDA6030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Device\Harddisk2\DP(1)0-0+6 OBJECT: 0xFCCC9D90(12e6d90) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCDA6030 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25AC8 disk.sys \Device\Harddisk2\Partition0 OBJECT: 0xFCCCADD0(12e7dd0) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk2\DR4 \Device\Harddisk2\Partition1 OBJECT: 0xFCD32710(134f710) Type: 3 SymbolicLink SecurityDescriptor: 0xE1007E38(15a8e38) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCRC;;;WD)(A;;CCSDRCWDWO;;;SY)(A;;CCSDRCWDWO;;;BA)(A;;CCRC;;;RC) Target: \Device\Harddisk2\DP(1)0-0+6 \Device\Sbp2\ Directory: 0xFCD2D370(134a370) \Device\Sbp2\Sony&i.LINK DVD-ROM Drive&0&08004603_00ca8454_Instance00 OBJECT: 0xFCD2CB70(1349b70) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD2D470 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25F28 sbp2port.sys \Device\WinDfs\ Directory: 0xFCD513D0(136e3d0) \Device\WinDfs\Root OBJECT: 0xFCDA59D0(13c29d0) Type: 23 Device SecurityDescriptor: (null) Driver: 0xFCD4E6D0 SecurityDescriptor: 0xE12AEC98(18cfc98) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;FA;;;SY)(A;;0x1200a9;;;BA) Section: 0xFCE25788 Mup.sys \Device\Scsi\ Directory: 0xFCD29370(1346370) \Windows\WindowStations\ Directory: 0xFCC5FD10(127cd10) \Windows\WindowStations\Service-0x0-3e7$ OBJECT: 0xFCA28958(1045958) Type: 15 WindowStation \Windows\WindowStations\WinSta0 OBJECT: 0xFCA32D98(104fd98) Type: 15 WindowStation \Windows\WindowStations\SAWinSta OBJECT: 0xFF247F18(4bc8f18) Type: 15 WindowStation \BaseNamedObjects\Restricted\ Directory: 0xFCC61B30(127eb30) \Device\DmControl\RawDmVolumes\ Directory: 0xFCD592B0(13762b0) \Device\HarddiskDmVolumes\PhysicalDmVolumes\ Directory: 0xFCD591D0(13761d0) Directory Count: 28 Object Count: 762 PsActiveProcessHead: 0x8046B980(46b980) PsIdleProcess 0x00000000(1) KiIdleProcess 0x8046D160(46d160) + 0 Idle Source: from_KiIdleProcess Eprocess Block: 0x8046D160 (0x46d160) SecurityDescriptor: (null) Session: 0x0 DirectoryTableBase: 0x30000 Process Environment Block: 0x00000000 Loader module block: 0x00000000 Command Line: Section: 0x00000000 (0x0) Section Base Address: 0x00000000 () SectionBasedAddress: 0x00000000 ) SizeOfSegment: 0x0 SectionFileName: Handle Table: 0xFCE256E8 (0x14426e8) Count: 143 TableCode: 0xE1002000 Process exiting: 0 VAD Root: 0x00000000(1) Private: 0 Modified: 0 Locked: 0 AccessToken: 0xE10011F0(159b1f0) SecurityDescriptor: 0xE1001158(159b158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-32-544 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,3ea} ParentToken ID: {0,0} Modified ID: {0,3e9} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Thread List Head: 0x8046D1B0 THREAD: 0x8046D3F0 (0x46d3f0) Cid: 0.0 SecurityDescriptor: (null) Teb: 0x00000000(0) ThreadsProcess: 0x8046D160 Priority: 16 Base Priority: 0 Priority decrement: 0 Win32Thread: 0x00000000 Running WaitListHead: 0x8046D44C Contents: 00000000:00000000 Queue List: 0x00000000:00000000 PostBlockList: 0x00000000:00000000 Queue: 0x00000000 Start Address: 0x00000000 Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x80471640 Stack Limit: 0x8046E640 Kernel Stack: 0x80471390(470000 46f000 46e000 ) Resident: 1 + 8 System Source: from_active_process_list Eprocess Block: 0xFCE00C60 (0x141dc44) SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x30000 Process Environment Block: 0x00000000 Loader module block: 0x00000000 Command Line: Section: 0x00000000 (0x0) Section Base Address: 0x00000000 () SectionBasedAddress: 0x00000000 ) SizeOfSegment: 0x0 SectionFileName: Handle Table: 0xFCE256E8 (0x14426e8) Count: 143 TableCode: 0xE1002000 Process exiting: 0 VAD Root: 0xFCDFD868(141a868) Private: 4 Modified: 2461 Locked: 0 AccessToken: 0xE10011F0(159b1f0) SecurityDescriptor: 0xE1001158(159b158) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-32-544 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,3ea} ParentToken ID: {0,0} Modified ID: {0,3e9} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Thread List Head: 0xFCE00CB0 THREAD: 0xFCE009E0 (0x141d9e0) Cid: 8.4 SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 0 Base Priority: 0 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrFreePage) KernelMode Non-Alertable WaitListHead: 0xFCE00A3C Contents: FCDFCB7C:FF13E33C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCE00A4C(141da4c) PostBlockList: 0xE12A5310:E12A6390 Queue: 0x00000000 Start Address: 0x8054B6B8 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0824000 Stack Limit: 0xF0821000 Kernel Stack: 0xF08239C4(15c2000 15c1000 1600000 ) Resident: 1 THREAD: 0xFCE00280 (0x141d280) Cid: 8.c CreateTime: 0x1c569df60590f40 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFCE002DC Contents: FCD9937C:FCDB107C Queue List: 0xFCDFF130:8046AFE0 WaitBlockList: 0xFCE002EC(141d2ec) PostBlockList: 0xFCE00444:FCE00444 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF082C000 Stack Limit: 0xF0829000 Kernel Stack: 0xF082BD34(Paged< 0:13000> NA NA ) Resident: 0 THREAD: 0xFCDFF020 (0x141c020) Cid: 8.10 CreateTime: 0x1c569df60590f40 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFCDFF07C Contents: FF1CE89C:FF232ABC Queue List: 0xFCDFFEB0:FCE00390 WaitBlockList: 0xFCDFF08C(141c08c) PostBlockList: 0xFCDFF1E4:FCDFF1E4 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0830000 Stack Limit: 0xF082D000 Kernel Stack: 0xF082FD34(15b5000 7aca000 7ad8000 ) Resident: 0 THREAD: 0xFCDFFDA0 (0x141cda0) Cid: 8.14 CreateTime: 0x1c569df60590f40 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCDFFDFC Contents: FF12AB7C:FCA2E67C Queue List: 0xFCDFFC30:FCDFF130 WaitBlockList: 0xFCDFFE0C(141ce0c) PostBlockList: 0xFCDFFF64:FCDFFF64 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0834000 Stack Limit: 0xF0831000 Kernel Stack: 0xF083374C(15b9000 4d53000 69b4000 ) Resident: 1 THREAD: 0xFCDFFB20 (0x141cb20) Cid: 8.18 CreateTime: 0x1c569df60590f40 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFCDFFB7C Contents: FF24343C:FF18181C Queue List: 0xFCDFF9B0:FCDFFEB0 WaitBlockList: 0xFCDFFB8C(141cb8c) PostBlockList: 0xFCDFFCE4:FCDFFCE4 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0838000 Stack Limit: 0xF0835000 Kernel Stack: 0xF0837D34(15bd000 c2e000 3d0f000 ) Resident: 1 THREAD: 0xFCDFF8A0 (0x141c8a0) Cid: 8.1c CreateTime: 0x1c569df60590f40 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFCDFF8FC Contents: FF28D07C:FF17779C Queue List: 0x8046AFE0:FCDFFC30 WaitBlockList: 0xFCDFF90C(141c90c) PostBlockList: 0xFCDFFA64:FCDFFA64 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF083C000 Stack Limit: 0xF0839000 Kernel Stack: 0xF083BD34(15e1000 3033000 2f59000 ) Resident: 1 THREAD: 0xFCDFF620 (0x141c620) Cid: 8.20 CreateTime: 0x1c569df60590f40 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 13 Base Priority: 12 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFCDFF67C Contents: FCD6407C:FF21DBDC Queue List: 0xFCDFF4B0:8046B01C WaitBlockList: 0xFCDFF68C(141c68c) PostBlockList: 0xFCDFF7E4:FCDFF7E4 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0840000 Stack Limit: 0xF083D000 Kernel Stack: 0xF083FD34(Paged< 0:1c0000> NA NA ) Resident: 0 THREAD: 0xFCDFF3A0 (0x141c3a0) Cid: 8.24 CreateTime: 0x1c569df60590f40 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 13 Base Priority: 12 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFCDFF3FC Contents: FF21107C:FF18D8DC Queue List: 0xFCDFE130:FCDFF730 WaitBlockList: 0xFCDFF40C(141c40c) PostBlockList: 0xFCDFF564:FCDFF564 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0844000 Stack Limit: 0xF0841000 Kernel Stack: 0xF0843D34(15c9000 6666000 6687000 ) Resident: 1 THREAD: 0xFCDFE020 (0x141b020) Cid: 8.28 CreateTime: 0x1c569df60590f40 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 12 Base Priority: 12 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFCDFE07C Contents: FF2212BC:FF23225C Queue List: 0xFF2272D0:FCDFF4B0 WaitBlockList: 0xFCDFE08C(141b08c) PostBlockList: 0xFCDFE1E4:FCDFE1E4 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0848000 Stack Limit: 0xF0845000 Kernel Stack: 0xF0847D34(Paged< 0:1c5000> NA NA ) Resident: 0 THREAD: 0xFCDFEDA0 (0x141bda0) Cid: 8.2c CreateTime: 0x1c569df60590f40 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 15 Base Priority: 15 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCDFEDFC Contents: FF13169C:FF2842BC Queue List: 0x8046B058:8046B058 WaitBlockList: 0xFCDFEE0C(141be0c) PostBlockList: 0xFCDFEF64:FCDFEF64 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF084C000 Stack Limit: 0xF0849000 Kernel Stack: 0xF084BD34(15d1000 15d0000 15cf000 ) Resident: 1 THREAD: 0xFCDFEB20 (0x141bb20) Cid: 8.30 CreateTime: 0x1c569df60590f40 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 14 Base Priority: 14 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCDFEB7C Contents: FCA2E67C:FCDFCDFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCDFEB8C(141bb8c) PostBlockList: 0xFCDFECE4:FCDFECE4 Queue: 0x00000000 Start Address: 0x804C27A2 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0850000 Stack Limit: 0xF084D000 Kernel Stack: 0xF084FCF8(15d5000 15d4000 15d3000 ) Resident: 1 THREAD: 0xFCDFD1E0 (0x141a1e0) Cid: 8.34 CreateTime: 0x1c569df605c1da0 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 18 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrVirtualMemory) UserMode Non-Alertable WaitListHead: 0xFCDFD23C Contents: FF12A8FC:FF21107C Queue List: 0x00000000:00000000 WaitBlockList: 0x80473370(473370) PostBlockList: 0xFCDFD3A4:FCDFD3A4 Queue: 0x00000000 Start Address: 0x80438A78 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0854000 Stack Limit: 0xF0851000 Kernel Stack: 0xF0853D20(15de000 3ffe000 3c79000 ) Resident: 1 THREAD: 0xFCDFC020 (0x1419020) Cid: 8.38 CreateTime: 0x1c569df605c1da0 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 17 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrFreePage) KernelMode Non-Alertable WaitListHead: 0xFCDFC07C Contents: 8047FCA8:FF12AB7C Queue List: 0x00000000:00000000 WaitBlockList: 0x804733A8(4733a8) PostBlockList: 0xFCDFC1E4:FCDFC1E4 Queue: 0x00000000 Start Address: 0x804ED709 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0858000 Stack Limit: 0xF0855000 Kernel Stack: 0xF0857CDC(1601000 1640000 15df000 ) Resident: 1 THREAD: 0xFCDFCDA0 (0x1419da0) Cid: 8.3c CreateTime: 0x1c569df605c1da0 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCDFCDFC Contents: FCDFEB7C:FCDFCB7C Queue List: 0x00000000:00000000 WaitBlockList: 0xF085BD40(15e4d40) PostBlockList: 0xFCDFCF64:FCDFCF64 Queue: 0x00000000 Start Address: 0x80461830 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF085C000 Stack Limit: 0xF0859000 Kernel Stack: 0xF085BCC0(15e4000 1603000 1602000 ) Resident: 1 THREAD: 0xFCDFCB20 (0x1419b20) Cid: 8.40 CreateTime: 0x1c569df605c1da0 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 23 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCDFCB7C Contents: FCDFCDFC:FCE00A3C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCDFCB8C(1419b8c) PostBlockList: 0xFCDFCCE4:FCDFCCE4 Queue: 0x00000000 Start Address: 0x8046192F \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0860000 Stack Limit: 0xF085D000 Kernel Stack: 0xF085FD40(15e7000 15e6000 15e5000 ) Resident: 1 THREAD: 0xFCDFC2E0 (0x14192e0) Cid: 8.44 CreateTime: 0x1c569df606b6580 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCDFC33C Contents: FCDF807C:8047FCA8 Queue List: 0x80474A40:80474A40 WaitBlockList: 0xFCDFC34C(141934c) PostBlockList: 0xFCDFC4A4:FCDFC4A4 Queue: 0x00000000 Start Address: 0x8041E013 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0864000 Stack Limit: 0xF0861000 Kernel Stack: 0xF0863D4C(18e1000 1940000 18bf000 ) Resident: 1 THREAD: 0xFCDF8020 (0x1415020) Cid: 8.48 CreateTime: 0x1c569df606b6580 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 17 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCDF807C Contents: FCD2D5BC:FCDFC33C Queue List: 0x80474A68:80474A68 WaitBlockList: 0xFCDF808C(141508c) PostBlockList: 0xFCDF81E4:FCDF81E4 Queue: 0x00000000 Start Address: 0x8041E013 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0868000 Stack Limit: 0xF0865000 Kernel Stack: 0xF0867D4C(18c5000 18c4000 18e3000 ) Resident: 1 THREAD: 0xFCDF3DA0 (0x1410da0) Cid: 8.4c CreateTime: 0x1c569df6089f540 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCDF3DFC Contents: FCCC49DC:FCD98C9C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA10E80(7d1ce80) PostBlockList: 0xFCDF3F64:FCDF3F64 Queue: 0x00000000 Start Address: 0xFCA0586A ACPI.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF086C000 Stack Limit: 0xF0869000 Kernel Stack: 0xF086BD1C(1a22000 1a21000 1a80000 ) Resident: 1 THREAD: 0xFCD30BC0 (0x134dbc0) Cid: 8.50 CreateTime: 0x1c569df608e8ad0 2005-06-05 15:00:56Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 17 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrVirtualMemory) KernelMode Non-Alertable WaitListHead: 0xFCD30C1C Contents: FCA274DC:FCD6407C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD30C2C(134dc2c) PostBlockList: 0xFCD30D84:FCD30D84 Queue: 0x00000000 Start Address: 0x8043BD41 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0870000 Stack Limit: 0xF086D000 Kernel Stack: 0xF086FD2C(1a14000 1a13000 1a12000 ) Resident: 1 THREAD: 0xFCD2D560 (0x134a560) Cid: 8.54 CreateTime: 0x1c569df60ff9eb0 2005-06-05 15:00:57Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCD2D5BC Contents: FCDB107C:FCDF807C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD2D5CC(134a5cc) PostBlockList: 0xFCD2D724:FCD2D724 Queue: 0x00000000 Start Address: 0xFC9A5C4E dmio.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0878000 Stack Limit: 0xF0875000 Kernel Stack: 0xF0877D3C(1b01000 1b60000 1adf000 ) Resident: 1 THREAD: 0xFCDA5020 (0x13c2020) Cid: 8.58 CreateTime: 0x1c569df63cdd0d0 2005-06-05 15:01:02Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCDA507C Contents: FF26765C:FCD8D47C Queue List: 0xFC91EB18:FC91EB18 WaitBlockList: 0xFCDA508C(13c208c) PostBlockList: 0xFCDA51E4:FCDA51E4 Queue: 0x00000000 Start Address: 0xFC91F218 NDIS.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF087C000 Stack Limit: 0xF0879000 Kernel Stack: 0xF087BD50(1b6a000 1b69000 1b68000 ) Resident: 1 THREAD: 0xFCDB1020 (0x13ce020) Cid: 8.5c CreateTime: 0x1c569df650eb630 2005-06-05 15:01:04Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCDB107C Contents: FCE002DC:FCD2D5BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCDB108C(13ce08c) PostBlockList: 0xFCDB11E4:FCDB11E4 Queue: 0x00000000 Start Address: 0xF04A2E66 \SystemRoot\System32\DRIVERS\Apfiltr.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08B0000 Stack Limit: 0xF08AD000 Kernel Stack: 0xF08AFD48(278e000 278d000 278c000 ) Resident: 1 THREAD: 0xFCD995A0 (0x13b65a0) Cid: 8.68 CreateTime: 0x1c569df6610f4e0 2005-06-05 15:01:06Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCD995FC Contents: FCD64B3C:FCA274DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD9960C(13b660c) PostBlockList: 0xFCD99764:FCD99764 Queue: 0x00000000 Start Address: 0xF04F1AF1 \SystemRoot\System32\DRIVERS\raspptp.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08C8000 Stack Limit: 0xF08C5000 Kernel Stack: 0xF08C7D20(291d000 293c000 28fb000 ) Resident: 1 THREAD: 0xFCD99320 (0x13b6320) Cid: 8.6c CreateTime: 0x1c569df6610f4e0 2005-06-05 15:01:06Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCD9937C Contents: FCD98C9C:FCE002DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD9938C(13b638c) PostBlockList: 0xFCD994E4:FCD994E4 Queue: 0x00000000 Start Address: 0xF04F1B76 \SystemRoot\System32\DRIVERS\raspptp.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08CC000 Stack Limit: 0xF08C9000 Kernel Stack: 0xF08CBD20(29c0000 293f000 291e000 ) Resident: 1 THREAD: 0xFCD98C40 (0x13b5c40) Cid: 8.70 CreateTime: 0x1c569df66127c10 2005-06-05 15:01:06Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCD98C9C Contents: FCDF3DFC:FCD9937C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD98CAC(13b5cac) PostBlockList: 0xFCD98E04:FCD98E04 Queue: 0x00000000 Start Address: 0xF07AB206 \SystemRoot\System32\DRIVERS\SonyiNet.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08D0000 Stack Limit: 0xF08CD000 Kernel Stack: 0xF08CFC7C(2964000 2983000 2982000 ) Resident: 1 THREAD: 0xFCCC4980 (0x12e1980) Cid: 8.60 CreateTime: 0x1c569df680f5580 2005-06-05 15:01:09Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCCC49DC Contents: FCCC475C:FCDF3DFC Queue List: 0xFCCC4D48:FCCC4D48 WaitBlockList: 0xFCCC49EC(12e19ec) PostBlockList: 0xFCCC4B44:FCCC4B44 Queue: 0x00000000 Start Address: 0xF8389CCC \SystemRoot\System32\Drivers\UdfReadr.SYS Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08C0000 Stack Limit: 0xF08BD000 Kernel Stack: 0xF08BFCF8(2937000 2936000 2915000 ) Resident: 1 THREAD: 0xFCCC4700 (0x12e1700) Cid: 8.64 CreateTime: 0x1c569df680f5580 2005-06-05 15:01:09Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCCC475C Contents: FCD8D07C:FCCC49DC Queue List: 0xFCCC4C70:FCCC4C70 WaitBlockList: 0xFCCC476C(12e176c) PostBlockList: 0xFCCC48C4:FCCC48C4 Queue: 0x00000000 Start Address: 0xF8389CCC \SystemRoot\System32\Drivers\UdfReadr.SYS Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08C4000 Stack Limit: 0xF08C1000 Kernel Stack: 0xF08C3CF8(291a000 2939000 2938000 ) Resident: 1 THREAD: 0xFCD8D020 (0x13aa020) Cid: 8.74 CreateTime: 0x1c569df680f5580 2005-06-05 15:01:09Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCD8D07C Contents: FCD8D47C:FCCC475C Queue List: 0xFCCC4CDC:FCCC4CDC WaitBlockList: 0xFCD8D08C(13aa08c) PostBlockList: 0xFCD8D1E4:FCD8D1E4 Queue: 0x00000000 Start Address: 0xF8389CCC \SystemRoot\System32\Drivers\UdfReadr.SYS Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08E0000 Stack Limit: 0xF08DD000 Kernel Stack: 0xF08DFCF8(2a84000 2aa3000 2aa2000 ) Resident: 1 THREAD: 0xFCD8D420 (0x13aa420) Cid: 8.78 CreateTime: 0x1c569df6810dcb0 2005-06-05 15:01:09Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCD8D47C Contents: FCDA507C:FCD8D07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD8D48C(13aa48c) PostBlockList: 0xFCD8D5E4:FCD8D5E4 Queue: 0x00000000 Start Address: 0xF0922D8E \SystemRoot\System32\DRIVERS\rasacd.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08E4000 Stack Limit: 0xF08E1000 Kernel Stack: 0xF08E3D38(2a8b000 2a6a000 2a69000 ) Resident: 1 THREAD: 0xFCD67DA0 (0x1384da0) Cid: 8.80 CreateTime: 0x1c569df682332f0 2005-06-05 15:01:09Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCD67DFC Contents: FF28299C:FF1E85BC Queue List: 0xFCD6D8CC:FCD6D8CC WaitBlockList: 0xFCD67E0C(1384e0c) PostBlockList: 0xFCD67F64:FCD67F64 Queue: 0x00000000 Start Address: 0xF82AAC0F \SystemRoot\System32\DRIVERS\rdbss.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08EC000 Stack Limit: 0xF08E9000 Kernel Stack: 0xF08EBCF4(2b32000 2b51000 2b50000 ) Resident: 1 THREAD: 0xFCD67B20 (0x1384b20) Cid: 8.7c CreateTime: 0x1c569df682332f0 2005-06-05 15:01:09Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCD67B7C Contents: FF1A59BC:FF16F6FC Queue List: 0xFCD6D7EC:FCD6D7EC WaitBlockList: 0xFCD67B8C(1384b8c) PostBlockList: 0xFCD67CE4:FCD67CE4 Queue: 0x00000000 Start Address: 0xF82AAC0F \SystemRoot\System32\DRIVERS\rdbss.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08E8000 Stack Limit: 0xF08E5000 Kernel Stack: 0xF08E7CF4(2b2f000 2b2e000 2b2d000 ) Resident: 1 THREAD: 0xFCC84020 (0x12a1020) Cid: 8.84 CreateTime: 0x1c569df682332f0 2005-06-05 15:01:09Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) KernelMode Non-Alertable WaitListHead: 0xFCC8407C Contents: FF13907C:FF16F9BC Queue List: 0xFCD6D85C:FCD6D85C WaitBlockList: 0xFCC8408C(12a108c) PostBlockList: 0xFCC841E4:FCC841E4 Queue: 0x00000000 Start Address: 0xF82AAC0F \SystemRoot\System32\DRIVERS\rdbss.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08F4000 Stack Limit: 0xF08F1000 Kernel Stack: 0xF08F3CF4(2c29000 2c48000 2c47000 ) Resident: 1 THREAD: 0xFCC84DA0 (0x12a1da0) Cid: 8.88 CreateTime: 0x1c569df682332f0 2005-06-05 15:01:09Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFCC84DFC Contents: FF1A807C:FF27581C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCC84E0C(12a1e0c) PostBlockList: 0xFCC84F64:FCC84F64 Queue: 0x00000000 Start Address: 0xF82A24BC \SystemRoot\System32\DRIVERS\rdbss.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08F8000 Stack Limit: 0xF08F5000 Kernel Stack: 0xF08F7D38(2c4c000 2c4b000 2c2a000 ) Resident: 1 THREAD: 0xFCD64020 (0x1381020) Cid: 8.90 CreateTime: 0x1c569df7e454e30 2005-06-05 15:01:46Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCD6407C Contents: FCD30C1C:FCDFF67C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD6408C(138108c) PostBlockList: 0xFCD641E4:FCD641E4 Queue: 0x00000000 Start Address: 0x8050EC01 \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0900000 Stack Limit: 0xF08FD000 Kernel Stack: 0xF08FFA18(Paged< 0:497000> NA NA ) Resident: 0 THREAD: 0xFF2271C0 (0x4ff51c0) Cid: 8.284 CreateTime: 0x1c569df9874f9c0 2005-06-05 15:02:30Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 12 Base Priority: 12 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF22721C Contents: FF24811C:FF13407C Queue List: 0x8046B01C:FCDFE130 WaitBlockList: 0xFF22722C(4ff522c) PostBlockList: 0xFF227384:FF227384 Queue: 0x00000000 Start Address: 0x80418A7C \WINNT\System32\ntoskrnl.exe Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FC1000 Stack Limit: 0xF7FBE000 Kernel Stack: 0xF7FC0D34(4434000 NA NA ) Resident: 0 THREAD: 0xFF221260 (0x47bc260) Cid: 8.294 CreateTime: 0x1c569df98a8ee20 2005-06-05 15:02:30Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF2212BC Contents: FF21DBDC:FCDFE07C Queue List: 0xFF221DC4:FF221DC4 WaitBlockList: 0xFF2212CC(47bc2cc) PostBlockList: 0xFF221424:FF221424 Queue: 0x00000000 Start Address: 0xF7C80116 \SystemRoot\System32\DRIVERS\srv.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FB5000 Stack Limit: 0xF7FB2000 Kernel Stack: 0xF7FB4D3C(Paged< 0:1c3000> NA NA ) Resident: 0 THREAD: 0xFF21DB80 (0x6623b80) Cid: 8.29c CreateTime: 0x1c569df98aa7550 2005-06-05 15:02:30Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF21DBDC Contents: FCDFF67C:FF2212BC Queue List: 0xF7C7EE54:F7C7EE54 WaitBlockList: 0xFF21DBEC(6623bec) PostBlockList: 0xFF21DD44:FF21DD44 Queue: 0x00000000 Start Address: 0xF7C80116 \SystemRoot\System32\DRIVERS\srv.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF80F3000 Stack Limit: 0xF80F0000 Kernel Stack: 0xF80F2D3C(Paged< 0:1c2000> NA NA ) Resident: 0 THREAD: 0xFF12ADA0 (0x4932da0) Cid: 8.48c CreateTime: 0x1c569dfcc664b60 2005-06-05 15:03:57Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 24 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFF12ADFC Contents: FF28E07C:FF1FC07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF12AE0C(4932e0c) PostBlockList: 0xFF12AF64:FF12AF64 Queue: 0x00000000 Start Address: 0xF7D07346 \SystemRoot\system32\drivers\kmixer.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7D53000 Stack Limit: 0xF7D50000 Kernel Stack: 0xF7D52D40(1beb000 3adc000 2d32000 ) Resident: 1 THREAD: 0xFF12AB20 (0x4932b20) Cid: 8.498 CreateTime: 0x1c569dfcc7284e0 2005-06-05 15:03:57Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCE00C60 System Priority: 24 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) KernelMode Non-Alertable WaitListHead: 0xFF12AB7C Contents: 8047FCA8:FCDFFDFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF12AB8C(4932b8c) PostBlockList: 0xFF12ACE4:FF12ACE4 Queue: 0x00000000 Start Address: 0xF7D07346 \SystemRoot\system32\drivers\kmixer.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7791000 Stack Limit: 0xF778E000 Kernel Stack: 0xF7790D40(246d000 763b000 7bd8000 ) Resident: 1 + 98 smss.exe Source: from_active_process_list Eprocess Block: 0xFCD64D60 (0x1381d44) CreateTime: 0x1c569df7e46d560 2005-06-05 15:01:46Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x4464000 Process Environment Block: 0x7FFDF000 (441b000) Loader module block: 0x00161E90 (441b00c) Command Line: \SystemRoot\System32\smss.exe Section: 0xE131C390 (0x1a65390) Section Base Address: 0x48580000 (4483000) SectionBasedAddress: 0x2E90CC38 ) SizeOfSegment: 0xe000 SectionFileName: \WINNT\System32\smss.exe 0xe130ed08 (0x1a37d08) Handle Table: 0xFCC83628 (0x12a0628) Count: 33 TableCode: 0xE13D2000 Process exiting: 0 VAD Root: 0xFCC858C8(12a28c8) Private: 46 Modified: 1 Locked: 0 AccessToken: 0xE13C5CF0(2cf2cf0) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,433e} ParentToken ID: {0,0} Modified ID: {0,4921} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege 0x48580000 0x4858E000 (4483000) smss.exe \SystemRoot\System32\smss.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001106A0 BaseDllName address: 0x00161F10 FullDllName physical address: 445f6a0 BaseDllName physical address: 4491f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00161F80 BaseDllName address: 0x00161FA4 FullDllName physical address: 4491f80 BaseDllName physical address: 4491fa4 0x68010000 0x68106000 (5839000) sfcfiles.dll C:\WINNT\System32\sfcfiles.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00163AE0 BaseDllName address: 0x00163B28 FullDllName physical address: 4492ae0 BaseDllName physical address: 4492b28 Thread List Head: 0xFCD64DB0 THREAD: 0xFCD64AE0 (0x1381ae0) Cid: 98.94 CreateTime: 0x1c569df7e46d560 2005-06-05 15:01:46Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(44a1000) ThreadsProcess: 0xFCD64D60 smss.exe Priority: 13 Base Priority: 11 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFCD64B3C Contents: FCD6485C:FCD995FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD64B4C(1381b4c) PostBlockList: 0xFCD64CA4:FCD64CA4 Queue: 0x00000000 Start Address: 0x48589586 \SystemRoot\System32\smss.exe Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0884000 Stack Limit: 0xF0881000 Kernel Stack: 0xF0883930(Paged< 0:5fc000> NA NA ) Resident: 0 User stack base: 0x00160000(44e0000 NA NA ) User stack Limit: 0x0015D000 THREAD: 0xFCD64800 (0x1381800) Cid: 98.9c CreateTime: 0x1c569df7e4e7950 2005-06-05 15:01:46Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(44a7000) ThreadsProcess: 0xFCD64D60 smss.exe Priority: 12 Base Priority: 11 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCD6485C Contents: FCD645BC:FCD64B3C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD6486C(138186c) PostBlockList: 0xFCD649C4:FCD649C4 Queue: 0x00000000 Start Address: 0x48587ED6 \SystemRoot\System32\smss.exe Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0888000 Stack Limit: 0xF0885000 Kernel Stack: 0xF0887C5C(Paged< 0:5fb000> NA NA ) Resident: 0 User stack base: 0x002A0000(44c6000 NA NA ) User stack Limit: 0x0029D000 THREAD: 0xFCD64560 (0x1381560) Cid: 98.a0 CreateTime: 0x1c569df7e4e7950 2005-06-05 15:01:46Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(4489000) ThreadsProcess: 0xFCD64D60 smss.exe Priority: 13 Base Priority: 11 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCD645BC Contents: FCD5C07C:FCD6485C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD645CC(13815cc) PostBlockList: 0xFCD64724:FCD64724 Queue: 0x00000000 Start Address: 0x48587ED6 \SystemRoot\System32\smss.exe LPC Server thread working on message Id 0x5 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF088C000 Stack Limit: 0xF0889000 Kernel Stack: 0xF088BC5C(Paged< 0:5fa000> NA NA ) Resident: 0 User stack base: 0x002E0000(44a8000 NA NA ) User stack Limit: 0x002DD000 THREAD: 0xFCD5C020 (0x1379020) Cid: 98.a8 CreateTime: 0x1c569df915c17d0 2005-06-05 15:02:18Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(6911000) ThreadsProcess: 0xFCD64D60 smss.exe Priority: 13 Base Priority: 11 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCD5C07C Contents: FCD5C3DC:FCD645BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD5C08C(137908c) PostBlockList: 0xFCD5C1E4:FCD5C1E4 Queue: 0x00000000 Start Address: 0x48582F0F \SystemRoot\System32\smss.exe Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF0894000 Stack Limit: 0xF0891000 Kernel Stack: 0xF0893C5C(Paged< 0:5f9000> NA NA ) Resident: 0 User stack base: 0x00330000(6910000 NA NA ) User stack Limit: 0x0032D000 THREAD: 0xFCD5C380 (0x1379380) Cid: 98.a4 CreateTime: 0x1c569df915c17d0 2005-06-05 15:02:18Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(68d3000) ThreadsProcess: 0xFCD64D60 smss.exe Priority: 12 Base Priority: 11 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCD5C3DC Contents: FCC6207C:FCD5C07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCD5C3EC(13793ec) PostBlockList: 0xFCD5C544:FCD5C544 Queue: 0x00000000 Start Address: 0x48582CA4 \SystemRoot\System32\smss.exe LPC Server thread working on message Id 0x2 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xFC7AB000 Stack Limit: 0xFC7A8000 Kernel Stack: 0xFC7AAC5C(Paged< 0:5f8000> NA NA ) Resident: 0 User stack base: 0x00370000(68d2000 NA NA ) User stack Limit: 0x0036D000 THREAD: 0xFCC62020 (0x127f020) Cid: 98.ac CreateTime: 0x1c569df915c17d0 2005-06-05 15:02:18Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(68d5000) ThreadsProcess: 0xFCD64D60 smss.exe Priority: 13 Base Priority: 11 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCC6207C Contents: FCC5A55C:FCD5C3DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCC6208C(127f08c) PostBlockList: 0xFCC621E4:FCC621E4 Queue: 0x00000000 Start Address: 0x77F9992F C:\WINNT\System32\ntdll.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xFC7A7000 Stack Limit: 0xFC7A4000 Kernel Stack: 0xFC7A6C5C(Paged< 0:5f7000> NA NA ) Resident: 0 User stack base: 0x003B0000(68f4000 NA NA ) User stack Limit: 0x003AD000 + b4 csrss.exe Source: from_active_process_list Eprocess Block: 0xFCC62B00 (0x127fae4) CreateTime: 0x1c569df915d9f00 2005-06-05 15:02:18Z SecurityDescriptor: 0xE1D39478(689e478) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x20c79;;;SY) Session: 0x0 DirectoryTableBase: 0x68b8000 Process Environment Block: 0x7FFDF000 (68f9000) Loader module block: 0x00161E90 (68f900c) Command Line: C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 Section: 0xE130DBB0 (0x1a30bb0) Section Base Address: 0x5FFF0000 (68f7000) SectionBasedAddress: 0x2EBF1C30 ) SizeOfSegment: 0x4000 SectionFileName: \WINNT\system32\csrss.exe 0xe12cbfc8 (0x1942fc8) Handle Table: 0xFCC63CE8 (0x1280ce8) Count: 321 TableCode: 0xE1D3C000 Process exiting: 0 VAD Root: 0xFCD8D688(13aa688) Private: 157 Modified: 456 Locked: 0 AccessToken: 0xE1D3B030(68b9030) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,492b} ParentToken ID: {0,0} Modified ID: {0,4921} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege 0x5FFF0000 0x5FFF4000 (68f7000) csrss.exe \??\C:\WINNT\system32\csrss.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00110524 BaseDllName address: 0x00161F10 FullDllName physical address: 68dd524 BaseDllName physical address: 6982f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x44004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00161F80 BaseDllName address: 0x00161FA4 FullDllName physical address: 6982f80 BaseDllName physical address: 6982fa4 0x5FF90000 0x5FF9C000 (68c4000) CSRSRV.dll C:\WINNT\system32\CSRSRV.dll Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00162418 BaseDllName address: 0x001623F8 FullDllName physical address: 6903418 BaseDllName physical address: 69033f8 0x5FFA0000 0x5FFAC000 (6950000) basesrv.dll C:\WINNT\system32\basesrv.dll Flags: 0x4004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00162D40 BaseDllName address: 0x00162D20 FullDllName physical address: 6903d40 BaseDllName physical address: 6903d20 0x5FFB0000 0x5FFF0000 (691e000) winsrv.dll C:\WINNT\system32\winsrv.dll Flags: 0x4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00162F80 BaseDllName address: 0x00162F60 FullDllName physical address: 6903f80 BaseDllName physical address: 6903f60 0x77E10000 0x77E74000 (5a02000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00163038 BaseDllName address: 0x00163018 FullDllName physical address: 691d038 BaseDllName physical address: 691d018 0x77E80000 0x77F35000 (58b4000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x001630F8 BaseDllName address: 0x001630D0 FullDllName physical address: 691d0f8 BaseDllName physical address: 691d0d0 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00162B70 BaseDllName address: 0x00163190 FullDllName physical address: 6903b70 BaseDllName physical address: 691d190 Thread List Head: 0xFCC62B50 THREAD: 0xFCC5A500 (0x1277500) Cid: b4.b8 CreateTime: 0x1c569df91eec9d0 2005-06-05 15:02:19Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(75e5000) ThreadsProcess: 0xFCC62B00 csrss.exe Priority: 14 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1E6D328 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFCC5A55C Contents: FCA36CFC:FCC6207C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCC5A56C(127756c) PostBlockList: 0xE1EB56D0:E1D646F0 Queue: 0x00000000 Start Address: 0x5FFB28FE C:\WINNT\system32\winsrv.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8654000 Stack Limit: 0xF8651000 Kernel Stack: 0xF8653930(Paged< 0:5f6000> NA NA ) Resident: 0 User stack base: 0x003C0000(7584000 NA NA NA NA NA ) User stack Limit: 0x003BA000 THREAD: 0xFCA371A0 (0x10541a0) Cid: b4.bc CreateTime: 0x1c569df91fc8a80 2005-06-05 15:02:19Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(75b1000) ThreadsProcess: 0xFCC62B00 csrss.exe Priority: 14 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1DC2B68 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCA371FC Contents: FF24F07C:FF1EDA3C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA3720C(105420c) PostBlockList: 0xFCA37364:FCA37364 Queue: 0x00000000 Start Address: 0x5FF93E25 C:\WINNT\system32\CSRSRV.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF05D0000 Stack Limit: 0xF05CD000 Kernel Stack: 0xF05CFC5C(757c000 NA NA ) Resident: 0 User stack base: 0x00410000(7590000 bfa000 NA NA ) User stack Limit: 0x0040C000 THREAD: 0xFCA36CA0 (0x1053ca0) Cid: b4.c0 CreateTime: 0x1c569df9202a740 2005-06-05 15:02:19Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(7594000) ThreadsProcess: 0xFCC62B00 csrss.exe Priority: 14 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCA36CFC Contents: FCA369BC:FCC5A55C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA36D0C(1053d0c) PostBlockList: 0xFCA36E64:FCA36E64 Queue: 0x00000000 Start Address: 0x77F9992F C:\WINNT\System32\ntdll.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08B8000 Stack Limit: 0xF08B5000 Kernel Stack: 0xF08B7C5C(Paged< 0:5f5000> NA NA ) Resident: 0 User stack base: 0x00530000(75b3000 NA NA NA ) User stack Limit: 0x0052C000 THREAD: 0xFCA36960 (0x1053960) Cid: b4.c4 CreateTime: 0x1c569df9202a740 2005-06-05 15:02:19Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(75d6000) ThreadsProcess: 0xFCC62B00 csrss.exe Priority: 15 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCA369BC Contents: FF21B07C:FCA36CFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA369CC(10539cc) PostBlockList: 0xFCA36B24:FCA36B24 Queue: 0x00000000 Start Address: 0x5FF937D6 C:\WINNT\system32\CSRSRV.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08D4000 Stack Limit: 0xF08D1000 Kernel Stack: 0xF08D3C5C(Paged< 0:5f4000> NA NA ) Resident: 0 User stack base: 0x00570000(75b5000 NA NA NA ) User stack Limit: 0x0056C000 THREAD: 0xFCA33D60 (0x1050d60) Cid: b4.c8 CreateTime: 0x1c569df9228daf0 2005-06-05 15:02:20Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(7678000) ThreadsProcess: 0xFCC62B00 csrss.exe Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1DCE948 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFCA33DBC Contents: FF28807C:FF24F07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA33DCC(1050dcc) PostBlockList: 0xFCA33F24:FCA33F24 Queue: 0x00000000 Start Address: 0x5FF93E25 C:\WINNT\system32\CSRSRV.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF05E0000 Stack Limit: 0xF05DD000 Kernel Stack: 0xF05DFC5C(76bd000 NA NA ) Resident: 0 User stack base: 0x005C0000(76b7000 978000 NA NA ) User stack Limit: 0x005BC000 THREAD: 0xFCA2E620 (0x104b620) Cid: b4.cc CreateTime: 0x1c569df92879890 2005-06-05 15:02:20Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCC62B00 csrss.exe Priority: 19 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1DF82C8 Wait:(WrUserRequest) KernelMode Alertable WaitListHead: 0xFCA2E67C Contents: FF12AB7C:FCDFC07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA31A08(104ea08) PostBlockList: 0xFCA2E7E4:FCA2E7E4 Queue: 0x00000000 Start Address: 0xA000A3A0 \??\C:\WINNT\system32\win32k.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08FC000 Stack Limit: 0xF08F9000 Kernel Stack: 0xF08FBAF0(2cef000 2cee000 2ced000 ) Resident: 1 THREAD: 0xFCA2D020 (0x104a020) Cid: b4.d0 CreateTime: 0x1c569df92879890 2005-06-05 15:02:20Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCC62B00 csrss.exe Priority: 16 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1DFD8E8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFCA2D07C Contents: FF13E07C:FF18507C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA2E088(104b088) PostBlockList: 0xFCA2D1E4:FCA2D1E4 Queue: 0x00000000 Start Address: 0xA0009EC3 \??\C:\WINNT\system32\win32k.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08DC000 Stack Limit: 0xF08D9000 Kernel Stack: 0xF08DBC68(765a000 NA NA ) Resident: 0 THREAD: 0xFCA27480 (0x1044480) Cid: b4.f4 CreateTime: 0x1c569df92e4cf00 2005-06-05 15:02:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCC62B00 csrss.exe Priority: 16 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1E25AC8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFCA274DC Contents: FCD995FC:FCD30C1C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA27388(1044388) PostBlockList: 0xFCA27644:FCA27644 Queue: 0x00000000 Start Address: 0xA0009EC3 \??\C:\WINNT\system32\win32k.sys Kernel Thread: Yes Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8353000 Stack Limit: 0xF8350000 Kernel Stack: 0xF8352C68(Paged< 0:5e3000> NA NA ) Resident: 0 THREAD: 0xFF24F020 (0x7ac020) Cid: b4.20c CreateTime: 0x1c569df96241500 2005-06-05 15:02:26Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(4fb6000) ThreadsProcess: 0xFCC62B00 csrss.exe Priority: 14 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1E9FC28 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF24F07C Contents: FCA33DBC:FCA371FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF24F08C(7ac08c) PostBlockList: 0xFF24F1E4:FF24F1E4 Queue: 0x00000000 Start Address: 0x5FF93E25 C:\WINNT\system32\CSRSRV.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8053000 Stack Limit: 0xF8050000 Kernel Stack: 0xF8052C5C(499c000 NA NA ) Resident: 1 User stack base: 0x00AF0000(4c15000 2ac4000 NA NA ) User stack Limit: 0x00AEC000 THREAD: 0xFF1817C0 (0x40607c0) Cid: b4.404 CreateTime: 0x1c569dfa4236bb0 2005-06-05 15:02:50Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD8000(3fde000) ThreadsProcess: 0xFCC62B00 csrss.exe Priority: 15 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE2075EA8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF18181C Contents: FF15957C:FF1A051C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18182C(406082c) PostBlockList: 0xFF181984:FF181984 Queue: 0x00000000 Start Address: 0x5FFB341A C:\WINNT\system32\winsrv.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7BE3000 Stack Limit: 0xF7BDE000 Kernel Stack: 0xF7BE2C20(4041000 29ed000 3c2e000 82f000 4503000 ) Resident: 1 User stack base: 0x00E00000(3fda000 4134000 NA NA ) User stack Limit: 0x00DFC000 + b0 winlogon.exe Source: from_active_process_list Eprocess Block: 0xFCA36620 (0x1053604) CreateTime: 0x1c569df92042e70 2005-06-05 15:02:19Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x75bd000 Process Environment Block: 0x7FFDF000 (75b2000) Loader module block: 0x00071E90 (75b200c) Command Line: winlogon.exe Section: 0xE132DFD0 (0x1a8afd0) Section Base Address: 0x01000000 (75bc000) SectionBasedAddress: 0x2E9DAC20 ) SizeOfSegment: 0x2d000 SectionFileName: \WINNT\system32\winlogon.exe 0xe1dc6de8 (0x7600de8) Handle Table: 0xFCC61008 (0x127e008) Count: 352 TableCode: 0xE1DCA000 Process exiting: 0 VAD Root: 0xFF28E748(7b2d748) Private: 828 Modified: 793 Locked: 0 AccessToken: 0xE1DC9A50(75eba50) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,4aaf} ParentToken ID: {0,0} Modified ID: {0,d8ab} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege Enabled 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled 0x01000000 0x0102D000 (75bc000) winlogon.exe \??\C:\WINNT\system32\winlogon.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00020524 BaseDllName address: 0x00071F10 FullDllName physical address: 75f6524 BaseDllName physical address: 75fbf10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F88 BaseDllName address: 0x00071FAC FullDllName physical address: 75fbf88 BaseDllName physical address: 75fbfac 0x78000000 0x78046000 (59bc000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072420 BaseDllName address: 0x00072400 FullDllName physical address: 75dc420 BaseDllName physical address: 75dc400 0x77E80000 0x77F35000 (58b4000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724E0 BaseDllName address: 0x000724B8 FullDllName physical address: 75dc4e0 BaseDllName physical address: 75dc4b8 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000725B8 BaseDllName address: 0x00072590 FullDllName physical address: 75dc5b8 BaseDllName physical address: 75dc590 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072670 BaseDllName address: 0x00072650 FullDllName physical address: 75dc670 BaseDllName physical address: 75dc650 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072728 BaseDllName address: 0x00072708 FullDllName physical address: 75dc728 BaseDllName physical address: 75dc708 0x77E10000 0x77E74000 (5a02000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000727D8 BaseDllName address: 0x000727B8 FullDllName physical address: 75dc7d8 BaseDllName physical address: 75dc7b8 0x77C10000 0x77C6D000 (1) USERENV.DLL C:\WINNT\system32\USERENV.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072890 BaseDllName address: 0x00072870 FullDllName physical address: 75dc890 BaseDllName physical address: 75dc870 0x769A0000 0x769A7000 (1) NDDEAPI.DLL C:\WINNT\system32\NDDEAPI.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072C18 BaseDllName address: 0x00072BF8 FullDllName physical address: 75dcc18 BaseDllName physical address: 75dcbf8 0x76980000 0x7699B000 (1) SFC.DLL C:\WINNT\system32\SFC.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072CB0 BaseDllName address: 0x00072578 FullDllName physical address: 75dccb0 BaseDllName physical address: 75dc578 0x68010000 0x68106000 (1) sfcfiles.dll C:\WINNT\system32\sfcfiles.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072E10 BaseDllName address: 0x00072DE8 FullDllName physical address: 75dce10 BaseDllName physical address: 75dcde8 0x77BE0000 0x77BEF000 (75fa000) SECUR32.DLL C:\WINNT\system32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072EC8 BaseDllName address: 0x00072EA8 FullDllName physical address: 75dcec8 BaseDllName physical address: 75dcea8 0x690F0000 0x690FB000 (1) PROFMAP.DLL C:\WINNT\system32\PROFMAP.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072F80 BaseDllName address: 0x00072F60 FullDllName physical address: 75dcf80 BaseDllName physical address: 75dcf60 0x75170000 0x751BF000 (7646000) NETAPI32.dll C:\WINNT\system32\NETAPI32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073058 BaseDllName address: 0x00073030 FullDllName physical address: 761e058 BaseDllName physical address: 761e030 0x751C0000 0x751C6000 (1) NETRAP.DLL C:\WINNT\system32\NETRAP.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073110 BaseDllName address: 0x000730F0 FullDllName physical address: 761e110 BaseDllName physical address: 761e0f0 0x75150000 0x7515F000 (1) SAMLIB.DLL C:\WINNT\system32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000731C8 BaseDllName address: 0x000731A8 FullDllName physical address: 761e1c8 BaseDllName physical address: 761e1a8 0x75030000 0x75044000 (1) WS2_32.DLL C:\WINNT\system32\WS2_32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073280 BaseDllName address: 0x00073260 FullDllName physical address: 761e280 BaseDllName physical address: 761e260 0x75020000 0x75028000 (1) WS2HELP.DLL C:\WINNT\system32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073338 BaseDllName address: 0x00073318 FullDllName physical address: 761e338 BaseDllName physical address: 761e318 0x77950000 0x77979000 (1) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000733F0 BaseDllName address: 0x000733D0 FullDllName physical address: 761e3f0 BaseDllName physical address: 761e3d0 0x77980000 0x779A4000 (1) DNSAPI.DLL C:\WINNT\system32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000734A8 BaseDllName address: 0x00073488 FullDllName physical address: 761e4a8 BaseDllName physical address: 761e488 0x75050000 0x75058000 (1) WSOCK32.DLL C:\WINNT\system32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073560 BaseDllName address: 0x00073540 FullDllName physical address: 761e560 BaseDllName physical address: 761e540 0x67D80000 0x67DD4000 (1) msgina.dll C:\WINNT\system32\msgina.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0007C558 BaseDllName address: 0x0007C538 FullDllName physical address: 7962558 BaseDllName physical address: 7962538 0x69800000 0x69A42000 (1) SHELL32.DLL C:\WINNT\system32\SHELL32.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007C610 BaseDllName address: 0x0007C5F0 FullDllName physical address: 7962610 BaseDllName physical address: 79625f0 0x77C70000 0x77CBA000 (1) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0007C6C8 BaseDllName address: 0x0007C6A8 FullDllName physical address: 79626c8 BaseDllName physical address: 79626a8 0x77B50000 0x77BD9000 (1) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x0007C788 BaseDllName address: 0x0007C760 FullDllName physical address: 7962788 BaseDllName physical address: 7962760 0x77570000 0x775A0000 (7cd4000) WINMM.dll C:\WINNT\system32\WINMM.dll Flags: 0xc4004 LoadCount: 0xa TlsIndex: 0 FullDllName virtual address: 0x0007CB20 BaseDllName address: 0x0007DBD0 FullDllName physical address: 7962b20 BaseDllName physical address: 7ce2bd0 0x77880000 0x7790D000 (1) setupapi.dll C:\WINNT\system32\setupapi.dll Flags: 0x84004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007CB60 BaseDllName address: 0x0007DD40 FullDllName physical address: 7962b60 BaseDllName physical address: 7ce2d40 0x76930000 0x7695B000 (4a55000) wintrust.dll C:\WINNT\system32\wintrust.dll Flags: 0xc4004 LoadCount: 0x38 TlsIndex: 0 FullDllName virtual address: 0x000EB548 BaseDllName address: 0x000EB520 FullDllName physical address: 496a548 BaseDllName physical address: 496a520 0x77440000 0x774B8000 (7a94000) CRYPT32.dll C:\WINNT\system32\CRYPT32.dll Flags: 0x84006 LoadCount: 0x3b TlsIndex: 0 FullDllName virtual address: 0x000EB6B0 BaseDllName address: 0x000EB690 FullDllName physical address: 496a6b0 BaseDllName physical address: 496a690 0x77430000 0x77440000 (796c000) MSASN1.DLL C:\WINNT\system32\MSASN1.DLL Flags: 0xc4006 LoadCount: 0x73 TlsIndex: 0 FullDllName virtual address: 0x000EB768 BaseDllName address: 0x000EB748 FullDllName physical address: 496a768 BaseDllName physical address: 496a748 0x77920000 0x77942000 (58e3000) IMAGEHLP.dll C:\WINNT\system32\IMAGEHLP.dll Flags: 0xc4006 LoadCount: 0x38 TlsIndex: 0 FullDllName virtual address: 0x000EE640 BaseDllName address: 0x000EB7B0 FullDllName physical address: 4d73640 BaseDllName physical address: 496a7b0 0x77A50000 0x77B45000 (58c9000) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84006 LoadCount: 0x3d TlsIndex: 0 FullDllName virtual address: 0x000EE6F8 BaseDllName address: 0x000EE6D8 FullDllName physical address: 4d736f8 BaseDllName physical address: 4d736d8 0x76A00000 0x76A05000 (1) mscat32.dll C:\WINNT\system32\mscat32.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000F2880 BaseDllName address: 0x000EE788 FullDllName physical address: 4e10880 BaseDllName physical address: 4d73788 0x7CA00000 0x7CA23000 (1) rsaenh.dll C:\WINNT\system32\rsaenh.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000F38D0 BaseDllName address: 0x000F2E70 FullDllName physical address: 57e08d0 BaseDllName physical address: 4e10e70 0x77560000 0x77569000 (1) wdmaud.drv C:\WINNT\system32\wdmaud.drv Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0008DAF0 BaseDllName address: 0x0008DBF8 FullDllName physical address: 3aeaf0 BaseDllName physical address: 3aebf8 0x77820000 0x77827000 (1) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000FAB10 BaseDllName address: 0x00152640 FullDllName physical address: 4cebb10 BaseDllName physical address: 6418640 0x759B0000 0x759B6000 (1) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000F99B0 BaseDllName address: 0x00152620 FullDllName physical address: 650a9b0 BaseDllName physical address: 6418620 0x770C0000 0x770E3000 (1) cscdll.dll C:\WINNT\system32\cscdll.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000F2AC8 BaseDllName address: 0x001525C0 FullDllName physical address: 4e10ac8 BaseDllName physical address: 64185c0 0x76920000 0x7692F000 (1) WlNotify.dll C:\WINNT\system32\WlNotify.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000F6658 BaseDllName address: 0x000F2A80 FullDllName physical address: 57f1658 BaseDllName physical address: 4e10a80 0x76960000 0x76977000 (1) WINSCARD.DLL C:\WINNT\system32\WINSCARD.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013AB08 BaseDllName address: 0x000F6980 FullDllName physical address: 2920b08 BaseDllName physical address: 57f1980 0x77800000 0x7781D000 (1) WINSPOOL.DRV C:\WINNT\system32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013B670 BaseDllName address: 0x000FF328 FullDllName physical address: 4601670 BaseDllName physical address: 4fd0328 0x77840000 0x7787C000 (1) cscui.dll C:\WINNT\system32\cscui.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00141780 BaseDllName address: 0x000F71A0 FullDllName physical address: 607780 BaseDllName physical address: 29161a0 0x779B0000 0x77A45000 (58fa000) OLEAUT32.DLL C:\WINNT\system32\OLEAUT32.DLL Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013EAC8 BaseDllName address: 0x0010EEE0 FullDllName physical address: 4fa4ac8 BaseDllName physical address: 4b58ee0 0x691D0000 0x69255000 (1) CLBCATQ.DLL C:\WINNT\System32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013FDE8 BaseDllName address: 0x00151FE8 FullDllName physical address: 4dc5de8 BaseDllName physical address: 7bcfe8 0x77400000 0x77408000 (2cff000) msacm32.drv C:\WINNT\system32\msacm32.drv Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0013E988 BaseDllName address: 0x00152028 FullDllName physical address: 4fa4988 BaseDllName physical address: 6418028 0x77410000 0x77423000 (2d13000) MSACM32.dll C:\WINNT\system32\MSACM32.dll Flags: 0x84006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0013FC30 BaseDllName address: 0x001520E8 FullDllName physical address: 4dc5c30 BaseDllName physical address: 64180e8 0x4D100000 0x4D11A000 (7bbc000) msv1_0.dll C:\WINNT\system32\msv1_0.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001402B0 BaseDllName address: 0x00151BB0 FullDllName physical address: 7862b0 BaseDllName physical address: 7bcbb0 Thread List Head: 0xFCA36670 THREAD: 0xFCA363A0 (0x10533a0) Cid: b0.8c CreateTime: 0x1c569df92042e70 2005-06-05 15:02:19Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(75b8000) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 15 Base Priority: 15 Priority decrement: 0 Win32Thread: 0xE1DCD808 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFCA363FC Contents: FF18507C:FCA2C67C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA3640C(105340c) PostBlockList: 0xFCA36564:FCA36564 Queue: 0x00000000 Start Address: 0x01001674 \??\C:\WINNT\system32\winlogon.exe Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF05F0000 Stack Limit: 0xF05ED000 Kernel Stack: 0xF05EFCC8(7700000 NA NA ) Resident: 0 User stack base: 0x00070000(75f7000 765e000 Paged< 0:3ad000> Paged< 0:3b3000> Paged< 0:3b4000> ) User stack Limit: 0x0006B000 THREAD: 0xFCA2C620 (0x1049620) Cid: b0.d8 CreateTime: 0x1c569df92a192c0 2005-06-05 15:02:20Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(7904000) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Alertable WaitListHead: 0xFCA2C67C Contents: FCA363FC:FF12E8FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA2C6D4(10496d4) PostBlockList: 0xFCA2C7E4:FCA2C7E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77F828B5 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF835B000 Stack Limit: 0xF8358000 Kernel Stack: 0xF835ACC4(7925000 NA NA ) Resident: 0 User stack base: 0x00740000(78c6000 NA ) User stack Limit: 0x0073E000 THREAD: 0xFCA2B020 (0x1048020) Cid: b0.dc CreateTime: 0x1c569df92a936b0 2005-06-05 15:02:20Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(7961000) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 14 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFCA2B07C Contents: FF1ED73C:FF24811C Queue List: 0xFCA2C040:FCA2C040 WaitBlockList: 0xFCA2B08C(104808c) PostBlockList: 0xFCA2B1E4:FCA2B1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8357000 Stack Limit: 0xF8354000 Kernel Stack: 0xF8356C90(78cb000 NA NA ) Resident: 0 User stack base: 0x00790000(7924000 NA ) User stack Limit: 0x0078E000 THREAD: 0xFCA2B560 (0x1048560) Cid: b0.e8 CreateTime: 0x1c569df92ac4510 2005-06-05 15:02:20Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(7929000) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 14 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFCA2B5BC Contents: FF2285BC:FF111B7C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF12A648(4932648) PostBlockList: 0xE1E66170:E1E8B1D0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77F96528 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF834F000 Stack Limit: 0xF834C000 Kernel Stack: 0xF834E930(7937000 NA NA ) Resident: 0 User stack base: 0x007D0000(Paged< 0:1e0000> 790b000 ) User stack Limit: 0x007CE000 THREAD: 0xFF28E020 (0x7b2d020) Cid: b0.108 CreateTime: 0x1c569df9318c360 2005-06-05 15:02:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(7bba000) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 15 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1E389C8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF28E07C Contents: FF188DFC:FF12ADFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28E08C(7b2d08c) PostBlockList: 0xFF28E1E4:FF28E1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x010043B1 \??\C:\WINNT\system32\winlogon.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF0620000 Stack Limit: 0xF061D000 Kernel Stack: 0xF061FC20(Paged< 0:99d000> NA NA ) Resident: 0 User stack base: 0x00810000(7afc000 NA ) User stack Limit: 0x0080E000 Impersonating: true ImpersonationInfo: 0xE12B19E8(19fc9e8) ImpersonationLevel: SecurityImpersonation EffectiveOnly: false ImpersonationToken: 0xE1F6C4B0(25cf4b0) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityImpersonation TokenType: TokenImpersonation Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,d30d} ParentToken ID: {0,0} Modified ID: {0,cf31} SessionID: 0 TokenInUse: No Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege THREAD: 0xFF28A1E0 (0xfc41e0) Cid: b0.118 CreateTime: 0x1c569df936cceb0 2005-06-05 15:02:22Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(884000) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 15 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1E4C6E8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF28A23C Contents: FF1DB8BC:FF1EF3BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28A24C(fc424c) PostBlockList: 0xFF28A3A4:FF28A3A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77571388 C:\WINNT\system32\WINMM.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF0650000 Stack Limit: 0xF064D000 Kernel Stack: 0xF064FC20(9a8000 NA NA ) Resident: 0 User stack base: 0x00980000(8a5000 Paged< 0:1e8000> Paged< 0:207000> ) User stack Limit: 0x0097D000 THREAD: 0xFF24D420 (0x766420) Cid: b0.290 CreateTime: 0x1c569df9899a640 2005-06-05 15:02:30Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD5000(45d7000) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1EC7B48 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF24D47C Contents: FF18ADFC:FF25007C Queue List: 0xFF24D800:FF24D800 WaitBlockList: 0xFF24D48C(76648c) PostBlockList: 0xFF24D5E4:FF24D5E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77F961B4 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7F1A000 Stack Limit: 0xF7F17000 Kernel Stack: 0xF7F19C90(274e000 NA NA ) Resident: 0 User stack base: 0x01260000(4f18000 27a5000 27f1000 ) User stack Limit: 0x0125D000 THREAD: 0xFF21B020 (0x4ec9020) Cid: b0.2a8 CreateTime: 0x1c569df98b9bd30 2005-06-05 15:02:31Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD4000(0) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 15 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF21B07C Contents: FF1E343C:FCA369BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF21B08C(4ec908c) PostBlockList: 0xFF21B1E4:FF21B1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77C16AC5 C:\WINNT\system32\USERENV.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7EE2000 Stack Limit: 0xF7EDF000 Kernel Stack: 0xF7EE1930(Paged< 0:5f2000> NA NA ) Resident: 0 THREAD: 0xFF1E33E0 (0x4a4a3e0) Cid: b0.2f8 CreateTime: 0x1c569df9ad6ad90 2005-06-05 15:02:34Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAE000(0) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 15 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF1E343C Contents: FF1DC9DC:FF21B07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1E344C(4a4a44c) PostBlockList: 0xFF1E35A4:FF1E35A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x769841A8 C:\WINNT\system32\SFC.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7D4B000 Stack Limit: 0xF7D48000 Kernel Stack: 0xF7D4A930(Paged< 0:5f1000> NA NA ) Resident: 0 THREAD: 0xFF1DC980 (0x1da7980) Cid: b0.2fc CreateTime: 0x1c569df9ad834c0 2005-06-05 15:02:34Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAD000(1dac000) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 15 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF1DC9DC Contents: FF1D531C:FF1E343C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF156008(1973008) PostBlockList: 0xFF1DCB44:FF1DCB44 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x7698402E C:\WINNT\system32\SFC.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7D43000 Stack Limit: 0xF7D40000 Kernel Stack: 0xF7D42930(Paged< 0:5f0000> NA NA ) Resident: 0 User stack base: 0x01460000(1dad000 NA ) User stack Limit: 0x0145E000 THREAD: 0xFF1D52C0 (0x22202c0) Cid: b0.310 CreateTime: 0x1c569df9ce45610 2005-06-05 15:02:38Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAC000(0) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 3 Base Priority: 1 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1D531C Contents: FF1D067C:FF1DC9DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1D532C(222032c) PostBlockList: 0xFF1D5484:FF1D5484 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77C12395 C:\WINNT\system32\USERENV.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FE9000 Stack Limit: 0xF7FE6000 Kernel Stack: 0xF7FE8930(Paged< 0:60a000> NA NA ) Resident: 0 THREAD: 0xFF217580 (0x53ca580) Cid: b0.210 CreateTime: 0x1c569df9ce76470 2005-06-05 15:02:38Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD7000(2442000) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0xE1FEAD08 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF2175DC Contents: FCC8407C:FF28F07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1D6908(202e908) PostBlockList: 0xFF217744:FF217744 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x010054D9 \??\C:\WINNT\system32\winlogon.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7D93000 Stack Limit: 0xF7D90000 Kernel Stack: 0xF7D92930(2831000 NA NA ) Resident: 0 User stack base: 0x01520000(242c000 NA ) User stack Limit: 0x0151E000 THREAD: 0xFF1EF360 (0x4c48360) Cid: b0.314 CreateTime: 0x1c569df9cebfa00 2005-06-05 15:02:38Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAB000(2478000) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 11 Base Priority: 11 Priority decrement: 0 Win32Thread: 0xE1D465C8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1EF3BC Contents: FF232ABC:FF287B1C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1EF3CC(4c483cc) PostBlockList: 0xFF1EF524:FF1EF524 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x770C2EF5 C:\WINNT\system32\cscdll.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF80A3000 Stack Limit: 0xF80A0000 Kernel Stack: 0xF80A2CA0(2ea3000 NA NA ) Resident: 0 User stack base: 0x015A0000(24a4000 NA ) User stack Limit: 0x0159E000 THREAD: 0xFF1D3740 (0x2317740) Cid: b0.318 CreateTime: 0x1c569df9cf08f90 2005-06-05 15:02:38Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAA000(24b5000) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 15 Base Priority: 15 Priority decrement: 0 Win32Thread: 0xE1368408 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF1D379C Contents: FF22C27C:FF22CCFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1D37AC(23177ac) PostBlockList: 0xFF1D3904:FF1D3904 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77575BB9 C:\WINNT\system32\WINMM.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7D73000 Stack Limit: 0xF7D70000 Kernel Stack: 0xF7D72C20(24b9000 NA NA ) Resident: 0 User stack base: 0x015E0000(24b6000 Paged< 0:3ac000> ) User stack Limit: 0x015DE000 THREAD: 0xFF1D08A0 (0x22ff8a0) Cid: b0.31c CreateTime: 0x1c569df9eb974a0 2005-06-05 15:02:41Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA9000(0) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 3 Base Priority: 1 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1D08FC Contents: FF1FC07C:FF14D07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1D090C(22ff90c) PostBlockList: 0xFF1D0A64:FF1D0A64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77C12395 C:\WINNT\system32\USERENV.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FE1000 Stack Limit: 0xF7FDE000 Kernel Stack: 0xF7FE0930(Paged< 0:650000> NA NA ) Resident: 0 THREAD: 0xFF1D0620 (0x22ff620) Cid: b0.320 CreateTime: 0x1c569df9ec5ae20 2005-06-05 15:02:41Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD8000(0) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 15 Base Priority: 15 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1D067C Contents: FF27E07C:FF1D531C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1D068C(22ff68c) PostBlockList: 0xFF1D07E4:FF1D07E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77562BDF C:\WINNT\system32\wdmaud.drv Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7CD2000 Stack Limit: 0xF7CCF000 Kernel Stack: 0xF7CD1930(Paged< 0:609000> NA NA ) Resident: 0 THREAD: 0xFF1CE3C0 (0x27043c0) Cid: b0.32c CreateTime: 0x1c569df9ed67d30 2005-06-05 15:02:41Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA8000(270d000) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 14 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1CE41C Contents: FF1898FC:FF233DBC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1CE42C(270442c) PostBlockList: 0xFF1CE584:FF1CE584 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7CBE000 Stack Limit: 0xF7CBB000 Kernel Stack: 0xF7CBDC48(33f3000 NA NA ) Resident: 0 User stack base: 0x01CB0000(2837000 NA ) User stack Limit: 0x01CAE000 THREAD: 0xFF142020 (0x422c020) Cid: b0.340 CreateTime: 0x1c569e1e81d69f0 2005-06-05 15:19:03Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD6000(0) ThreadsProcess: 0xFCA36620 winlogon.exe Priority: 13 Base Priority: 13 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF14207C Contents: FF285DFC:8047F6F8 Queue List: 0xFCA2C040:FCA2B130 WaitBlockList: 0xFF14208C(422c08c) PostBlockList: 0xFF1421E4:FF1421E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF76B1000 Stack Limit: 0xF76AE000 Kernel Stack: 0xF76B0C90(NA NA Paged< 0:297000> ) Resident: 1 + e4 services.exe Source: from_active_process_list Eprocess Block: 0xFCA2BBC0 (0x1048ba4) CreateTime: 0x1c569df92ac4510 2005-06-05 15:02:20Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x7965000 Process Environment Block: 0x7FFDF000 (78eb000) Loader module block: 0x00071E90 (78eb00c) Command Line: C:\WINNT\system32\services.exe Section: 0xE1337270 (0x1aa5270) Section Base Address: 0x01000000 (7963000) SectionBasedAddress: 0x30F61420 ) SizeOfSegment: 0x18000 SectionFileName: \WINNT\system32\services.exe 0xe1dfcbe8 (0x77f5be8) Handle Table: 0xFCA2D348 (0x104a348) Count: 483 TableCode: 0xE1E22000 Process exiting: 0 VAD Root: 0xFCA25908(1042908) Private: 537 Modified: 10 Locked: 15 AccessToken: 0xE1E21030(788d030) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,4d37} ParentToken ID: {0,0} Modified ID: {0,6730} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled 0x01000000 0x01018000 (7963000) services.exe C:\WINNT\system32\services.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00071F10 FullDllName physical address: 782f57c BaseDllName physical address: 78b4f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F88 BaseDllName address: 0x00071FAC FullDllName physical address: 78b4f88 BaseDllName physical address: 78b4fac 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072420 BaseDllName address: 0x00072400 FullDllName physical address: 78d5420 BaseDllName physical address: 78d5400 0x77E80000 0x77F35000 (58b4000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724E0 BaseDllName address: 0x000724B8 FullDllName physical address: 78d54e0 BaseDllName physical address: 78d54b8 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000725A0 BaseDllName address: 0x00072578 FullDllName physical address: 78d55a0 BaseDllName physical address: 78d5578 0x75170000 0x751BF000 (7646000) NETAPI32.DLL C:\WINNT\system32\NETAPI32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072660 BaseDllName address: 0x00072638 FullDllName physical address: 78d5660 BaseDllName physical address: 78d5638 0x78000000 0x78046000 (59bc000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072A40 BaseDllName address: 0x00072A20 FullDllName physical address: 78d5a40 BaseDllName physical address: 78d5a20 0x77BE0000 0x77BEF000 (75fa000) SECUR32.DLL C:\WINNT\system32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072B10 BaseDllName address: 0x00072AF0 FullDllName physical address: 78d5b10 BaseDllName physical address: 78d5af0 0x751C0000 0x751C6000 (7688000) NETRAP.DLL C:\WINNT\system32\NETRAP.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072BC8 BaseDllName address: 0x00072BA8 FullDllName physical address: 78d5bc8 BaseDllName physical address: 78d5ba8 0x75150000 0x7515F000 (767b000) SAMLIB.DLL C:\WINNT\system32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072C80 BaseDllName address: 0x00072C60 FullDllName physical address: 78d5c80 BaseDllName physical address: 78d5c60 0x75030000 0x75044000 (76c5000) WS2_32.DLL C:\WINNT\system32\WS2_32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072D38 BaseDllName address: 0x00072D18 FullDllName physical address: 78d5d38 BaseDllName physical address: 78d5d18 0x75020000 0x75028000 (7666000) WS2HELP.DLL C:\WINNT\system32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072DF0 BaseDllName address: 0x00072DD0 FullDllName physical address: 78d5df0 BaseDllName physical address: 78d5dd0 0x77950000 0x77979000 (5989000) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072EA8 BaseDllName address: 0x00072E88 FullDllName physical address: 78d5ea8 BaseDllName physical address: 78d5e88 0x77980000 0x779A4000 (769b000) DNSAPI.DLL C:\WINNT\system32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072F60 BaseDllName address: 0x00072F40 FullDllName physical address: 78d5f60 BaseDllName physical address: 78d5f40 0x75050000 0x75058000 (765c000) WSOCK32.DLL C:\WINNT\system32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073018 BaseDllName address: 0x00072FF8 FullDllName physical address: 7969018 BaseDllName physical address: 7969000 0x77E10000 0x77E74000 (5a02000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000730D0 BaseDllName address: 0x000730B0 FullDllName physical address: 79690d0 BaseDllName physical address: 79690b0 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073188 BaseDllName address: 0x00073168 FullDllName physical address: 7969188 BaseDllName physical address: 7969168 0x767A0000 0x767B8000 (78ea000) UMPNPMGR.DLL C:\WINNT\system32\UMPNPMGR.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073240 BaseDllName address: 0x00073218 FullDllName physical address: 7969240 BaseDllName physical address: 7969218 0x77C10000 0x77C6D000 (7606000) USERENV.DLL C:\WINNT\system32\USERENV.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000732F8 BaseDllName address: 0x000732D8 FullDllName physical address: 79692f8 BaseDllName physical address: 79692d8 0x76810000 0x7684B000 (79a4000) SCESRV.DLL C:\WINNT\system32\SCESRV.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: -1 FullDllName virtual address: 0x000733B0 BaseDllName address: 0x00073390 FullDllName physical address: 79693b0 BaseDllName physical address: 7969390 0x77BF0000 0x77C01000 (7a16000) NTDSAPI.DLL C:\WINNT\system32\NTDSAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073468 BaseDllName address: 0x00073448 FullDllName physical address: 7969468 BaseDllName physical address: 7969448 0x76890000 0x7689E000 (bd7000) eventlog.dll C:\WINNT\system32\eventlog.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000926D0 BaseDllName address: 0x00093E40 FullDllName physical address: 98f6d0 BaseDllName physical address: 9d2e40 0x77360000 0x77379000 (b78000) dhcpcsvc.dll C:\WINNT\system32\dhcpcsvc.dll Flags: 0xc4004 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x00094A00 BaseDllName address: 0x000948D8 FullDllName physical address: bf3a00 BaseDllName physical address: bf38d8 0x77520000 0x77525000 (b2d000) ICMP.DLL C:\WINNT\system32\ICMP.DLL Flags: 0x84006 LoadCount: 0xd TlsIndex: 0 FullDllName virtual address: 0x00095338 BaseDllName address: 0x00094980 FullDllName physical address: c36338 BaseDllName physical address: bf3980 0x77340000 0x77353000 (b70000) IPHLPAPI.DLL C:\WINNT\system32\IPHLPAPI.DLL Flags: 0xc4006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x000952F0 BaseDllName address: 0x00094E28 FullDllName physical address: c362f0 BaseDllName physical address: bf3e28 0x77320000 0x77337000 (cbf000) MPRAPI.DLL C:\WINNT\system32\MPRAPI.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00095378 BaseDllName address: 0x00094C60 FullDllName physical address: c36378 BaseDllName physical address: bf3c60 0x77A50000 0x77B45000 (58c9000) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84006 LoadCount: 0x1c TlsIndex: 0 FullDllName virtual address: 0x000A0578 BaseDllName address: 0x000A0558 FullDllName physical address: aec578 BaseDllName physical address: aec558 0x779B0000 0x77A45000 (58fa000) OLEAUT32.DLL C:\WINNT\system32\OLEAUT32.DLL Flags: 0x84006 LoadCount: 0xd TlsIndex: 0 FullDllName virtual address: 0x000A0608 BaseDllName address: 0x00095248 FullDllName physical address: aec608 BaseDllName physical address: c36248 0x773B0000 0x773DE000 (bd8000) ACTIVEDS.DLL C:\WINNT\system32\ACTIVEDS.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x000A06A0 BaseDllName address: 0x000948B0 FullDllName physical address: aec6a0 BaseDllName physical address: bf38b0 0x77380000 0x773A2000 (b99000) ADSLDPC.DLL C:\WINNT\system32\ADSLDPC.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x000A0758 BaseDllName address: 0x000A0738 FullDllName physical address: aec758 BaseDllName physical address: aec738 0x77830000 0x7783E000 (bb2000) RTUTILS.DLL C:\WINNT\system32\RTUTILS.DLL Flags: 0xc4006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x000A0810 BaseDllName address: 0x000A07F0 FullDllName physical address: aec810 BaseDllName physical address: aec7f0 0x77880000 0x7790D000 (7ce6000) SETUPAPI.DLL C:\WINNT\system32\SETUPAPI.DLL Flags: 0x84006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x000A0858 BaseDllName address: 0x000A08F0 FullDllName physical address: aec858 BaseDllName physical address: aec8f0 0x774E0000 0x77512000 (b9d000) RASAPI32.DLL C:\WINNT\system32\RASAPI32.DLL Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x000A0990 BaseDllName address: 0x000A0968 FullDllName physical address: aec990 BaseDllName physical address: aec968 0x774C0000 0x774D1000 (c0e000) RASMAN.DLL C:\WINNT\system32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x000A0A48 BaseDllName address: 0x000A0A28 FullDllName physical address: aeca48 BaseDllName physical address: aeca28 0x77530000 0x77552000 (bbc000) TAPI32.DLL C:\WINNT\system32\TAPI32.DLL Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x000A0B00 BaseDllName address: 0x000A0AE0 FullDllName physical address: aecb00 BaseDllName physical address: aecae0 0x77B50000 0x77BD9000 (59cb000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x000A0BC0 BaseDllName address: 0x000A0B98 FullDllName physical address: aecbc0 BaseDllName physical address: aecb98 0x77C70000 0x77CBA000 (59ba000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x000A0C78 BaseDllName address: 0x000A0C58 FullDllName physical address: aecc78 BaseDllName physical address: aecc58 0x691D0000 0x69255000 (d00000) CLBCATQ.DLL C:\WINNT\system32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A1E90 BaseDllName address: 0x000A1E70 FullDllName physical address: bfce90 BaseDllName physical address: bfce70 0x768A0000 0x768B9000 (cac000) dnsrslvr.dll C:\WINNT\system32\dnsrslvr.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A0D10 BaseDllName address: 0x000A2C68 FullDllName physical address: aecd10 BaseDllName physical address: c8ac68 0x76880000 0x76886000 (ced000) lmhsvc.dll C:\WINNT\system32\lmhsvc.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A1F28 BaseDllName address: 0x000A2C90 FullDllName physical address: bfcf28 BaseDllName physical address: c8ac90 0x65780000 0x6578C000 (d06000) WINSTA.DLL C:\WINNT\system32\WINSTA.DLL Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B00D0 BaseDllName address: 0x000AF728 FullDllName physical address: e1a0d0 BaseDllName physical address: f76728 0x768C0000 0x768C6000 (18d0000) dmserver.dll C:\WINNT\system32\dmserver.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B30E8 BaseDllName address: 0x000AF680 FullDllName physical address: e450e8 BaseDllName physical address: f76680 0x770B0000 0x770B7000 (2917000) CFGMGR32.DLL C:\WINNT\system32\CFGMGR32.DLL Flags: 0x4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B7928 BaseDllName address: 0x000B78D0 FullDllName physical address: 190f928 BaseDllName physical address: 190f8d0 0x767E0000 0x767F6000 (4afe000) Srvsvc.dll C:\WINNT\system32\Srvsvc.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BE728 BaseDllName address: 0x000BEC28 FullDllName physical address: 298f728 BaseDllName physical address: 298fc28 0x77800000 0x7781D000 (53a9000) WINSPOOL.DRV C:\WINNT\system32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BFB30 BaseDllName address: 0x000BE7A0 FullDllName physical address: 4a3db30 BaseDllName physical address: 298f7a0 0x76770000 0x7678A000 (5614000) wkssvc.dll C:\WINNT\system32\wkssvc.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C0498 BaseDllName address: 0x000BFBB0 FullDllName physical address: 4d61498 BaseDllName physical address: 4a3dbb0 0x76670000 0x7667E000 (790a000) CRYPTDLL.DLL C:\WINNT\system32\CRYPTDLL.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C2820 BaseDllName address: 0x000BFF20 FullDllName physical address: 56ce820 BaseDllName physical address: 4a3df20 0x768D0000 0x768E2000 (569f000) cryptsvc.dll C:\WINNT\system32\cryptsvc.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C28B0 BaseDllName address: 0x000C3958 FullDllName physical address: 56ce8b0 BaseDllName physical address: 5778958 0x76850000 0x7686F000 (56c6000) psbase.dll C:\WINNT\system32\psbase.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C2868 BaseDllName address: 0x000C2708 FullDllName physical address: 56ce868 BaseDllName physical address: 56ce708 0x7CA00000 0x7CA23000 (7cb0000) rsaenh.dll C:\WINNT\system32\rsaenh.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C4230 BaseDllName address: 0x000C42B0 FullDllName physical address: 5827230 BaseDllName physical address: 58272b0 0x77440000 0x774B8000 (7a94000) CRYPT32.dll C:\WINNT\system32\CRYPT32.dll Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C4708 BaseDllName address: 0x000C42E0 FullDllName physical address: 5827708 BaseDllName physical address: 58272e0 0x77430000 0x77440000 (796c000) MSASN1.DLL C:\WINNT\system32\MSASN1.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C47C0 BaseDllName address: 0x000C47A0 FullDllName physical address: 58277c0 BaseDllName physical address: 58277a0 0x76800000 0x76807000 (657d000) seclogon.dll C:\WINNT\system32\seclogon.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000CBFF0 BaseDllName address: 0x000CDBC8 FullDllName physical address: 471b000 BaseDllName physical address: 5fcbc8 0x767C0000 0x767D9000 (4e4c000) trkwks.dll C:\WINNT\system32\trkwks.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000CEDD8 BaseDllName address: 0x000CBC68 FullDllName physical address: 5109dd8 BaseDllName physical address: 206c68 0x70170000 0x7028A000 (4622000) ESENT.dll C:\WINNT\system32\ESENT.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C0860 BaseDllName address: 0x000CDDC0 FullDllName physical address: 4d61860 BaseDllName physical address: 5fcdc0 0x768F0000 0x768FF000 (52fc000) browser.dll C:\WINNT\system32\browser.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000E8A48 BaseDllName address: 0x000D9B70 FullDllName physical address: 4c4fa48 BaseDllName physical address: 455bb70 0x76870000 0x7687B000 (1c19000) msgsvc.dll C:\WINNT\system32\msgsvc.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000E9730 BaseDllName address: 0x000E7D80 FullDllName physical address: 1bff730 BaseDllName physical address: 690bd80 0x74FF0000 0x75002000 (e6b000) mswsock.dll C:\WINNT\system32\mswsock.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000EA748 BaseDllName address: 0x000EA120 FullDllName physical address: 1c7c748 BaseDllName physical address: 1c7c120 0x74FD0000 0x74FED000 (ee7000) msafd.dll C:\WINNT\system32\msafd.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000EF680 BaseDllName address: 0x000F0C20 FullDllName physical address: 1ca6680 BaseDllName physical address: 1b1cc20 0x75010000 0x75017000 (f54000) wshtcpip.dll C:\WINNT\System32\wshtcpip.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000E96E8 BaseDllName address: 0x000E7E00 FullDllName physical address: 1bff6e8 BaseDllName physical address: 690be00 0x78280000 0x7828C000 (361000) rnr20.dll C:\WINNT\System32\rnr20.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000E8DE0 BaseDllName address: 0x000E8E20 FullDllName physical address: 4c4fde0 BaseDllName physical address: 4c4fe20 0x777E0000 0x777E8000 (331000) winrnr.dll C:\WINNT\System32\winrnr.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000E8D98 BaseDllName address: 0x000F1E68 FullDllName physical address: 4c4fd98 BaseDllName physical address: 295ee68 0x777F0000 0x777F5000 (381000) rasadhlp.dll C:\WINNT\system32\rasadhlp.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000EA198 BaseDllName address: 0x000F1E40 FullDllName physical address: 1c7c198 BaseDllName physical address: 295ee40 0x76750000 0x76765000 (2291000) wmicore.dll C:\WINNT\system32\wmicore.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000D6148 BaseDllName address: 0x000E94D8 FullDllName physical address: 44ce148 BaseDllName physical address: 1bff4d8 Thread List Head: 0xFCA2BC10 THREAD: 0xFCA25500 (0x1042500) Cid: e4.fc CreateTime: 0x1c569df92f72540 2005-06-05 15:02:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(7a54000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFCA2555C Contents: FF13F07C:FF18C4FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1CFB28(22feb28) PostBlockList: 0xFCA256C4:FCA256C4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F96528 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8347000 Stack Limit: 0xF8344000 Kernel Stack: 0xF8346930(4731000 NA NA ) Resident: 0 User stack base: 0x00480000(7a95000 7b57000 ) User stack Limit: 0x0047E000 THREAD: 0xFF285DA0 (0x92eda0) Cid: e4.13c CreateTime: 0x1c569df93a9ee30 2005-06-05 15:02:22Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(938000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF285DFC Contents: FF1EF3BC:8047F6F8 Queue List: 0xFF232650:FF284EB0 WaitBlockList: 0xFF285E0C(92ee0c) PostBlockList: 0xFF285F64:FF285F64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL LPC Server thread working on message Id 0x49 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8216000 Stack Limit: 0xF8213000 Kernel Stack: 0xF8215C90(987000 NA NA ) Resident: 1 User stack base: 0x004E0000(8fb000 4c19000 570e000 4e4f000 ) User stack Limit: 0x004DC000 THREAD: 0xFF284DA0 (0xa93da0) Cid: e4.140 CreateTime: 0x1c569df93a9ee30 2005-06-05 15:02:22Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(8d9000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF284DFC Contents: FF287B1C:FF21985C Queue List: 0xFF285EB0:FF2882E0 WaitBlockList: 0xFF284E0C(a93e0c) PostBlockList: 0xFF284F64:FF284F64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8212000 Stack Limit: 0xF820F000 Kernel Stack: 0xF8211C90(8ec000 NA NA ) Resident: 0 User stack base: 0x00520000(93e000 19c4000 ) User stack Limit: 0x0051E000 THREAD: 0xFF284520 (0xa93520) Cid: e4.14c CreateTime: 0x1c569df93b31950 2005-06-05 15:02:22Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD8000(a29000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Alertable WaitListHead: 0xFF28457C Contents: FF27F07C:FF1CD7DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF2845D4(a935d4) PostBlockList: 0xFF2846E4:FF2846E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F828B5 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF089C000 Stack Limit: 0xF0899000 Kernel Stack: 0xF089BCC4(9e2000 NA NA ) Resident: 0 User stack base: 0x005F0000(92a000 NA ) User stack Limit: 0x005EE000 THREAD: 0xFF284260 (0xa93260) Cid: e4.150 CreateTime: 0x1c569df93b4a080 2005-06-05 15:02:22Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD7000(92c000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF2842BC Contents: FCDFEDFC:FF22C27C Queue List: 0xFF284D60:FF284D60 WaitBlockList: 0xFF2842CC(a932cc) PostBlockList: 0xE12F5A50:E12F5A50 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F961B4 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xFC79F000 Stack Limit: 0xFC79C000 Kernel Stack: 0xFC79EC90(9c5000 NA NA ) Resident: 0 User stack base: 0x00630000(94d000 NA ) User stack Limit: 0x0062E000 THREAD: 0xFF282940 (0x9de940) Cid: e4.158 CreateTime: 0x1c569df93babd40 2005-06-05 15:02:22Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD6000(9b0000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF28299C Contents: FF27FDFC:FCD67DFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF2829AC(9de9ac) PostBlockList: 0xFF282B04:FF282B04 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x01003C24 C:\WINNT\system32\services.exe Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xFC79B000 Stack Limit: 0xFC798000 Kernel Stack: 0xFC79ABFC(1f63000 NA NA ) Resident: 0 User stack base: 0x00670000(a31000 63c7000 49a8000 ) User stack Limit: 0x0066D000 THREAD: 0xFF280D20 (0xae5d20) Cid: e4.168 CreateTime: 0x1c569df93dde290 2005-06-05 15:02:22Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD4000(aad000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF280D7C Contents: FF278DFC:FF1A219C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF280D8C(ae5d8c) PostBlockList: 0xFF280EE4:FF280EE4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL LPC Server thread working on message Id 0xd01 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xFC78B000 Stack Limit: 0xFC788000 Kernel Stack: 0xFC78AC5C(5368000 NA NA ) Resident: 0 User stack base: 0x00760000(acf000 ) User stack Limit: 0x0075F000 THREAD: 0xFF27F020 (0xa06020) Cid: e4.16c CreateTime: 0x1c569df93dde290 2005-06-05 15:02:22Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAF000(b0e000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Alertable WaitListHead: 0xFF27F07C Contents: FF1CD07C:FF28457C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27F0D4(a060d4) PostBlockList: 0xE2115190:E12F5CD0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F81459 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08B4000 Stack Limit: 0xF08B1000 Kernel Stack: 0xF08B3CC4(aeb000 NA NA ) Resident: 0 User stack base: 0x007A0000(ad0000 4ef5000 ) User stack Limit: 0x0079E000 THREAD: 0xFF27FDA0 (0xa06da0) Cid: e4.15c CreateTime: 0x1c569df93ea1c10 2005-06-05 15:02:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD5000(cf3000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 11 Base Priority: 9 Priority decrement: 0 Win32Thread: 0xE1E6B008 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF27FDFC Contents: FF2477BC:FF28299C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF2827C8(9de7c8) PostBlockList: 0xE12F2DB0:E12F3BB0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF0680000 Stack Limit: 0xF067D000 Kernel Stack: 0xF067F930(b35000 NA NA ) Resident: 0 User stack base: 0x007E0000(cf7000 d9f000 da1000 da0000 de1000 d82000 d23000 d64000 da5000 ) User stack Limit: 0x007D7000 THREAD: 0xFF27E020 (0xaef020) Cid: e4.170 CreateTime: 0x1c569df93ea1c10 2005-06-05 15:02:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAE000(b15000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF27E07C Contents: FF27EDFC:FF1D067C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27E08C(aef08c) PostBlockList: 0xFF27E1E4:FF27E1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8133000 Stack Limit: 0xF8130000 Kernel Stack: 0xF8132CA0(Paged< 0:603000> NA NA ) Resident: 0 User stack base: 0x00820000(b19000 NA ) User stack Limit: 0x0081E000 THREAD: 0xFF27EDA0 (0xaefda0) Cid: e4.174 CreateTime: 0x1c569df93eba340 2005-06-05 15:02:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAD000(d36000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF27EDFC Contents: FF27B6BC:FF27E07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27EE0C(aefe0c) PostBlockList: 0xFF27EF64:FF27EF64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF812F000 Stack Limit: 0xF812C000 Kernel Stack: 0xF812E930(Paged< 0:602000> NA NA ) Resident: 0 User stack base: 0x00860000(bda000 NA ) User stack Limit: 0x0085E000 THREAD: 0xFF27B660 (0xeb3660) Cid: e4.178 CreateTime: 0x1c569df94569a60 2005-06-05 15:02:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAC000(f13000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 11 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF27B6BC Contents: FF27A4BC:FF27EDFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1E4C68(4d3cc68) PostBlockList: 0xE1E79D10:E1E79D10 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x778321FE C:\WINNT\system32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xFC793000 Stack Limit: 0xFC790000 Kernel Stack: 0xFC792930(Paged< 0:601000> NA NA ) Resident: 0 User stack base: 0x00CC0000(cf5000 NA ) User stack Limit: 0x00CBE000 THREAD: 0xFF27A460 (0xcd9460) Cid: e4.17c CreateTime: 0x1c569df9465e240 2005-06-05 15:02:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAB000(d0c000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF27A4BC Contents: FF27833C:FF27B6BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27A4CC(cd94cc) PostBlockList: 0xFF27A624:FF27A624 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x768813C3 C:\WINNT\system32\lmhsvc.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF812B000 Stack Limit: 0xF8128000 Kernel Stack: 0xF812A930(Paged< 0:600000> NA NA ) Resident: 0 User stack base: 0x00D10000(d4d000 NA ) User stack Limit: 0x00D0E000 THREAD: 0xFF278DA0 (0xdfada0) Cid: e4.180 CreateTime: 0x1c569df946bff00 2005-06-05 15:02:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAA000(f93000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF278DFC Contents: FF1AF1DC:FF280D7C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF278E0C(dfae0c) PostBlockList: 0xFF278F64:FF278F64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77362272 C:\WINNT\system32\dhcpcsvc.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xFC7A3000 Stack Limit: 0xFC7A0000 Kernel Stack: 0xFC7A2930(3f92000 NA NA ) Resident: 0 User stack base: 0x00D60000(db4000 1c0e000 49c5000 59f1000 384d000 2365000 6f6000 a35000 cb6000 ) User stack Limit: 0x00D57000 THREAD: 0xFF2782E0 (0xdfa2e0) Cid: e4.184 CreateTime: 0x1c569df94709490 2005-06-05 15:02:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA9000(d1c000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF27833C Contents: FF2787BC:FF27A4BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27834C(dfa34c) PostBlockList: 0xFF2784A4:FF2784A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x768A2AB8 C:\WINNT\system32\dnsrslvr.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8123000 Stack Limit: 0xF8120000 Kernel Stack: 0xF8122930(Paged< 0:5fe000> NA NA ) Resident: 0 User stack base: 0x00DB0000(ebf000 NA ) User stack Limit: 0x00DAE000 THREAD: 0xFF278760 (0xdfa760) Cid: e4.188 CreateTime: 0x1c569df94721bc0 2005-06-05 15:02:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA8000(e81000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF2787BC Contents: FF2767FC:FF27833C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF2787CC(dfa7cc) PostBlockList: 0xFF278924:FF278924 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF811F000 Stack Limit: 0xF811C000 Kernel Stack: 0xF811ECA0(Paged< 0:5fd000> NA NA ) Resident: 0 User stack base: 0x00DF0000(e22000 NA ) User stack Limit: 0x00DEE000 THREAD: 0xFF276A60 (0xdcda60) Cid: e4.198 CreateTime: 0x1c569df94783880 2005-06-05 15:02:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA6000(316000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0xE1E90DE8 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF276ABC Contents: FF26C4BC:FF1313DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF276ACC(dcdacc) PostBlockList: 0xFF276C24:FF276C24 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x767A15D3 C:\WINNT\system32\UMPNPMGR.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8083000 Stack Limit: 0xF8080000 Kernel Stack: 0xF8082CC0(45af000 NA NA ) Resident: 0 User stack base: 0x00E70000(eff000 NA ) User stack Limit: 0x00E6E000 THREAD: 0xFF2767A0 (0xdcd7a0) Cid: e4.19c CreateTime: 0x1c569df94783880 2005-06-05 15:02:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA5000(fb7000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 11 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF2767FC Contents: FF25E9DC:FF2787BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27680C(dcd80c) PostBlockList: 0xFF276964:FF276964 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x767A1799 C:\WINNT\system32\UMPNPMGR.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF810F000 Stack Limit: 0xF810C000 Kernel Stack: 0xF810E930(Paged< 0:61d000> NA NA ) Resident: 0 User stack base: 0x00EB0000(e82000 e65000 ) User stack Limit: 0x00EAE000 THREAD: 0xFF25E980 (0x1d8980) Cid: e4.1e4 CreateTime: 0x1c569df94db8bb0 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA7000(22a000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF25E9DC Contents: FF23763C:FF2767FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF25E9EC(1d89ec) PostBlockList: 0xFF25EB44:FF25EB44 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8043000 Stack Limit: 0xF8040000 Kernel Stack: 0xF8042930(Paged< 0:61c000> NA NA ) Resident: 0 User stack base: 0x00EF0000(20e000 28d8000 1b39000 295a000 233b000 7d9000 45ba000 ) User stack Limit: 0x00EE9000 THREAD: 0xFF2480C0 (0x4b880c0) Cid: e4.208 CreateTime: 0x1c569df96241500 2005-06-05 15:02:26Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF0F000(4adb000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF24811C Contents: FF1ED73C:FF22721C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1533A8(1bcf3a8) PostBlockList: 0xE1E78AD0:E1E78AD0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL LPC Server thread working on message Id 0x15b Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8113000 Stack Limit: 0xF8110000 Kernel Stack: 0xF8112930(e14000 NA NA ) Resident: 0 User stack base: 0x00F30000(497c000 NA ) User stack Limit: 0x00F2E000 THREAD: 0xFF2375E0 (0x646c5e0) Cid: e4.250 CreateTime: 0x1c569df97063cc0 2005-06-05 15:02:28Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF0C000(78df000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF23763C Contents: FCA25BDC:FF25E9DC Queue List: 0xFF237EC0:FF237EC0 WaitBlockList: 0xFF23764C(646c64c) PostBlockList: 0xFF2377A4:FF2377A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FF1000 Stack Limit: 0xF7FEE000 Kernel Stack: 0xF7FF0C90(Paged< 0:61a000> NA NA ) Resident: 0 User stack base: 0x00FF0000(2ce9000 NA ) User stack Limit: 0x00FEE000 THREAD: 0xFF232540 (0x6c11540) Cid: e4.25c CreateTime: 0x1c569df972036f0 2005-06-05 15:02:28Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF0B000(3a5000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 11 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF23259C Contents: FF21985C:FF1FD07C Queue List: 0xFF228130:FF285EB0 WaitBlockList: 0xFF2325AC(6c115ac) PostBlockList: 0xFF232704:FF232704 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FED000 Stack Limit: 0xF7FEA000 Kernel Stack: 0xF7FECC90(53bc000 NA NA ) Resident: 0 User stack base: 0x006B0000(2967000 NA ) User stack Limit: 0x006AE000 THREAD: 0xFF228020 (0x4f13020) Cid: e4.2ac CreateTime: 0x1c569df98bfd9f0 2005-06-05 15:02:31Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF09000(5022000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 11 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF22807C Contents: FF2869DC:FF13A85C Queue List: 0xFF219910:FF232650 WaitBlockList: 0xFF22808C(4f1308c) PostBlockList: 0xFF2281E4:FF2281E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7EDE000 Stack Limit: 0xF7EDB000 Kernel Stack: 0xF7EDDC90(5130000 NA NA ) Resident: 0 User stack base: 0x01220000(1a23000 NA ) User stack Limit: 0x0121E000 THREAD: 0xFF219800 (0x4571800) Cid: e4.2b0 CreateTime: 0x1c569df98c2e850 2005-06-05 15:02:31Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF08000(5149000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF21985C Contents: FF284DFC:FF23259C Queue List: 0xFF2882E0:FF228130 WaitBlockList: 0xFF21986C(457186c) PostBlockList: 0xFF2199C4:FF2199C4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7EDA000 Stack Limit: 0xF7ED7000 Kernel Stack: 0xF7ED9C90(4d34000 NA NA ) Resident: 0 User stack base: 0x01260000(4e15000 23c9000 ) User stack Limit: 0x0125E000 THREAD: 0xFF1FD020 (0x4859020) Cid: e4.2ec CreateTime: 0x1c569df9a57d900 2005-06-05 15:02:33Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF02000(196c000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 11 Base Priority: 10 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF1FD07C Contents: FF23259C:FF192DFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1FD08C(485908c) PostBlockList: 0xE1F42A50:E1F42A50 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7D4F000 Stack Limit: 0xF7D4C000 Kernel Stack: 0xF7D4E930(7d2b000 NA NA ) Resident: 0 User stack base: 0x01790000(4c2e000 NA ) User stack Limit: 0x0178E000 THREAD: 0xFF1E8560 (0x1c6e560) Cid: e4.2f4 CreateTime: 0x1c569df9a91ea20 2005-06-05 15:02:34Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF00000(1c79000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 11 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF1E85BC Contents: FCD67DFC:FF1AF1DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1E85CC(1c6e5cc) PostBlockList: 0xFF1E8724:FF1E8724 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x7517B646 C:\WINNT\system32\NETAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7D47000 Stack Limit: 0xF7D44000 Kernel Stack: 0xF7D46930(979000 NA NA ) Resident: 0 User stack base: 0x01880000(1c8c000 NA ) User stack Limit: 0x0187E000 THREAD: 0xFF1DB860 (0x1dae860) Cid: e4.164 CreateTime: 0x1c569df9cdb2af0 2005-06-05 15:02:38Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(44cc000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 11 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1DB8BC Contents: FF1EDA3C:FF28A23C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1DB8CC(1dae8cc) PostBlockList: 0xFF1DBA24:FF1DBA24 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08A4000 Stack Limit: 0xF08A1000 Kernel Stack: 0xF08A3C48(b3f000 NA NA ) Resident: 0 User stack base: 0x01A40000(23d2000 NA ) User stack Limit: 0x01A3E000 THREAD: 0xFF13E020 (0x2160020) Cid: e4.418 CreateTime: 0x1c569dfca8988e0 2005-06-05 15:03:54Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(2aca000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF13E07C Contents: FF18307C:FF14207C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF13E08C(216008c) PostBlockList: 0xFF13E1E4:FF13E1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF820E000 Stack Limit: 0xF820B000 Kernel Stack: 0xF820DC48(974000 NA NA ) Resident: 1 User stack base: 0x01AC0000(58ab000 NA ) User stack Limit: 0x01ABE000 THREAD: 0xFF138020 (0x1de6020) Cid: e4.40c CreateTime: 0x1c569e12cb159a0 2005-06-05 15:13:48Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF0E000(fe9000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF13807C Contents: FF1EC8FC:FF24D47C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF13808C(1de608c) PostBlockList: 0xFF1381E4:FF1381E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77988D3F C:\WINNT\system32\DNSAPI.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FB9000 Stack Limit: 0xF7FB6000 Kernel Stack: 0xF7FB8930(7c3e000 NA NA ) Resident: 0 User stack base: 0x01B40000(5227000 NA ) User stack Limit: 0x01B3E000 THREAD: 0xFF1ED6E0 (0x48ca6e0) Cid: e4.2b4 CreateTime: 0x1c569e130292990 2005-06-05 15:13:54Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(77d9000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 11 Base Priority: 10 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1ED73C Contents: FF24D47C:FF24811C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1ED74C(48ca74c) PostBlockList: 0xFF1ED8A4:FF1ED8A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF77B5000 Stack Limit: 0xF77B2000 Kernel Stack: 0xF77B4C48(3c64000 NA NA ) Resident: 0 User stack base: 0x01B80000(369a000 NA ) User stack Limit: 0x01B7E000 THREAD: 0xFF192DA0 (0x3992da0) Cid: e4.278 CreateTime: 0x1c569e1302c37f0 2005-06-05 15:13:54Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF07000(2cd4000) ThreadsProcess: 0xFCA2BBC0 services.exe Priority: 11 Base Priority: 10 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF192DFC Contents: FF1FD07C:FF2869DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF192E0C(3992e0c) PostBlockList: 0xFF192F64:FF192F64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x768F2CA5 C:\WINNT\system32\browser.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7901000 Stack Limit: 0xF78FE000 Kernel Stack: 0xF7900930(76d4000 NA NA ) Resident: 0 User stack base: 0x01C00000(9fe000 NA ) User stack Limit: 0x01BFE000 + f0 lsass.exe Source: from_active_process_list Eprocess Block: 0xFCA2A500 (0x10474e4) CreateTime: 0x1c569df92adcc40 2005-06-05 15:02:20Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x78cd000 Process Environment Block: 0x7FFDF000 (78cc000) Loader module block: 0x00071E90 (78cc00c) Command Line: C:\WINNT\system32\lsass.exe Section: 0xE13380F0 (0x1aa60f0) Section Base Address: 0x01000000 () SectionBasedAddress: 0x30F77C30 ) SizeOfSegment: 0xa000 SectionFileName: \WINNT\system32\lsass.exe 0xe1363088 (0x22e5088) Handle Table: 0xFCA2A468 (0x1047468) Count: 266 TableCode: 0xE1E24000 Process exiting: 0 VAD Root: 0xFF289748(85e748) Private: 363 Modified: 626 Locked: 0 AccessToken: 0xE1E23E10(78d9e10) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,4d68} ParentToken ID: {0,0} Modified ID: {0,c04e} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege Enabled 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled 0x01000000 0x0100A000 (1) lsass.exe C:\WINNT\system32\lsass.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00071F10 FullDllName physical address: 78d057c BaseDllName physical address: 7915f10 0x77F80000 0x77FFA000 (1) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F80 BaseDllName address: 0x00071FA4 FullDllName physical address: 7915f80 BaseDllName physical address: 7915fa4 0x77E80000 0x77F35000 (1) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072420 BaseDllName address: 0x000723F8 FullDllName physical address: 79b6420 BaseDllName physical address: 79b63f8 0x50900000 0x5097E000 (1) LSASRV.dll C:\WINNT\system32\LSASRV.dll Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724D8 BaseDllName address: 0x000724B8 FullDllName physical address: 79b64d8 BaseDllName physical address: 79b64b8 0x78000000 0x78046000 (1) MSVCRT.dll C:\WINNT\system32\MSVCRT.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000728B8 BaseDllName address: 0x00072898 FullDllName physical address: 79b68b8 BaseDllName physical address: 79b6898 0x76670000 0x7667E000 (1) cryptdll.dll C:\WINNT\system32\cryptdll.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072990 BaseDllName address: 0x00072968 FullDllName physical address: 79b6990 BaseDllName physical address: 79b6968 0x77DB0000 0x77E0A000 (1) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072A50 BaseDllName address: 0x00072A28 FullDllName physical address: 79b6a50 BaseDllName physical address: 79b6a28 0x77D40000 0x77DB0000 (1) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072B08 BaseDllName address: 0x00072AE8 FullDllName physical address: 79b6b08 BaseDllName physical address: 79b6ae8 0x77BE0000 0x77BEF000 (1) Secur32.dll C:\WINNT\system32\Secur32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072BC0 BaseDllName address: 0x00072BA0 FullDllName physical address: 79b6bc0 BaseDllName physical address: 79b6ba0 0x77E10000 0x77E74000 (1) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072C78 BaseDllName address: 0x00072C58 FullDllName physical address: 79b6c78 BaseDllName physical address: 79b6c58 0x77F40000 0x77F7C000 (1) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072D30 BaseDllName address: 0x00072D10 FullDllName physical address: 79b6d30 BaseDllName physical address: 79b6d10 0x76450000 0x764AB000 (1) SAMSRV.dll C:\WINNT\system32\SAMSRV.dll Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072DE0 BaseDllName address: 0x00072DC0 FullDllName physical address: 79b6de0 BaseDllName physical address: 79b6dc0 0x77980000 0x779A4000 (1) DNSAPI.DLL C:\WINNT\system32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072E98 BaseDllName address: 0x00072E78 FullDllName physical address: 79b6e98 BaseDllName physical address: 79b6e78 0x75050000 0x75058000 (1) WSOCK32.DLL C:\WINNT\system32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072F50 BaseDllName address: 0x00072F30 FullDllName physical address: 79b6f50 BaseDllName physical address: 79b6f30 0x75030000 0x75044000 (1) WS2_32.DLL C:\WINNT\system32\WS2_32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073008 BaseDllName address: 0x00072FE8 FullDllName physical address: 794a008 BaseDllName physical address: 79b6fe8 0x75020000 0x75028000 (1) WS2HELP.DLL C:\WINNT\system32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000730C0 BaseDllName address: 0x000730A0 FullDllName physical address: 794a0c0 BaseDllName physical address: 794a0a0 0x77430000 0x77440000 (1) MSASN1.dll C:\WINNT\system32\MSASN1.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073178 BaseDllName address: 0x00073158 FullDllName physical address: 794a178 BaseDllName physical address: 794a158 0x75170000 0x751BF000 (1) NETAPI32.dll C:\WINNT\system32\NETAPI32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073238 BaseDllName address: 0x00073210 FullDllName physical address: 794a238 BaseDllName physical address: 794a210 0x751C0000 0x751C6000 (1) NETRAP.DLL C:\WINNT\system32\NETRAP.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000732F0 BaseDllName address: 0x000732D0 FullDllName physical address: 794a2f0 BaseDllName physical address: 794a2d0 0x75150000 0x7515F000 (1) SAMLIB.DLL C:\WINNT\system32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000733A8 BaseDllName address: 0x00073388 FullDllName physical address: 794a3a8 BaseDllName physical address: 794a388 0x77950000 0x77979000 (1) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073460 BaseDllName address: 0x00073440 FullDllName physical address: 794a460 BaseDllName physical address: 794a440 0x765E0000 0x765ED000 (1) msprivs.dll C:\WINNT\system32\msprivs.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00078EE8 BaseDllName address: 0x00078EC8 FullDllName physical address: 7aacee8 BaseDllName physical address: 7aacec8 0x45A00000 0x45A33000 (1) kerberos.dll C:\WINNT\system32\kerberos.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00078310 BaseDllName address: 0x0007CF20 FullDllName physical address: 7aac310 BaseDllName physical address: 7c1af20 0x4D100000 0x4D11A000 (1) msv1_0.dll C:\WINNT\system32\msv1_0.dll Flags: 0x4004 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x00080458 BaseDllName address: 0x00080CC8 FullDllName physical address: 7c7b458 BaseDllName physical address: 7c7bcc8 0x7CA00000 0x7CA23000 (1) rsaenh.dll C:\WINNT\system32\rsaenh.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00081080 BaseDllName address: 0x00081040 FullDllName physical address: 7c0f080 BaseDllName physical address: 7c0f040 0x77A50000 0x77B45000 (1) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84006 LoadCount: 0x19 TlsIndex: 0 FullDllName virtual address: 0x00080C88 BaseDllName address: 0x00081060 FullDllName physical address: 7c7bc88 BaseDllName physical address: 7c0f060 0x77C10000 0x77C6D000 (1) USERENV.dll C:\WINNT\system32\USERENV.dll Flags: 0xc4006 LoadCount: 0xb TlsIndex: 0 FullDllName virtual address: 0x00081138 BaseDllName address: 0x00081118 FullDllName physical address: 7c0f138 BaseDllName physical address: 7c0f118 0x77440000 0x774B8000 (1) CRYPT32.dll C:\WINNT\system32\CRYPT32.dll Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x000811F0 BaseDllName address: 0x000811D0 FullDllName physical address: 7c0f1f0 BaseDllName physical address: 7c0f1d0 0x76580000 0x765DA000 (1) netlogon.dll C:\WINNT\system32\netlogon.dll Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00087128 BaseDllName address: 0x00087100 FullDllName physical address: 949128 BaseDllName physical address: 949100 0x77BF0000 0x77C01000 (1) NTDSAPI.DLL C:\WINNT\system32\NTDSAPI.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00087190 BaseDllName address: 0x00087170 FullDllName physical address: 949190 BaseDllName physical address: 949170 0x58800000 0x58825000 (1) schannel.dll C:\WINNT\system32\schannel.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00087AE8 BaseDllName address: 0x000877C0 FullDllName physical address: 949ae8 BaseDllName physical address: 9497c0 0x00790000 0x007B3000 (1) rsabase.dll C:\WINNT\system32\rsabase.dll Flags: 0x2c4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00091AE0 BaseDllName address: 0x0008BBD8 FullDllName physical address: 8caae0 BaseDllName physical address: 981bd8 0x75090000 0x750A0000 (1) mpr.dll C:\WINNT\system32\mpr.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00090CC8 BaseDllName address: 0x0008C4F8 FullDllName physical address: 988cc8 BaseDllName physical address: 9254f8 0x77880000 0x7790D000 (1) setupapi.dll C:\WINNT\system32\setupapi.dll Flags: 0x84004 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x00093B10 BaseDllName address: 0x00093AE8 FullDllName physical address: a80b10 BaseDllName physical address: a80ae8 0x77B50000 0x77BD9000 (1) COMCTL32.dll C:\WINNT\system32\COMCTL32.dll Flags: 0xc4004 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00093BD0 BaseDllName address: 0x00093BA8 FullDllName physical address: a80bd0 BaseDllName physical address: a80ba8 0x76430000 0x7644C000 (1) scecli.dll C:\WINNT\system32\scecli.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00094320 BaseDllName address: 0x00096650 FullDllName physical address: a6f320 BaseDllName physical address: aac650 0x764E0000 0x764FE000 (1) polagent.dll C:\WINNT\system32\polagent.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00098D38 BaseDllName address: 0x0009BE38 FullDllName physical address: b8ed38 BaseDllName physical address: d56e38 0x76FB0000 0x770A2000 (1) <Paged: 0:6790f8> <Paged: 0:679020> Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00099020 BaseDllName address: 0x000990F8 FullDllName physical address: 679020 BaseDllName physical address: 6790f8 0x76500000 0x76577000 (1) OAKLEY.DLL <Paged: 0:6790b0> Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000990B0 BaseDllName address: 0x00097560 FullDllName physical address: 6790b0 BaseDllName physical address: ba3560 0x77340000 0x77353000 (1) IPHLPAPI.DLL C:\WINNT\system32\IPHLPAPI.DLL Flags: 0xc4006 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x0009C4A0 BaseDllName address: 0x0009BE88 FullDllName physical address: 4b3e4a0 BaseDllName physical address: d56e88 0x77520000 0x77525000 (1) ICMP.DLL C:\WINNT\system32\ICMP.DLL Flags: 0x84006 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x00094D60 BaseDllName address: 0x0009C5F0 FullDllName physical address: a6fd60 BaseDllName physical address: 4b3e5f0 0x77320000 0x77337000 (1) MPRAPI.DLL C:\WINNT\system32\MPRAPI.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0009C740 BaseDllName address: 0x0009C720 FullDllName physical address: 4b3e740 BaseDllName physical address: 4b3e720 0x779B0000 0x77A45000 (1) OLEAUT32.DLL C:\WINNT\system32\OLEAUT32.DLL Flags: 0x84006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x0009C800 BaseDllName address: 0x0009C7D8 FullDllName physical address: 4b3e800 BaseDllName physical address: 4b3e7d8 0x773B0000 0x773DE000 (1) ACTIVEDS.DLL C:\WINNT\system32\ACTIVEDS.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0009C8C0 BaseDllName address: 0x0009C898 FullDllName physical address: 4b3e8c0 BaseDllName physical address: 4b3e898 0x77380000 0x773A2000 (1) ADSLDPC.DLL C:\WINNT\system32\ADSLDPC.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0009C978 BaseDllName address: 0x0009C958 FullDllName physical address: 4b3e978 BaseDllName physical address: 4b3e958 0x77830000 0x7783E000 (1) RTUTILS.DLL C:\WINNT\system32\RTUTILS.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0009CA30 BaseDllName address: 0x0009CA10 FullDllName physical address: 4b3ea30 BaseDllName physical address: 4b3ea10 0x774E0000 0x77512000 (1) RASAPI32.DLL C:\WINNT\system32\RASAPI32.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0009CAF0 BaseDllName address: 0x0009CAC8 FullDllName physical address: 4b3eaf0 BaseDllName physical address: 4b3eac8 0x774C0000 0x774D1000 (1) RASMAN.DLL C:\WINNT\system32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0009CBA8 BaseDllName address: 0x0009CB88 FullDllName physical address: 4b3eba8 BaseDllName physical address: 4b3eb88 0x77530000 0x77552000 (1) TAPI32.DLL C:\WINNT\system32\TAPI32.DLL Flags: 0x84006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0009CC60 BaseDllName address: 0x0009CC40 FullDllName physical address: 4b3ec60 BaseDllName physical address: 4b3ec40 0x77C70000 0x77CBA000 (1) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0009CD18 BaseDllName address: 0x0009CCF8 FullDllName physical address: 4b3ed18 BaseDllName physical address: 4b3ecf8 0x77360000 0x77379000 (1) DHCPCSVC.DLL C:\WINNT\system32\DHCPCSVC.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0009CDD8 BaseDllName address: 0x0009CDB0 FullDllName physical address: 4b3edd8 BaseDllName physical address: 4b3edb0 0x5FD00000 0x5FD0D000 (1) MFC42LOC.DLL C:\WINNT\System32\MFC42LOC.DLL Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A18C8 BaseDllName address: 0x0009CEE0 FullDllName physical address: 575d8c8 BaseDllName physical address: 4b3eee0 0x691D0000 0x69255000 (1) CLBCATQ.DLL C:\WINNT\system32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A2B70 BaseDllName address: 0x0009CF30 FullDllName physical address: 64e5b70 BaseDllName physical address: 4b3ef30 0x74FD0000 0x74FED000 (1) msafd.dll C:\WINNT\system32\msafd.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000A5F98 BaseDllName address: 0x0009CF78 FullDllName physical address: 6483f98 BaseDllName physical address: 4b3ef78 0x75010000 0x75017000 (1) wshtcpip.dll C:\WINNT\System32\wshtcpip.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0009CE70 BaseDllName address: 0x000A6428 FullDllName physical address: 4b3ee70 BaseDllName physical address: 4fd7428 0x67400000 0x67427000 (1) dssenh.dll C:\WINNT\system32\dssenh.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A6808 BaseDllName address: 0x000A9058 FullDllName physical address: 4fd7808 BaseDllName physical address: 772058 Thread List Head: 0xFCA2A550 THREAD: 0xFCA25B80 (0x1042b80) Cid: f0.f8 CreateTime: 0x1c569df92ef8150 2005-06-05 15:02:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(0) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 11 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFCA25BDC Contents: FF28865C:FF23763C Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA25BEC(1042bec) PostBlockList: 0xFCA25D44:FCA25D44 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x509122D7 C:\WINNT\system32\LSASRV.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF834B000 Stack Limit: 0xF8348000 Kernel Stack: 0xF834ABFC(Paged< 0:612000> NA NA ) Resident: 0 THREAD: 0xFF28F020 (0x79f0020) Cid: f0.100 CreateTime: 0x1c569df93142dd0 2005-06-05 15:02:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(0) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 11 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF28F07C Contents: FF2175DC:FF2477BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1D7848(1eeb848) PostBlockList: 0xFF28F1E4:FF28F1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77F96528 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8343000 Stack Limit: 0xF8340000 Kernel Stack: 0xF8342930(ff8000 NA NA ) Resident: 0 THREAD: 0xFF28F620 (0x79f0620) Cid: f0.104 CreateTime: 0x1c569df9315b500 2005-06-05 15:02:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(7b5b000) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF28F67C Contents: FF133DFC:FF1DB8BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28F68C(79f068c) PostBlockList: 0xFF28F7E4:FF28F7E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF833F000 Stack Limit: 0xF833C000 Kernel Stack: 0xF833EC5C(7aea000 NA NA ) Resident: 0 User stack base: 0x00500000(7b84000 Paged< 0:9e5000> NA NA NA NA ) User stack Limit: 0x004FA000 THREAD: 0xFF28D020 (0xff6020) Cid: f0.110 CreateTime: 0x1c569df932375b0 2005-06-05 15:02:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(7c97000) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Alertable WaitListHead: 0xFF28D07C Contents: FF1CD7DC:FF28DBFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28D0D4(ff60d4) PostBlockList: 0xFF28D1E4:FF28D1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77F828B5 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF08F0000 Stack Limit: 0xF08ED000 Kernel Stack: 0xF08EFCC4(7b59000 NA NA ) Resident: 0 User stack base: 0x00540000(7b38000 NA NA NA NA NA ) User stack Limit: 0x0053A000 THREAD: 0xFF28DBA0 (0xff6ba0) Cid: f0.114 CreateTime: 0x1c569df9324fce0 2005-06-05 15:02:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(7b3c000) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF28DBFC Contents: FF28D07C:FF1A59BC Queue List: 0xFF28E940:FF28E940 WaitBlockList: 0xFF28DC0C(ff6c0c) PostBlockList: 0xE12EEFB0:E12DA7F0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77F961B4 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8232000 Stack Limit: 0xF822F000 Kernel Stack: 0xF8231C90(7b80000 NA NA ) Resident: 0 User stack base: 0x00580000(7b1d000 NA NA NA NA NA ) User stack Limit: 0x0057A000 THREAD: 0xFF288020 (0x8ad020) Cid: f0.120 CreateTime: 0x1c569df9389d740 2005-06-05 15:02:22Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD7000(859000) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF28807C Contents: FF17485C:FCA33DBC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28808C(8ad08c) PostBlockList: 0xFF2881E4:FF2881E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll LPC Server thread working on message Id 0xdf5 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF822E000 Stack Limit: 0xF822B000 Kernel Stack: 0xF822DC5C(8d0000 NA NA ) Resident: 1 User stack base: 0x00610000(91a000 NA NA NA NA NA ) User stack Limit: 0x0060A000 THREAD: 0xFF288600 (0x8ad600) Cid: f0.12c CreateTime: 0x1c569df9389d740 2005-06-05 15:02:22Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD4000(0) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 11 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF28865C Contents: FF238B1C:FCA25BDC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28866C(8ad66c) PostBlockList: 0xFF2887C4:FF2887C4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x5092B452 C:\WINNT\system32\LSASRV.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8222000 Stack Limit: 0xF821F000 Kernel Stack: 0xF8221CA0(Paged< 0:610000> NA NA ) Resident: 0 THREAD: 0xFF287AC0 (0x945ac0) Cid: f0.134 CreateTime: 0x1c569df938ce5a0 2005-06-05 15:02:22Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAE000(8cc000) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF287B1C Contents: FF27581C:FF284DFC Queue List: 0xFF286A90:FF28A7E0 WaitBlockList: 0xFF287B2C(945b2c) PostBlockList: 0xFF287C84:FF287C84 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF821E000 Stack Limit: 0xF821B000 Kernel Stack: 0xF821DC90(8cd000 NA NA ) Resident: 0 User stack base: 0x00750000(8ed000 204000 NA NA NA NA ) User stack Limit: 0x0074A000 THREAD: 0xFF286980 (0x8aa980) Cid: f0.138 CreateTime: 0x1c569df938ce5a0 2005-06-05 15:02:22Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAD000(8ef000) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF2869DC Contents: FF19489C:FF22807C Queue List: 0xFF28A7E0:FF287BD0 WaitBlockList: 0xFF2869EC(8aa9ec) PostBlockList: 0xFF286B44:FF286B44 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF821A000 Stack Limit: 0xF8217000 Kernel Stack: 0xF8219C90(951000 NA NA ) Resident: 0 User stack base: 0x00790000(910000 NA NA NA NA NA ) User stack Limit: 0x0078A000 THREAD: 0xFF247760 (0x4bc8760) Cid: f0.218 CreateTime: 0x1c569df96259c30 2005-06-05 15:02:26Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(4b9f000) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0xE1EABEA8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF2477BC Contents: FF28F07C:FF27FDFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF15C6E8(63686e8) PostBlockList: 0xE1EB11D0:E1E48730 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8614000 Stack Limit: 0xF8611000 Kernel Stack: 0xF8613930(64dc000 NA NA ) Resident: 0 User stack base: 0x00980000(4c80000 639f000 6c02000 64c3000 6404000 6565000 5826000 6467000 6568000 ) User stack Limit: 0x00977000 THREAD: 0xFF238AC0 (0x64a8ac0) Cid: f0.24c CreateTime: 0x1c569df96d6ddf0 2005-06-05 15:02:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA9000(57fd000) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 11 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF238B1C Contents: FF21D95C:FF28865C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF238B2C(64a8b2c) PostBlockList: 0xFF238C84:FF238C84 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x778321FE C:\WINNT\system32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FF5000 Stack Limit: 0xF7FF2000 Kernel Stack: 0xF7FF4930(Paged< 0:60d000> NA NA ) Resident: 0 User stack base: 0x00EA0000(5806000 NA NA NA NA NA ) User stack Limit: 0x00E9A000 THREAD: 0xFF21D900 (0x6623900) Cid: f0.2a0 CreateTime: 0x1c569df98aa7550 2005-06-05 15:02:30Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAC000(49a5000) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF21D95C Contents: FF1D907C:FF238B1C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF21D96C(662396c) PostBlockList: 0xFF21DAC4:FF21DAC4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x5092B452 C:\WINNT\system32\LSASRV.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7EEA000 Stack Limit: 0xF7EE7000 Kernel Stack: 0xF7EE9CA0(Paged< 0:60c000> NA NA ) Resident: 0 User stack base: 0x00EF0000(5e6000 5048000 6569000 4eca000 NA NA ) User stack Limit: 0x00EEA000 THREAD: 0xFF233D60 (0x6b8ad60) Cid: f0.298 CreateTime: 0x1c569df9afe6870 2005-06-05 15:02:34Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAA000(1eee000) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF233DBC Contents: FF1CE41C:FF234C9C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF233DCC(6b8adcc) PostBlockList: 0xFF233F24:FF233F24 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FB1000 Stack Limit: 0xF7FAE000 Kernel Stack: 0xF7FB0C48(c30000 NA NA ) Resident: 0 User stack base: 0x00F30000(1ef1000 NA NA NA NA NA ) User stack Limit: 0x00F2A000 THREAD: 0xFF1D9020 (0x1ee9020) Cid: f0.e0 CreateTime: 0x1c569df9b2314f0 2005-06-05 15:02:35Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA8000(1fa3000) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 13 Base Priority: 11 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF1D907C Contents: FF27607C:FF21D95C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1D908C(1ee908c) PostBlockList: 0xFF1D91E4:FF1D91E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x78002432 C:\WINNT\system32\MSVCRT.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7D37000 Stack Limit: 0xF7D34000 Kernel Stack: 0xF7D36930(Paged< 0:62d000> NA NA ) Resident: 0 User stack base: 0x00F90000(1f87000 NA NA NA NA NA ) User stack Limit: 0x00F8A000 THREAD: 0xFF143C00 (0x3dc8c00) Cid: f0.11c CreateTime: 0x1c569e1d9ae8690 2005-06-05 15:18:39Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD8000(0) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF143C5C Contents: FF14737C:FF28807C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF143C6C(3dc8c6c) PostBlockList: 0xFF143DC4:FF143DC4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x5092B452 C:\WINNT\system32\LSASRV.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7CB2000 Stack Limit: 0xF7CAF000 Kernel Stack: 0xF7CB1CA0(6ce1000 NA NA ) Resident: 0 THREAD: 0xFF174800 (0x5a45800) Cid: f0.364 CreateTime: 0x1c569e1d9bdce70 2005-06-05 15:18:39Z ExitTime: 1c569e1d9bdce70 2005-06-05 15:20:04Z SecurityDescriptor: (null) Teb: 0x00000000(0) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 16 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF17485C Contents: 8047F800:8047F800 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF17486C(5a4586c) PostBlockList: 0xFF1749C4:FF1749C4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x5092B452 C:\WINNT\system32\LSASRV.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF7B3D000 Kernel Stack: 0xF7B3FC48() Resident: 1 Terminated: Yes THREAD: 0xFF175520 (0x37ef520) Cid: f0.3a8 CreateTime: 0x1c569e1d9bdce70 2005-06-05 15:18:39Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD5000(0) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF17557C Contents: FF1DB4FC:FF17485C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF17558C(37ef58c) PostBlockList: 0xFF1756E4:FF1756E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x5092B452 C:\WINNT\system32\LSASRV.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B4C000 Stack Limit: 0xF7B49000 Kernel Stack: 0xF7B4BCA0(669d000 NA NA ) Resident: 0 + 194 svchost.exe Source: from_active_process_list Eprocess Block: 0xFF277520 (0xdd0504) CreateTime: 0x1c569df9476b150 2005-06-05 15:02:23Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0xe91000 Process Environment Block: 0x7FFDF000 (ec8000) Loader module block: 0x00071E90 (ec800c) Command Line: C:\WINNT\system32\svchost -k rpcss Section: 0xE13ACBD0 (0x2b2cbd0) Section Base Address: 0x01000000 (de7000) SectionBasedAddress: 0x08A86420 ) SizeOfSegment: 0x5000 SectionFileName: \WINNT\system32\svchost.exe 0xe12d47a8 (0x19447a8) Handle Table: 0xFF277D68 (0xdd0d68) Count: 238 TableCode: 0xE1E71000 Process exiting: 0 VAD Root: 0xFF2764A8(dcd4a8) Private: 261 Modified: 0 Locked: 13 AccessToken: 0xE1E70E10(dabe10) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,59f3} ParentToken ID: {0,0} Modified ID: {0,223bc} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege 0x01000000 0x01005000 (de7000) svchost.exe C:\WINNT\system32\svchost.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00071F10 FullDllName physical address: dac57c BaseDllName physical address: eb1f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F80 BaseDllName address: 0x00071FA4 FullDllName physical address: eb1f80 BaseDllName physical address: eb1fa4 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072420 BaseDllName address: 0x000723F8 FullDllName physical address: e32420 BaseDllName physical address: e323f8 0x77E80000 0x77F35000 (58b4000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724E0 BaseDllName address: 0x000724B8 FullDllName physical address: e324e0 BaseDllName physical address: e324b8 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072598 BaseDllName address: 0x00072578 FullDllName physical address: e32598 BaseDllName physical address: e32578 0x77A50000 0x77B45000 (58c9000) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072668 BaseDllName address: 0x00072648 FullDllName physical address: e32668 BaseDllName physical address: e32648 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072718 BaseDllName address: 0x000726F8 FullDllName physical address: e32718 BaseDllName physical address: e326f8 0x77E10000 0x77E74000 (5a02000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000727C8 BaseDllName address: 0x000727A8 FullDllName physical address: e327c8 BaseDllName physical address: e327a8 0x76190000 0x761CC000 (e2d000) rpcss.dll c:\winnt\system32\rpcss.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00074700 BaseDllName address: 0x00076710 FullDllName physical address: db9700 BaseDllName physical address: f1f710 0x78000000 0x78046000 (59bc000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0x48 TlsIndex: 0 FullDllName virtual address: 0x00077470 BaseDllName address: 0x00077450 FullDllName physical address: ea0470 BaseDllName physical address: ea0450 0x77C10000 0x77C6D000 (7606000) USERENV.DLL c:\winnt\system32\USERENV.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00077540 BaseDllName address: 0x00077520 FullDllName physical address: ea0540 BaseDllName physical address: ea0520 0x75030000 0x75044000 (76c5000) WS2_32.DLL c:\winnt\system32\WS2_32.DLL Flags: 0x84006 LoadCount: 0x20 TlsIndex: 0 FullDllName virtual address: 0x00077700 BaseDllName address: 0x000776E0 FullDllName physical address: ea0700 BaseDllName physical address: ea06e0 0x75020000 0x75028000 (7666000) WS2HELP.DLL c:\winnt\system32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0xd TlsIndex: 0 FullDllName virtual address: 0x000777B8 BaseDllName address: 0x00077798 FullDllName physical address: ea07b8 BaseDllName physical address: ea0798 0x77BE0000 0x77BEF000 (75fa000) SECUR32.DLL c:\winnt\system32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0xc TlsIndex: 0 FullDllName virtual address: 0x00077870 BaseDllName address: 0x00077850 FullDllName physical address: ea0870 BaseDllName physical address: ea0850 0x74FF0000 0x75002000 (e6b000) mswsock.dll C:\WINNT\system32\mswsock.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00079BF0 BaseDllName address: 0x00079BD0 FullDllName physical address: ea4bf0 BaseDllName physical address: ea4bd0 0x77980000 0x779A4000 (769b000) DNSAPI.DLL C:\WINNT\system32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x00079CA8 BaseDllName address: 0x00079C88 FullDllName physical address: ea4ca8 BaseDllName physical address: ea4c88 0x75050000 0x75058000 (765c000) WSOCK32.DLL C:\WINNT\system32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x00079D60 BaseDllName address: 0x00079D40 FullDllName physical address: ea4d60 BaseDllName physical address: ea4d40 0x74FD0000 0x74FED000 (ee7000) msafd.dll C:\WINNT\system32\msafd.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0007DFE8 BaseDllName address: 0x00079BB0 FullDllName physical address: dc6000 BaseDllName physical address: ea4bb0 0x77340000 0x77353000 (b70000) IPHLPAPI.DLL C:\WINNT\system32\IPHLPAPI.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0007D678 BaseDllName address: 0x0007E028 FullDllName physical address: e59678 BaseDllName physical address: dc6028 0x77520000 0x77525000 (b2d000) ICMP.DLL C:\WINNT\system32\ICMP.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0007E0C0 BaseDllName address: 0x0007E0A0 FullDllName physical address: dc60c0 BaseDllName physical address: dc60a0 0x77320000 0x77337000 (cbf000) MPRAPI.DLL C:\WINNT\system32\MPRAPI.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007E270 BaseDllName address: 0x0007E250 FullDllName physical address: dc6270 BaseDllName physical address: dc6250 0x75150000 0x7515F000 (767b000) SAMLIB.DLL C:\WINNT\system32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0007E328 BaseDllName address: 0x0007E308 FullDllName physical address: dc6328 BaseDllName physical address: dc6308 0x75170000 0x751BF000 (7646000) NETAPI32.DLL C:\WINNT\system32\NETAPI32.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0007E3E8 BaseDllName address: 0x0007E3C0 FullDllName physical address: dc63e8 BaseDllName physical address: dc63c0 0x751C0000 0x751C6000 (7688000) NETRAP.DLL C:\WINNT\system32\NETRAP.DLL Flags: 0x4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007E4A0 BaseDllName address: 0x0007E480 FullDllName physical address: dc64a0 BaseDllName physical address: dc6480 0x77950000 0x77979000 (5989000) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x0007E558 BaseDllName address: 0x0007E538 FullDllName physical address: dc6558 BaseDllName physical address: dc6538 0x779B0000 0x77A45000 (58fa000) OLEAUT32.DLL C:\WINNT\system32\OLEAUT32.DLL Flags: 0x84006 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x0007E618 BaseDllName address: 0x0007E5F0 FullDllName physical address: dc6618 BaseDllName physical address: dc65f0 0x773B0000 0x773DE000 (bd8000) ACTIVEDS.DLL C:\WINNT\system32\ACTIVEDS.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007E6D8 BaseDllName address: 0x0007E6B0 FullDllName physical address: dc66d8 BaseDllName physical address: dc66b0 0x77380000 0x773A2000 (b99000) ADSLDPC.DLL C:\WINNT\system32\ADSLDPC.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007E790 BaseDllName address: 0x0007E770 FullDllName physical address: dc6790 BaseDllName physical address: dc6770 0x77830000 0x7783E000 (bb2000) RTUTILS.DLL C:\WINNT\system32\RTUTILS.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0007E848 BaseDllName address: 0x0007E828 FullDllName physical address: dc6848 BaseDllName physical address: dc6828 0x77880000 0x7790D000 (7ce6000) SETUPAPI.DLL C:\WINNT\system32\SETUPAPI.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007E908 BaseDllName address: 0x0007E8E0 FullDllName physical address: dc6908 BaseDllName physical address: dc68e0 0x774E0000 0x77512000 (b9d000) RASAPI32.DLL C:\WINNT\system32\RASAPI32.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007E9C8 BaseDllName address: 0x0007E9A0 FullDllName physical address: dc69c8 BaseDllName physical address: dc69a0 0x774C0000 0x774D1000 (c0e000) RASMAN.DLL C:\WINNT\system32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007EA80 BaseDllName address: 0x0007EA60 FullDllName physical address: dc6a80 BaseDllName physical address: dc6a60 0x77530000 0x77552000 (bbc000) TAPI32.DLL C:\WINNT\system32\TAPI32.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007EB38 BaseDllName address: 0x0007EB18 FullDllName physical address: dc6b38 BaseDllName physical address: dc6b18 0x77B50000 0x77BD9000 (59cb000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0007EBF8 BaseDllName address: 0x0007EBD0 FullDllName physical address: dc6bf8 BaseDllName physical address: dc6bd0 0x77C70000 0x77CBA000 (59ba000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007ECB0 BaseDllName address: 0x0007EC90 FullDllName physical address: dc6cb0 BaseDllName physical address: dc6c90 0x77360000 0x77379000 (b78000) DHCPCSVC.DLL C:\WINNT\system32\DHCPCSVC.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007ED70 BaseDllName address: 0x0007ED48 FullDllName physical address: dc6d70 BaseDllName physical address: dc6d48 0x691D0000 0x69255000 (d00000) CLBCATQ.DLL C:\WINNT\system32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0007F008 BaseDllName address: 0x0007F050 FullDllName physical address: ecd008 BaseDllName physical address: ecd050 0x75010000 0x75017000 (f54000) wshtcpip.dll C:\WINNT\System32\wshtcpip.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00081A00 BaseDllName address: 0x00084230 FullDllName physical address: 2d7a00 BaseDllName physical address: f4e230 0x78280000 0x7828C000 (361000) rnr20.dll C:\WINNT\System32\rnr20.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00084AA0 BaseDllName address: 0x00084AE0 FullDllName physical address: f4eaa0 BaseDllName physical address: f4eae0 0x777E0000 0x777E8000 (331000) winrnr.dll C:\WINNT\System32\winrnr.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00084A58 BaseDllName address: 0x000859B0 FullDllName physical address: f4ea58 BaseDllName physical address: f2b9b0 0x777F0000 0x777F5000 (381000) rasadhlp.dll C:\WINNT\system32\rasadhlp.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000849C0 BaseDllName address: 0x00085988 FullDllName physical address: f4e9c0 BaseDllName physical address: f2b988 0x4D100000 0x4D11A000 (7bbc000) msv1_0.dll C:\WINNT\system32\msv1_0.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0009C268 BaseDllName address: 0x00093998 FullDllName physical address: 383c268 BaseDllName physical address: 4db9998 Thread List Head: 0xFF277570 THREAD: 0xFF276020 (0xdcd020) Cid: 194.190 CreateTime: 0x1c569df9476b150 2005-06-05 15:02:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(ded000) ThreadsProcess: 0xFF277520 svchost.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E70BA8 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF27607C Contents: FF2731DC:FF1D907C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF27608C(dcd08c) PostBlockList: 0xFF2761E4:FF2761E4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x010010B8 C:\WINNT\system32\svchost.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8644000 Stack Limit: 0xF8641000 Kernel Stack: 0xF8643BFC(Paged< 0:62c000> NA NA ) Resident: 0 User stack base: 0x00070000(e6e000 f77000 ) User stack Limit: 0x0006E000 THREAD: 0xFF2757C0 (0xdbd7c0) Cid: 194.1a0 CreateTime: 0x1c569df9482ead0 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(ea2000) ThreadsProcess: 0xFF277520 svchost.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E73008 Wait:(DelayExecution) UserMode Non-Alertable WaitListHead: 0xFF27581C Contents: FCC84DFC:FF287B1C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF275874(dbd874) PostBlockList: 0xE1E75ED0:E1E2C310 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8634000 Stack Limit: 0xF8631000 Kernel Stack: 0xF8633CC4(ecb000 NA NA ) Resident: 0 User stack base: 0x00440000(e43000 e44000 e2a000 e26000 f27000 308000 269000 eca000 f0b000 ) User stack Limit: 0x00437000 THREAD: 0xFF273180 (0xec5180) Cid: 194.1a4 CreateTime: 0x1c569df9499d6a0 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(f7a000) ThreadsProcess: 0xFF277520 svchost.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF2731DC Contents: FF26EDDC:FF27607C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF287EA8(945ea8) PostBlockList: 0xFF273344:FF273344 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x778321FE C:\WINNT\system32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8117000 Stack Limit: 0xF8114000 Kernel Stack: 0xF8116930(Paged< 0:62a000> NA NA ) Resident: 0 User stack base: 0x00920000(f85000 ) User stack Limit: 0x0091F000 THREAD: 0xFF26F020 (0xf74020) Cid: 194.1a8 CreateTime: 0x1c569df94a91e80 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(f84000) ThreadsProcess: 0xFF277520 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF26F07C Contents: FF1A051C:FF21107C Queue List: 0xFF275DC0:FF275DC0 WaitBlockList: 0xFF26F08C(f7408c) PostBlockList: 0xFF26F1E4:FF26F1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF810B000 Stack Limit: 0xF8108000 Kernel Stack: 0xF810AC90(564d000 4306000 1e67000 ) Resident: 1 User stack base: 0x00970000(f8e000 ) User stack Limit: 0x0096F000 THREAD: 0xFF18ADA0 (0x3a7eda0) Cid: 194.354 CreateTime: 0x1c569dfa2d95b30 2005-06-05 15:02:48Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD7000(3b69000) ThreadsProcess: 0xFF277520 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF18ADFC Contents: FF28807C:FF1CD07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18AE0C(3a7ee0c) PostBlockList: 0xE12E2930:E1E57650 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B38000 Stack Limit: 0xF7B35000 Kernel Stack: 0xF7B37C48(38cd000 NA NA ) Resident: 0 User stack base: 0x00A40000(396a000 382b000 ) User stack Limit: 0x00A3E000 THREAD: 0xFF148900 (0x26c9900) Cid: 194.148 CreateTime: 0x1c569dfdccd72a0 2005-06-05 15:04:25Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(5243000) ThreadsProcess: 0xFF277520 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Non-Alertable WaitListHead: 0xFF14895C Contents: FF161C1C:FF27581C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1489B4(26c99b4) PostBlockList: 0xFF148AC4:FF148AC4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x76194A9A c:\winnt\system32\rpcss.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8226000 Stack Limit: 0xF8223000 Kernel Stack: 0xF8225CC4(879000 NA NA ) Resident: 0 User stack base: 0x00B00000(757a000 ) User stack Limit: 0x00AFF000 THREAD: 0xFF161BC0 (0x57f2bc0) Cid: 194.280 CreateTime: 0x1c569e0849f4f30 2005-06-05 15:09:06Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(1f15000) ThreadsProcess: 0xFF277520 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Non-Alertable WaitListHead: 0xFF161C1C Contents: FCDFEB7C:FF14895C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF161C74(57f2c74) PostBlockList: 0xFF161D84:FF161D84 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x76194A9A c:\winnt\system32\rpcss.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7EC6000 Stack Limit: 0xF7EC3000 Kernel Stack: 0xF7EC5CC4(23e3000 NA NA ) Resident: 0 User stack base: 0x00B40000(2758000 ) User stack Limit: 0x00B3F000 THREAD: 0xFF147320 (0x2ce4320) Cid: 194.3d8 CreateTime: 0x1c569e129569240 2005-06-05 15:13:43Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD8000(4ad9000) ThreadsProcess: 0xFF277520 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF14737C Contents: FF1CD7DC:FF143C5C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF14738C(2ce438c) PostBlockList: 0xE1E157F0:E2108810 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL LPC Server thread working on message Id 0xe40 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8033000 Stack Limit: 0xF8030000 Kernel Stack: 0xF8032C48(1c14000 NA NA ) Resident: 0 User stack base: 0x00B80000(48c7000 NA NA NA ) User stack Limit: 0x00B7C000 THREAD: 0xFF1DB4A0 (0x1dae4a0) Cid: 194.124 CreateTime: 0x1c569e129581970 2005-06-05 15:13:43Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD6000(52cc000) ThreadsProcess: 0xFF277520 svchost.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1DB4FC Contents: FF24F07C:FF14737C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1DB50C(1dae50c) PostBlockList: 0xE1E64390:E2099150 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7AEF000 Stack Limit: 0xF7AEC000 Kernel Stack: 0xF7AEEC48(7bd000 NA NA ) Resident: 1 User stack base: 0x00BC0000(354f000 NA ) User stack Limit: 0x00BBE000 + 1b0 spoolsv.exe Source: from_active_process_list Eprocess Block: 0xFF2748A0 (0xe3e884) CreateTime: 0x1c569df94af3b40 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0xf5b000 Process Environment Block: 0x7FFDF000 (fa7000) Loader module block: 0x00071E90 (fa700c) Command Line: C:\WINNT\system32\spoolsv.exe Section: 0xE1E759B0 (0xedd9b0) Section Base Address: 0x01000000 (39a000) SectionBasedAddress: 0x08AD4428 ) SizeOfSegment: 0xd000 SectionFileName: \WINNT\system32\spoolsv.exe 0xe1e75bc8 (0xeddbc8) Handle Table: 0xFF2765A8 (0xdcd5a8) Count: 98 TableCode: 0xE1E76000 Process exiting: 0 VAD Root: 0xFF26C6C8(fad6c8) Private: 219 Modified: 0 Locked: 0 AccessToken: 0xE1E75750(edd750) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,6371} ParentToken ID: {0,0} Modified ID: {0,2b70e} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled 0x01000000 0x0100D000 (39a000) spoolsv.exe C:\WINNT\system32\spoolsv.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00071F10 FullDllName physical address: f6b57c BaseDllName physical address: 310f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F80 BaseDllName address: 0x00071FA4 FullDllName physical address: 310f80 BaseDllName physical address: 310fa4 0x78000000 0x78046000 (59bc000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072418 BaseDllName address: 0x000723F8 FullDllName physical address: 251418 BaseDllName physical address: 2513f8 0x77E80000 0x77F35000 (58b4000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724D8 BaseDllName address: 0x000724B0 FullDllName physical address: 2514d8 BaseDllName physical address: 2514b0 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000725B0 BaseDllName address: 0x00072588 FullDllName physical address: 2515b0 BaseDllName physical address: 251588 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072668 BaseDllName address: 0x00072648 FullDllName physical address: 251668 BaseDllName physical address: 251648 0x77F40000 0x77F7C000 (5892000) GDI32.dll C:\WINNT\system32\GDI32.dll Flags: 0x4004 LoadCount: 0x28 TlsIndex: 0 FullDllName virtual address: 0x00074580 BaseDllName address: 0x00077F40 FullDllName physical address: 364580 BaseDllName physical address: f8af40 0x77E10000 0x77E74000 (5a02000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0x44 TlsIndex: 0 FullDllName virtual address: 0x00077FD0 BaseDllName address: 0x00077FB0 FullDllName physical address: 38e000 BaseDllName physical address: f8afb0 0x76A90000 0x76AA2000 (2a7c000) SPOOLSS.DLL C:\WINNT\system32\SPOOLSS.DLL Flags: 0xc4004 LoadCount: 0xc TlsIndex: 0 FullDllName virtual address: 0x0007AA40 BaseDllName address: 0x0007AA20 FullDllName physical address: 25aa40 BaseDllName physical address: 25aa20 0x75030000 0x75044000 (76c5000) WS2_32.DLL C:\WINNT\system32\WS2_32.DLL Flags: 0x84006 LoadCount: 0x21 TlsIndex: 0 FullDllName virtual address: 0x0007AE20 BaseDllName address: 0x0007AE00 FullDllName physical address: 25ae20 BaseDllName physical address: 25ae00 0x75020000 0x75028000 (7666000) WS2HELP.DLL C:\WINNT\system32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0x11 TlsIndex: 0 FullDllName virtual address: 0x0007AED8 BaseDllName address: 0x0007AEB8 FullDllName physical address: 25aed8 BaseDllName physical address: 25aeb8 0x777F0000 0x777F5000 (381000) rasadhlp.dll C:\WINNT\system32\rasadhlp.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0007E798 BaseDllName address: 0x0007FFA0 FullDllName physical address: 2dde798 BaseDllName physical address: 2e80fa0 0x77830000 0x7783E000 (bb2000) RTUTILS.DLL C:\WINNT\system32\RTUTILS.DLL Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00081350 BaseDllName address: 0x00080D48 FullDllName physical address: 451a350 BaseDllName physical address: 2692d48 0x76AC0000 0x76B00000 (2c05000) localspl.dll C:\WINNT\system32\localspl.dll Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00080B40 BaseDllName address: 0x0007FFE8 FullDllName physical address: 2692b40 BaseDllName physical address: 2e80fe8 0x77A50000 0x77B45000 (58c9000) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x0007EF90 BaseDllName address: 0x0007F040 FullDllName physical address: 2ddef90 BaseDllName physical address: 2e80040 0x779B0000 0x77A45000 (58fa000) OLEAUT32.DLL C:\WINNT\system32\OLEAUT32.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00080AF8 BaseDllName address: 0x0007AF70 FullDllName physical address: 2692af8 BaseDllName physical address: 25af70 0x77820000 0x77827000 (59a7000) VERSION.DLL C:\WINNT\system32\VERSION.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007F0D0 BaseDllName address: 0x0007EFD0 FullDllName physical address: 2e800d0 BaseDllName physical address: 2ddefd0 0x759B0000 0x759B6000 (5898000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00080010 BaseDllName address: 0x00080D68 FullDllName physical address: 2692010 BaseDllName physical address: 2692d68 0x77BE0000 0x77BEF000 (75fa000) SECUR32.DLL C:\WINNT\system32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x0007EF48 BaseDllName address: 0x00081130 FullDllName physical address: 2ddef48 BaseDllName physical address: 451a130 0x76980000 0x7699B000 (75fd000) SFC.DLL C:\WINNT\system32\SFC.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00080AA8 BaseDllName address: 0x00076658 FullDllName physical address: 2692aa8 BaseDllName physical address: 387658 0x68010000 0x68106000 (5839000) sfcfiles.dll C:\WINNT\system32\sfcfiles.dll Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00081E88 BaseDllName address: 0x00081E60 FullDllName physical address: 451ae88 BaseDllName physical address: 451ae60 0x77800000 0x7781D000 (53a9000) winspool.drv C:\WINNT\system32\winspool.drv Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0007F168 BaseDllName address: 0x00081F20 FullDllName physical address: 2e80168 BaseDllName physical address: 451af20 0x75170000 0x751BF000 (7646000) netapi32.dll C:\WINNT\system32\netapi32.dll Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007F2A0 BaseDllName address: 0x00081F48 FullDllName physical address: 2e802a0 BaseDllName physical address: 451af48 0x751C0000 0x751C6000 (7688000) NETRAP.DLL C:\WINNT\system32\NETRAP.DLL Flags: 0x4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0007F2E8 BaseDllName address: 0x0007AF98 FullDllName physical address: 2e802e8 BaseDllName physical address: 25af98 0x75150000 0x7515F000 (767b000) SAMLIB.DLL C:\WINNT\system32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007F330 BaseDllName address: 0x00080050 FullDllName physical address: 2e80330 BaseDllName physical address: 2692050 0x77950000 0x77979000 (5989000) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0007F3C8 BaseDllName address: 0x0007FFC8 FullDllName physical address: 2e803c8 BaseDllName physical address: 2e80fc8 0x77980000 0x779A4000 (769b000) DNSAPI.DLL C:\WINNT\system32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0007F460 BaseDllName address: 0x0007F0B0 FullDllName physical address: 2e80460 BaseDllName physical address: 2e800b0 0x75050000 0x75058000 (765c000) WSOCK32.DLL C:\WINNT\system32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0007F4F8 BaseDllName address: 0x00081FC8 FullDllName physical address: 2e804f8 BaseDllName physical address: 451afc8 0x733E0000 0x733EE000 (3313000) cnbjmon.dll C:\WINNT\system32\cnbjmon.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0007F5B8 BaseDllName address: 0x00081FE8 FullDllName physical address: 2e805b8 BaseDllName physical address: 451afe8 0x76AB0000 0x76AB7000 (2fb8000) pjlmon.dll C:\WINNT\system32\pjlmon.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0007FDD0 BaseDllName address: 0x0007FF30 FullDllName physical address: 2e80dd0 BaseDllName physical address: 2e80f30 0x76A80000 0x76A8D000 (2ed6000) tcpmon.dll C:\WINNT\system32\tcpmon.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0007FD20 BaseDllName address: 0x0007DA68 FullDllName physical address: 2e80d20 BaseDllName physical address: 2ddda68 0x76A70000 0x76A76000 (2f93000) usbmon.dll C:\WINNT\system32\usbmon.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00083D18 BaseDllName address: 0x0007DA88 FullDllName physical address: 1921d18 BaseDllName physical address: 2ddda88 0x77B50000 0x77BD9000 (59cb000) COMCTL32.dll C:\WINNT\system32\COMCTL32.dll Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007E240 BaseDllName address: 0x0007E218 FullDllName physical address: 2dde240 BaseDllName physical address: 2dde218 0x6B460000 0x6B467000 (2ec7000) msfaxmon.dll C:\WINNT\system32\msfaxmon.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00083F00 BaseDllName address: 0x00082D70 FullDllName physical address: 1921f00 BaseDllName physical address: 1dfd70 0x78280000 0x7828C000 (361000) rnr20.dll C:\WINNT\System32\rnr20.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0007FE18 BaseDllName address: 0x0007FEA8 FullDllName physical address: 2e80e18 BaseDllName physical address: 2e80ea8 0x777E0000 0x777E8000 (331000) winrnr.dll C:\WINNT\System32\winrnr.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00071FC0 BaseDllName address: 0x0007E3C8 FullDllName physical address: 310fc0 BaseDllName physical address: 2dde3c8 0x76A50000 0x76A6F000 (7d8a000) win32spl.dll C:\WINNT\system32\win32spl.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00083E68 BaseDllName address: 0x00082D98 FullDllName physical address: 1921e68 BaseDllName physical address: 1dfd98 0x691D0000 0x69255000 (d00000) CLBCATQ.DLL C:\WINNT\system32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00082CF0 BaseDllName address: 0x000721B0 FullDllName physical address: 1dfcf0 BaseDllName physical address: 2511b0 0x76B00000 0x76B13000 (7e35000) inetpp.dll C:\WINNT\system32\inetpp.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000886E0 BaseDllName address: 0x00082DE8 FullDllName physical address: 7bc76e0 BaseDllName physical address: 1dfde8 0x77520000 0x77525000 (b2d000) ICMP.DLL C:\WINNT\system32\ICMP.DLL Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0007E488 BaseDllName address: 0x0008A428 FullDllName physical address: 2dde488 BaseDllName physical address: 36a7428 Thread List Head: 0xFF2748F0 THREAD: 0xFF26ED80 (0xf7ed80) Cid: 1b0.1ac CreateTime: 0x1c569df94af3b40 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(f0c000) ThreadsProcess: 0xFF2748A0 spoolsv.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF26EDDC Contents: FF26DC9C:FF2731DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF26EDEC(f7edec) PostBlockList: 0xFF26EF44:FF26EF44 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x01001124 C:\WINNT\system32\spoolsv.exe Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8107000 Stack Limit: 0xF8104000 Kernel Stack: 0xF8106BFC(Paged< 0:628000> NA NA ) Resident: 0 User stack base: 0x00070000(f8d000 fbe000 ) User stack Limit: 0x0006E000 THREAD: 0xFF26DC40 (0xf2cc40) Cid: 1b0.1b4 CreateTime: 0x1c569df94b0c270 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(2e8000) ThreadsProcess: 0xFF2748A0 spoolsv.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E74108 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF26DC9C Contents: FF1518FC:FF26EDDC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF26DCAC(f2ccac) PostBlockList: 0xFF26DE04:FF26DE04 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8604000 Stack Limit: 0xF8601000 Kernel Stack: 0xF8603CA0(Paged< 0:627000> NA NA ) Resident: 0 User stack base: 0x00290000(3e9000 236000 ) User stack Limit: 0x0028E000 THREAD: 0xFF26D4A0 (0xf2c4a0) Cid: 1b0.1b8 CreateTime: 0x1c569df94b0c270 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(fab000) ThreadsProcess: 0xFF2748A0 spoolsv.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF26D4FC Contents: FF24707C:FF161C1C Queue List: 0xFF26E4E0:FF26E4E0 WaitBlockList: 0xFF26D50C(f2c50c) PostBlockList: 0xFF26D664:FF26D664 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF80FF000 Stack Limit: 0xF80FC000 Kernel Stack: 0xF80FEC90(31de000 NA NA ) Resident: 0 User stack base: 0x002D0000(26f000 ) User stack Limit: 0x002CF000 THREAD: 0xFF26CDA0 (0xfadda0) Cid: 1b0.1bc CreateTime: 0x1c569df94b0c270 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(f4c000) ThreadsProcess: 0xFF2748A0 spoolsv.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF26CDFC Contents: FF1CF07C:FF147B9C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF26CE0C(fade0c) PostBlockList: 0xFF26CF64:FF26CF64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF80FB000 Stack Limit: 0xF80F8000 Kernel Stack: 0xF80FAC48(380000 NA NA ) Resident: 0 User stack base: 0x00310000(350000 ) User stack Limit: 0x0030F000 THREAD: 0xFF26C460 (0xfad460) Cid: 1b0.1c4 CreateTime: 0x1c569df94b249a0 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(197000) ThreadsProcess: 0xFF2748A0 spoolsv.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E78128 Wait:(WrExecutive) UserMode Non-Alertable WaitListHead: 0xFF26C4BC Contents: FF22ADFC:FF276ABC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF26C4CC(fad4cc) PostBlockList: 0xFF26C624:FF26C624 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x01005979 C:\WINNT\system32\spoolsv.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF85F4000 Stack Limit: 0xF85F1000 Kernel Stack: 0xF85F3C48(4a24000 NA NA ) Resident: 0 User stack base: 0x007E0000(398000 NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA ) User stack Limit: 0x007D0000 THREAD: 0xFF1518A0 (0x1e448a0) Cid: 1b0.460 CreateTime: 0x1c569dfadfcbf10 2005-06-05 15:03:06Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD6000(2a43000) ThreadsProcess: 0xFF2748A0 spoolsv.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F4D7A8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1518FC Contents: FF15167C:FF26DC9C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF15190C(1e4490c) PostBlockList: 0xE1341F90:E205D8D0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x0100197F C:\WINNT\system32\spoolsv.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7855000 Stack Limit: 0xF7851000 Kernel Stack: 0xF7854930(Paged< 0:624000> NA NA NA ) Resident: 0 User stack base: 0x008B0000(36d000 2dff000 19e9000 NA NA NA NA NA NA NA NA NA NA NA NA NA ) User stack Limit: 0x008A0000 THREAD: 0xFF151620 (0x1e44620) Cid: 1b0.43c CreateTime: 0x1c569dfae788540 2005-06-05 15:03:07Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(4ac9000) ThreadsProcess: 0xFF2748A0 spoolsv.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF15167C Contents: FF148DFC:FF1518FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF15168C(1e4468c) PostBlockList: 0xFF1517E4:FF1517E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x778321FE C:\WINNT\system32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF80F7000 Stack Limit: 0xF80F4000 Kernel Stack: 0xF80F6930(Paged< 0:623000> NA NA ) Resident: 0 User stack base: 0x00900000(2ebf000 ) User stack Limit: 0x008FF000 THREAD: 0xFF148020 (0x26c9020) Cid: 1b0.44c CreateTime: 0x1c569dfafb03f80 2005-06-05 15:03:09Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD5000(35db000) ThreadsProcess: 0xFF2748A0 spoolsv.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF14807C Contents: FF234C9C:FCA2B5BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF14808C(26c908c) PostBlockList: 0xFF1481E4:FF1481E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x76AE7267 C:\WINNT\system32\localspl.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF79D1000 Stack Limit: 0xF79CE000 Kernel Stack: 0xF79D0CA0(3613000 NA NA ) Resident: 0 User stack base: 0x00D60000(362a000 NA NA NA ) User stack Limit: 0x00D5C000 THREAD: 0xFF148DA0 (0x26c9da0) Cid: 1b0.47c CreateTime: 0x1c569dfafb03f80 2005-06-05 15:03:09Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD4000(3619000) ThreadsProcess: 0xFF2748A0 spoolsv.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF148DFC Contents: FF2698BC:FF15167C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF148E0C(26c9e0c) PostBlockList: 0xFF148F64:FF148F64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x76AC3A42 C:\WINNT\system32\localspl.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF79CD000 Stack Limit: 0xF79CA000 Kernel Stack: 0xF79CCCA0(Paged< 0:621000> NA NA ) Resident: 0 User stack base: 0x00DA0000(3658000 NA NA NA ) User stack Limit: 0x00D9C000 THREAD: 0xFF147B40 (0x2ce4b40) Cid: 1b0.488 CreateTime: 0x1c569dfafc8b280 2005-06-05 15:03:09Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAD000(36d1000) ThreadsProcess: 0xFF2748A0 spoolsv.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF147B9C Contents: FF26CDFC:FF17AA9C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF147BAC(2ce4bac) PostBlockList: 0xFF147D04:FF147D04 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF835F000 Stack Limit: 0xF835C000 Kernel Stack: 0xF835EC48(790f000 NA NA ) Resident: 0 User stack base: 0x00E70000(2e53000 NA NA NA ) User stack Limit: 0x00E6C000 + 1cc Avsynmgr.exe Source: from_active_process_list Eprocess Block: 0xFF269BA0 (0x2e5b84) CreateTime: 0x1c569df94c19180 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x2a0000 Process Environment Block: 0x7FFDF000 (121000) Loader module block: 0x00131E90 (12100c) Command Line: "C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe" Section: 0xE1E7B150 (0x3ef150) Section Base Address: 0x00400000 (3df000) SectionBasedAddress: 0x08B80C30 ) SizeOfSegment: 0x28000 SectionFileName: \Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe 0xe1e2dc08 (0x79afc08) Handle Table: 0xFF26B908 (0x250908) Count: 102 TableCode: 0xE1E7D000 Process exiting: 0 VAD Root: 0xFF239B28(65e2b28) Private: 264 Modified: 39 Locked: 0 AccessToken: 0xE1E7CE10(19b3e10) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,6419} ParentToken ID: {0,0} Modified ID: {0,4921} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege 0x00400000 0x00428000 (3df000) Avsynmgr.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000205A8 BaseDllName address: 0x00131F10 FullDllName physical address: 3c55a8 BaseDllName physical address: 28af10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F88 BaseDllName address: 0x00131FAC FullDllName physical address: 28af88 BaseDllName physical address: 28afac 0x77E80000 0x77F35000 (58b4000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132428 BaseDllName address: 0x00132400 FullDllName physical address: 2ab428 BaseDllName physical address: 2ab400 0x77E10000 0x77E74000 (5a02000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324F8 BaseDllName address: 0x001324D8 FullDllName physical address: 2ab4f8 BaseDllName physical address: 2ab4d8 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001325B0 BaseDllName address: 0x00132590 FullDllName physical address: 2ab5b0 BaseDllName physical address: 2ab590 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132668 BaseDllName address: 0x00132640 FullDllName physical address: 2ab668 BaseDllName physical address: 2ab640 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132720 BaseDllName address: 0x00132700 FullDllName physical address: 2ab720 BaseDllName physical address: 2ab700 0x11400000 0x1144B000 (2810000) VsUtil.dll C:\Program Files\McAfee\McAfee VirusScan\VsUtil.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00137D90 BaseDllName address: 0x00136970 FullDllName physical address: 125d90 BaseDllName physical address: 2e4970 0x76B30000 0x76B6E000 (5921000) comdlg32.dll C:\WINNT\system32\comdlg32.dll Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00137E68 BaseDllName address: 0x00136790 FullDllName physical address: 125e68 BaseDllName physical address: 2e4790 0x77C70000 0x77CBA000 (59ba000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x00137F20 BaseDllName address: 0x00137F00 FullDllName physical address: 125f20 BaseDllName physical address: 125f00 0x77B50000 0x77BD9000 (59cb000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xa TlsIndex: 0 FullDllName virtual address: 0x00137FE0 BaseDllName address: 0x00137FB8 FullDllName physical address: 7b6000 BaseDllName physical address: 125fb8 0x69800000 0x69A42000 (592f000) SHELL32.DLL C:\WINNT\system32\SHELL32.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00138098 BaseDllName address: 0x00138078 FullDllName physical address: 7b6098 BaseDllName physical address: 7b6078 0x78000000 0x78046000 (59bc000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00138150 BaseDllName address: 0x00138130 FullDllName physical address: 7b6150 BaseDllName physical address: 7b6130 0x10000000 0x10012000 (456a000) NAKRNL32.DLL C:\Program Files\Common Files\Network Associates\McPal\NAKRNL32.DLL Flags: 0x84004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x001387F8 BaseDllName address: 0x00138450 FullDllName physical address: 7b67f8 BaseDllName physical address: 7b6450 0x77820000 0x77827000 (59a7000) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x00138738 BaseDllName address: 0x001381E8 FullDllName physical address: 7b6738 BaseDllName physical address: 7b61e8 0x759B0000 0x759B6000 (5898000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x00134938 BaseDllName address: 0x001388D8 FullDllName physical address: 294938 BaseDllName physical address: 7b68d8 0x00A00000 0x00A3A000 (4654000) NAUTIL32.DLL C:\Program Files\Common Files\Network Associates\McPal\NAUTIL32.DLL Flags: 0x284004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00138988 BaseDllName address: 0x00138A18 FullDllName physical address: 7b6988 BaseDllName physical address: 7b6a18 0x75090000 0x750A0000 (59eb000) MPR.dll C:\WINNT\system32\MPR.dll Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00138478 BaseDllName address: 0x001324C0 FullDllName physical address: 7b6478 BaseDllName physical address: 2ab4c0 0x11D00000 0x11D10000 (4c37000) NTClient.dll C:\Program Files\McAfee\McAfee VirusScan\NTClient.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00138780 BaseDllName address: 0x00138B20 FullDllName physical address: 7b6780 BaseDllName physical address: 7b6b20 0x11200000 0x11212000 (4ae5000) AvSynch.dll C:\Program Files\McAfee\McAfee VirusScan\AvSynch.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00138CB8 BaseDllName address: 0x00138430 FullDllName physical address: 7b6cb8 BaseDllName physical address: 7b6430 0x11A00000 0x11A41000 (49bd000) Syncutil.dll C:\Program Files\McAfee\McAfee VirusScan\Syncutil.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00138D80 BaseDllName address: 0x00138DF8 FullDllName physical address: 7b6d80 BaseDllName physical address: 7b6df8 Thread List Head: 0xFF269BF0 THREAD: 0xFF269860 (0x2e5860) Cid: 1cc.1c8 CreateTime: 0x1c569df94c19180 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(fa6000) ThreadsProcess: 0xFF269BA0 Avsynmgr.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E7EEA8 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF2698BC Contents: FF26707C:FF148DFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF2698CC(2e58cc) PostBlockList: 0xFF269A24:FF269A24 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x00407070 C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF85E4000 Stack Limit: 0xF85E1000 Kernel Stack: 0xF85E3BFC(Paged< 0:61f000> NA NA ) Resident: 0 User stack base: 0x00130000(2c7000 12f000 ) User stack Limit: 0x0012E000 THREAD: 0xFF267020 (0xf86020) Cid: 1cc.1d0 CreateTime: 0x1c569df94c7ae40 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(386000) ThreadsProcess: 0xFF269BA0 Avsynmgr.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E8BEA8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF26707C Contents: FF23991C:FF2698BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF26708C(f8608c) PostBlockList: 0xE1E34A70:E1E34A70 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF80D3000 Stack Limit: 0xF80D0000 Kernel Stack: 0xF80D2930(Paged< 0:61e000> NA NA ) Resident: 0 User stack base: 0x007D0000(127000 1aae000 542a000 54ab000 2728000 829000 15ca000 254b000 7bec000 1b2d000 1a6e000 1acf000 28f0000 7911000 1a72000 4fd3000 4b9e000 4c3f000 ) User stack Limit: 0x007BE000 THREAD: 0xFF2398C0 (0x65e28c0) Cid: 1cc.248 CreateTime: 0x1c569df96cdb2d0 2005-06-05 15:02:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(656000) ThreadsProcess: 0xFF269BA0 Avsynmgr.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF23991C Contents: FF25ADFC:FF26707C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF23992C(65e292c) PostBlockList: 0xFF239A84:FF239A84 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x11201ED0 C:\Program Files\McAfee\McAfee VirusScan\AvSynch.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8103000 Stack Limit: 0xF8100000 Kernel Stack: 0xF8102930(Paged< 0:63a000> NA NA ) Resident: 0 User stack base: 0x00F50000(6b9a000 4e88000 ) User stack Limit: 0x00F4E000 THREAD: 0xFF211020 (0x4c85020) Cid: 1cc.308 CreateTime: 0x1c569df9e656950 2005-06-05 15:02:40Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(2580000) ThreadsProcess: 0xFF269BA0 Avsynmgr.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF21107C Contents: FF1A051C:FCDFF3FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF21108C(4c8508c) PostBlockList: 0xFF2111E4:FF2111E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x004010C8 C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7D33000 Stack Limit: 0xF7D30000 Kernel Stack: 0xF7D32930(2247000 2246000 2244000 ) Resident: 1 User stack base: 0x01050000(2541000 ) User stack Limit: 0x0104F000 + 1d8 dfrws2005.exe Source: from_active_process_list Eprocess Block: 0xFF267D60 (0xf86d44) CreateTime: 0x1c569df94c93570 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x326000 Process Environment Block: 0x7FFDF000 (1a53000) Loader module block: 0x00131E90 (1a5300c) Command Line: c:\winnt\system32\dfrws2005.exe Section: 0xE1E7E310 (0x2fa310) Section Base Address: 0x00400000 (145000) SectionBasedAddress: 0x08BA6438 ) SizeOfSegment: 0x88000 SectionFileName: \winnt\system32\dfrws2005.exe 0xe13366a8 (0x1ac36a8) Handle Table: 0xFF268C88 (0x2a7c88) Count: 35 TableCode: 0xE1E81000 Process exiting: 0 VAD Root: 0xFF260BC8(228bc8) Private: 243 Modified: 0 Locked: 0 AccessToken: 0xE1E7FE10(15a9e10) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,646d} ParentToken ID: {0,0} Modified ID: {0,64d0} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege 0x00400000 0x00488000 (145000) dfrws2005.exe c:\winnt\system32\dfrws2005.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: -1 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00131F10 FullDllName physical address: 19b757c BaseDllName physical address: 31cf10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F88 BaseDllName address: 0x00131FAC FullDllName physical address: 31cf88 BaseDllName physical address: 31cfac 0x77E80000 0x77F35000 (58b4000) kernel32.dll C:\WINNT\system32\kernel32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132428 BaseDllName address: 0x00132400 FullDllName physical address: 35d428 BaseDllName physical address: 35d400 0x77E10000 0x77E74000 (5a02000) user32.dll C:\WINNT\system32\user32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324F8 BaseDllName address: 0x001324D8 FullDllName physical address: 35d4f8 BaseDllName physical address: 35d4d8 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001325B0 BaseDllName address: 0x00132590 FullDllName physical address: 35d5b0 BaseDllName physical address: 35d590 0x77DB0000 0x77E0A000 (58b0000) advapi32.dll C:\WINNT\system32\advapi32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132668 BaseDllName address: 0x00132640 FullDllName physical address: 35d668 BaseDllName physical address: 35d640 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132720 BaseDllName address: 0x00132700 FullDllName physical address: 35d720 BaseDllName physical address: 35d700 0x779B0000 0x77A45000 (58fa000) oleaut32.dll C:\WINNT\system32\oleaut32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327E0 BaseDllName address: 0x001327B8 FullDllName physical address: 35d7e0 BaseDllName physical address: 35d7b8 0x77A50000 0x77B45000 (58c9000) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132898 BaseDllName address: 0x00132878 FullDllName physical address: 35d898 BaseDllName physical address: 35d878 0x75030000 0x75044000 (76c5000) ws2_32.dll c:\winnt\system32\ws2_32.dll Flags: 0x84004 LoadCount: 0x16 TlsIndex: 0 FullDllName virtual address: 0x00141650 BaseDllName address: 0x001388D0 FullDllName physical address: 1951650 BaseDllName physical address: 1a488d0 0x78000000 0x78046000 (59bc000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0x16 TlsIndex: 0 FullDllName virtual address: 0x001419C0 BaseDllName address: 0x00139040 FullDllName physical address: 19519c0 BaseDllName physical address: 18c040 0x75020000 0x75028000 (7666000) WS2HELP.DLL c:\winnt\system32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0x16 TlsIndex: 0 FullDllName virtual address: 0x00141A90 BaseDllName address: 0x00141A70 FullDllName physical address: 1951a90 BaseDllName physical address: 1951a70 Thread List Head: 0xFF267DB0 THREAD: 0xFF267600 (0xf86600) Cid: 1d8.1d4 CreateTime: 0x1c569df94c93570 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(2f8000) ThreadsProcess: 0xFF267D60 dfrws2005.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E7F9E8 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF26765C Contents: FF25F41C:FCDA507C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF26766C(f8666c) PostBlockList: 0xFF2677C4:FF2677C4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\kernel32.dll Win32 Start Address: 0x0040EAFC c:\winnt\system32\dfrws2005.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF85D4000 Stack Limit: 0xF85D0000 Kernel Stack: 0xF85D3BFC(Paged< 0:187000> NA NA NA ) Resident: 0 User stack base: 0x00130000(279000 124000 1ba000 2fb000 25c000 29d000 11e000 1ff000 1c0000 1961000 242000 1a3000 164000 1c5000 286000 1c7000 19c8000 1969000 12a000 14b000 3cc000 14d000 14e000 1ef000 1d0000 211000 212000 2233000 174000 195000 1b36000 1a57000 158000 ) User stack Limit: 0x0010F000 THREAD: 0xFF25F3C0 (0x1b163c0) Cid: 1d8.1dc CreateTime: 0x1c569df94da0480 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(1a09000) ThreadsProcess: 0xFF267D60 dfrws2005.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF25F41C Contents: FF24507C:FF26765C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF25F42C(1b1642c) PostBlockList: 0xFF25F584:FF25F584 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\kernel32.dll Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\advapi32.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF80EB000 Stack Limit: 0xF80E8000 Kernel Stack: 0xF80EACA0(Paged< 0:17a000> NA NA ) Resident: 0 User stack base: 0x00BA0000(1ca000 13d000 NA NA ) User stack Limit: 0x00B9C000 + 1ec svchost.exe Source: from_active_process_list Eprocess Block: 0xFF277960 (0xdd0944) CreateTime: 0x1c569df94db8bb0 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x20b000 Process Environment Block: 0x7FFDF000 (22b000) Loader module block: 0x00071E90 (22b00c) Command Line: C:\WINNT\System32\svchost.exe -k netsvcs Section: 0xE1E802F0 (0x2ca2f0) Section Base Address: 0x01000000 (de7000) SectionBasedAddress: 0x08A86420 ) SizeOfSegment: 0x5000 SectionFileName: \WINNT\system32\svchost.exe 0xe12d47a8 (0x19447a8) Handle Table: 0xFF2605A8 (0x2285a8) Count: 237 TableCode: 0xE1E84000 Process exiting: 0 VAD Root: 0xFF177E68(5901e68) Private: 521 Modified: 0 Locked: 0 AccessToken: 0xE1E82E10(155e10) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,64e9} ParentToken ID: {0,0} Modified ID: {0,8628} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled 0x01000000 0x01005000 (de7000) svchost.exe C:\WINNT\System32\svchost.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00071F10 FullDllName physical address: 192f57c BaseDllName physical address: 234f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F80 BaseDllName address: 0x00071FA4 FullDllName physical address: 234f80 BaseDllName physical address: 234fa4 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072420 BaseDllName address: 0x000723F8 FullDllName physical address: 18d5420 BaseDllName physical address: 18d53f8 0x77E80000 0x77F35000 (58b4000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724E0 BaseDllName address: 0x000724B8 FullDllName physical address: 18d54e0 BaseDllName physical address: 18d54b8 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072598 BaseDllName address: 0x00072578 FullDllName physical address: 18d5598 BaseDllName physical address: 18d5578 0x77A50000 0x77B45000 (58c9000) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072668 BaseDllName address: 0x00072648 FullDllName physical address: 18d5668 BaseDllName physical address: 18d5648 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072718 BaseDllName address: 0x000726F8 FullDllName physical address: 18d5718 BaseDllName physical address: 18d56f8 0x77E10000 0x77E74000 (5a02000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000727C8 BaseDllName address: 0x000727A8 FullDllName physical address: 18d57c8 BaseDllName physical address: 18d57a8 0x76290000 0x762CD000 (1b59000) es.dll c:\winnt\system32\es.dll Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007B8E8 BaseDllName address: 0x0007BDA0 FullDllName physical address: 1aec8e8 BaseDllName physical address: 1aecda0 0x76120000 0x76178000 (15bb000) TXFAUX.DLL c:\winnt\system32\TXFAUX.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007BE08 BaseDllName address: 0x0007BA10 FullDllName physical address: 1aece08 BaseDllName physical address: 1aeca10 0x78000000 0x78046000 (59bc000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xb3 TlsIndex: 0 FullDllName virtual address: 0x0007BFE0 BaseDllName address: 0x0007BFC0 FullDllName physical address: 28cc000 BaseDllName physical address: 1aecfc0 0x779B0000 0x77A45000 (58fa000) OLEAUT32.DLL C:\WINNT\system32\OLEAUT32.DLL Flags: 0x84006 LoadCount: 0x1c TlsIndex: 0 FullDllName virtual address: 0x0007C078 BaseDllName address: 0x0007B960 FullDllName physical address: 28cc078 BaseDllName physical address: 1aec960 0x691D0000 0x69255000 (d00000) CLBCATQ.DLL C:\WINNT\System32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00080F78 BaseDllName address: 0x00080F58 FullDllName physical address: 4756f78 BaseDllName physical address: 4756f58 0x761D0000 0x76234000 (4a5d000) ntmssvc.dll c:\winnt\system32\ntmssvc.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00083508 BaseDllName address: 0x000832F0 FullDllName physical address: 7d51508 BaseDllName physical address: 7d512f0 0x76180000 0x7618C000 (68ea000) sens.dll c:\winnt\system32\sens.dll Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00083CB8 BaseDllName address: 0x00083420 FullDllName physical address: 7d51cb8 BaseDllName physical address: 7d51420 0x77B50000 0x77BD9000 (59cb000) COMCTL32.dll C:\WINNT\system32\COMCTL32.dll Flags: 0xc4004 LoadCount: 0xe TlsIndex: 0 FullDllName virtual address: 0x00083E78 BaseDllName address: 0x00083C40 FullDllName physical address: 7d51e78 BaseDllName physical address: 7d51c40 0x75030000 0x75044000 (76c5000) WS2_32.dll C:\WINNT\System32\WS2_32.dll Flags: 0x84004 LoadCount: 0x3f TlsIndex: 0 FullDllName virtual address: 0x00083D48 BaseDllName address: 0x00084228 FullDllName physical address: 7d51d48 BaseDllName physical address: 19cc228 0x75020000 0x75028000 (7666000) WS2HELP.DLL C:\WINNT\System32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0x18 TlsIndex: 0 FullDllName virtual address: 0x00071FC0 BaseDllName address: 0x00072008 FullDllName physical address: 234fc0 BaseDllName physical address: 18d5008 0x77340000 0x77353000 (b70000) iphlpapi.dll C:\WINNT\System32\iphlpapi.dll Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00093768 BaseDllName address: 0x00093488 FullDllName physical address: 2b4c768 BaseDllName physical address: 2b4c488 0x77520000 0x77525000 (b2d000) ICMP.DLL C:\WINNT\System32\ICMP.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00093D90 BaseDllName address: 0x0008EAD0 FullDllName physical address: 2b4cd90 BaseDllName physical address: 26e2ad0 0x77320000 0x77337000 (cbf000) MPRAPI.DLL C:\WINNT\System32\MPRAPI.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0008EC00 BaseDllName address: 0x0008E9B0 FullDllName physical address: 26e2c00 BaseDllName physical address: 26e29b0 0x75150000 0x7515F000 (767b000) SAMLIB.DLL C:\WINNT\System32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0xf TlsIndex: 0 FullDllName virtual address: 0x000928D0 BaseDllName address: 0x00093468 FullDllName physical address: 2a368d0 BaseDllName physical address: 2b4c468 0x75170000 0x751BF000 (7646000) NETAPI32.DLL C:\WINNT\System32\NETAPI32.DLL Flags: 0xc4006 LoadCount: 0x10 TlsIndex: 0 FullDllName virtual address: 0x00093E60 BaseDllName address: 0x0008E988 FullDllName physical address: 2b4ce60 BaseDllName physical address: 26e2988 0x77BE0000 0x77BEF000 (75fa000) SECUR32.DLL C:\WINNT\System32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0x1c TlsIndex: 0 FullDllName virtual address: 0x00092950 BaseDllName address: 0x000942F0 FullDllName physical address: 2a36950 BaseDllName physical address: 2b9b2f0 0x751C0000 0x751C6000 (7688000) NETRAP.DLL C:\WINNT\System32\NETRAP.DLL Flags: 0x4006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x00093058 BaseDllName address: 0x00082108 FullDllName physical address: 2b4c058 BaseDllName physical address: 4590108 0x77950000 0x77979000 (5989000) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0x11 TlsIndex: 0 FullDllName virtual address: 0x00093FB0 BaseDllName address: 0x00093668 FullDllName physical address: 2b4cfb0 BaseDllName physical address: 2b4c668 0x77980000 0x779A4000 (769b000) DNSAPI.DLL C:\WINNT\System32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0x10 TlsIndex: 0 FullDllName virtual address: 0x00094048 BaseDllName address: 0x000934B0 FullDllName physical address: 2b9b048 BaseDllName physical address: 2b4c4b0 0x75050000 0x75058000 (765c000) WSOCK32.DLL C:\WINNT\System32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0xb TlsIndex: 0 FullDllName virtual address: 0x00094090 BaseDllName address: 0x00093BE8 FullDllName physical address: 2b9b090 BaseDllName physical address: 2b4cbe8 0x773B0000 0x773DE000 (bd8000) ACTIVEDS.DLL C:\WINNT\System32\ACTIVEDS.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00094AC0 BaseDllName address: 0x00090450 FullDllName physical address: 2b9bac0 BaseDllName physical address: 2835450 0x77380000 0x773A2000 (b99000) ADSLDPC.DLL C:\WINNT\System32\ADSLDPC.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00094B58 BaseDllName address: 0x00089048 FullDllName physical address: 2b9bb58 BaseDllName physical address: 50d0048 0x77830000 0x7783E000 (bb2000) RTUTILS.DLL C:\WINNT\System32\RTUTILS.DLL Flags: 0xc4006 LoadCount: 0xc TlsIndex: 0 FullDllName virtual address: 0x00094BF0 BaseDllName address: 0x0008DE18 FullDllName physical address: 2b9bbf0 BaseDllName physical address: 4d71e18 0x77880000 0x7790D000 (7ce6000) SETUPAPI.DLL C:\WINNT\System32\SETUPAPI.DLL Flags: 0x84006 LoadCount: 0xa TlsIndex: 0 FullDllName virtual address: 0x00094C88 BaseDllName address: 0x00090A30 FullDllName physical address: 2b9bc88 BaseDllName physical address: 2835a30 0x77C10000 0x77C6D000 (7606000) USERENV.DLL C:\WINNT\System32\USERENV.DLL Flags: 0xc4006 LoadCount: 0xc TlsIndex: 0 FullDllName virtual address: 0x00094D20 BaseDllName address: 0x0008DBA0 FullDllName physical address: 2b9bd20 BaseDllName physical address: 4d71ba0 0x774E0000 0x77512000 (b9d000) RASAPI32.DLL C:\WINNT\System32\RASAPI32.DLL Flags: 0xc4006 LoadCount: 0xd TlsIndex: 0 FullDllName virtual address: 0x00094DB8 BaseDllName address: 0x00090918 FullDllName physical address: 2b9bdb8 BaseDllName physical address: 2835918 0x774C0000 0x774D1000 (c0e000) RASMAN.DLL C:\WINNT\System32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0xe TlsIndex: 0 FullDllName virtual address: 0x00094E50 BaseDllName address: 0x00090940 FullDllName physical address: 2b9be50 BaseDllName physical address: 2835940 0x77530000 0x77552000 (bbc000) TAPI32.DLL C:\WINNT\System32\TAPI32.DLL Flags: 0x84006 LoadCount: 0xd TlsIndex: 0 FullDllName virtual address: 0x00094EE8 BaseDllName address: 0x00093438 FullDllName physical address: 2b9bee8 BaseDllName physical address: 2b4c438 0x77C70000 0x77CBA000 (59ba000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xd TlsIndex: 0 FullDllName virtual address: 0x00094F80 BaseDllName address: 0x00093EA8 FullDllName physical address: 2b9bf80 BaseDllName physical address: 2b4cea8 0x77360000 0x77379000 (b78000) DHCPCSVC.DLL C:\WINNT\System32\DHCPCSVC.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00091038 BaseDllName address: 0x00092CC0 FullDllName physical address: 2a15038 BaseDllName physical address: 2a36cc0 0x76270000 0x76289000 (37cf000) netman.dll c:\winnt\system32\netman.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000905D0 BaseDllName address: 0x00092798 FullDllName physical address: 28355d0 BaseDllName physical address: 2a36798 0x76F20000 0x76F95000 (35a4000) NETSHELL.dll C:\WINNT\system32\NETSHELL.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00098570 BaseDllName address: 0x0009A188 FullDllName physical address: 33bd570 BaseDllName physical address: 3867188 0x69800000 0x69A42000 (592f000) SHELL32.DLL C:\WINNT\system32\SHELL32.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00098608 BaseDllName address: 0x000997D0 FullDllName physical address: 33bd608 BaseDllName physical address: 381d7d0 0x76110000 0x76114000 (352b000) WMI.dll C:\WINNT\System32\WMI.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00098A08 BaseDllName address: 0x0008DF88 FullDllName physical address: 33bda08 BaseDllName physical address: 4d71f88 0x694F0000 0x69630000 (3e77000) comsvcs.dll C:\WINNT\System32\comsvcs.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A62E8 BaseDllName address: 0x000A6330 FullDllName physical address: 3de52e8 BaseDllName physical address: 3de5330 0x00DE0000 0x00E84000 (3fb7000) MSDTCPRX.dll C:\WINNT\System32\MSDTCPRX.dll Flags: 0x2c4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A63A0 BaseDllName address: 0x0009D0B8 FullDllName physical address: 3de53a0 BaseDllName physical address: 39280b8 0x6A7A0000 0x6A7AF000 (4303000) MTXCLU.DLL C:\WINNT\System32\MTXCLU.DLL Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000A6458 BaseDllName address: 0x000A6438 FullDllName physical address: 3de5458 BaseDllName physical address: 3de5438 0x77820000 0x77827000 (59a7000) VERSION.DLL C:\WINNT\system32\VERSION.DLL Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A6510 BaseDllName address: 0x000A64F0 FullDllName physical address: 3de5510 BaseDllName physical address: 3de54f0 0x759B0000 0x759B6000 (5898000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0009E970 BaseDllName address: 0x000A65A8 FullDllName physical address: 3930970 BaseDllName physical address: 3de55a8 0x73930000 0x73940000 (589d000) CLUSAPI.DLL C:\WINNT\System32\CLUSAPI.DLL Flags: 0x4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000A6658 BaseDllName address: 0x000A6638 FullDllName physical address: 3de5658 BaseDllName physical address: 3de5638 0x689D0000 0x689DD000 (58d1000) RESUTILS.DLL C:\WINNT\System32\RESUTILS.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A66F0 BaseDllName address: 0x0009E8F8 FullDllName physical address: 3de56f0 BaseDllName physical address: 39308f8 0x773E0000 0x773F2000 (341d000) ATL.DLL C:\WINNT\System32\ATL.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A4BA8 BaseDllName address: 0x00093640 FullDllName physical address: 3ababa8 BaseDllName physical address: 2b4c640 0x76240000 0x7626C000 (216f000) NTMSDBA.dll C:\WINNT\System32\NTMSDBA.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A5D30 BaseDllName address: 0x000A6618 FullDllName physical address: 3de4d30 BaseDllName physical address: 3de5618 0x66DF0000 0x66E1C000 (391a000) tapisrv.dll c:\winnt\system32\tapisrv.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0009BEA0 BaseDllName address: 0x000A6A78 FullDllName physical address: 3910ea0 BaseDllName physical address: 3de5a78 0x75710000 0x75739000 (359b000) rasmans.dll c:\winnt\system32\rasmans.dll Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x000C26F8 BaseDllName address: 0x000B8870 FullDllName physical address: 1bc86f8 BaseDllName physical address: 4927870 0x77440000 0x774B8000 (7a94000) CRYPT32.dll c:\winnt\system32\CRYPT32.dll Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x000C2790 BaseDllName address: 0x000AF3B8 FullDllName physical address: 1bc8790 BaseDllName physical address: 1ddd3b8 0x77430000 0x77440000 (796c000) MSASN1.DLL c:\winnt\system32\MSASN1.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x000C2848 BaseDllName address: 0x000C2828 FullDllName physical address: 1bc8848 BaseDllName physical address: 1bc8828 0x6A4B0000 0x6A539000 (386f000) netcfgx.dll c:\winnt\system32\netcfgx.dll Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x000C2900 BaseDllName address: 0x000C28E0 FullDllName physical address: 1bc8900 BaseDllName physical address: 1bc88e0 0x75870000 0x758F3000 (960000) RASDLG.dll c:\winnt\system32\RASDLG.dll Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x000C29B8 BaseDllName address: 0x000C2998 FullDllName physical address: 1bc89b8 BaseDllName physical address: 1bc8998 0x69BF0000 0x69C0D000 (67b9000) NTMARTA.DLL C:\WINNT\System32\NTMARTA.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C5EF0 BaseDllName address: 0x000C3160 FullDllName physical address: 446eef0 BaseDllName physical address: 232a160 0x77800000 0x7781D000 (53a9000) WINSPOOL.DRV C:\WINNT\System32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C66C8 BaseDllName address: 0x000C3E60 FullDllName physical address: 59616c8 BaseDllName physical address: 232ae60 0x77BF0000 0x77C01000 (7a16000) NTDSAPI.dll C:\WINNT\System32\NTDSAPI.dll Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C4220 BaseDllName address: 0x000C3708 FullDllName physical address: 4312220 BaseDllName physical address: 232a708 Thread List Head: 0xFF2779B0 THREAD: 0xFF25DB80 (0x18ffb80) Cid: 1ec.1e8 CreateTime: 0x1c569df94db8bb0 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(18f0000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E82848 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF25DBDC Contents: FF259C9C:FF1D08FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF25DBEC(18ffbec) PostBlockList: 0xFF25DD44:FF25DD44 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x010010B8 C:\WINNT\System32\svchost.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF05C0000 Stack Limit: 0xF05BD000 Kernel Stack: 0xF05BFBFC(Paged< 0:64a000> NA NA ) Resident: 0 User stack base: 0x00070000(19d1000 18b8000 ) User stack Limit: 0x0006E000 THREAD: 0xFF259C40 (0x26f8c40) Cid: 1ec.1fc CreateTime: 0x1c569df94f3feb0 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(1b6e000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E8C888 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF259C9C Contents: FF23E69C:FF25007C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF259CAC(26f8cac) PostBlockList: 0xE1345530:E12B91D0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8093000 Stack Limit: 0xF8090000 Kernel Stack: 0xF8092CA0(Paged< 0:649000> NA NA ) Resident: 1 User stack base: 0x00440000(280f000 28b0000 ) User stack Limit: 0x0043E000 THREAD: 0xFF250020 (0x7c7020) Cid: 1ec.214 CreateTime: 0x1c569df96259c30 2005-06-05 15:02:26Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(4cb2000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE20D2328 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF25007C Contents: FF24D47C:FF1ED73C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF25008C(7c708c) PostBlockList: 0xFF2501E4:FF2501E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF77F5000 Stack Limit: 0xF77F2000 Kernel Stack: 0xF77F4C20(2f4a000 NA NA ) Resident: 0 User stack base: 0x00900000(4fb3000 4bf4000 ) User stack Limit: 0x008FE000 THREAD: 0xFF23E640 (0x560a640) Cid: 1ec.254 CreateTime: 0x1c569df97063cc0 2005-06-05 15:02:28Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(7a7f000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EB8148 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF23E69C Contents: FF2285BC:FF259C9C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF23E6AC(560a6ac) PostBlockList: 0xE130C4B0:E12EBD30 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7F5A000 Stack Limit: 0xF7F57000 Kernel Stack: 0xF7F59C20(Paged< 0:999000> NA NA ) Resident: 0 User stack base: 0x00940000(940000 ea1000 4cf9000 ) User stack Limit: 0x0093D000 THREAD: 0xFF232A60 (0x6c11a60) Cid: 1ec.260 CreateTime: 0x1c569df972036f0 2005-06-05 15:02:28Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(4621000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Alertable WaitListHead: 0xFF232ABC Contents: FF19489C:FF2869DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF232B14(6c11b14) PostBlockList: 0xFF232C24:FF232C24 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F828B5 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FDD000 Stack Limit: 0xF7FDA000 Kernel Stack: 0xF7FDCCC4(1a35000 2eaf000 37eb000 ) Resident: 0 User stack base: 0x00980000(4762000 ) User stack Limit: 0x0097F000 THREAD: 0xFF228560 (0x4f13560) Cid: 1ec.21c CreateTime: 0x1c569df97542b50 2005-06-05 15:02:28Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD7000(4fb2000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EC6568 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF2285BC Contents: FF1AB6BC:FF23E69C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF2285CC(4f135cc) PostBlockList: 0xFF228724:FF228724 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x76291901 c:\winnt\system32\es.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF05A0000 Stack Limit: 0xF059D000 Kernel Stack: 0xF059F930(4dd9000 NA NA ) Resident: 0 User stack base: 0x00A10000(6493000 3d59000 3d6d000 ) User stack Limit: 0x00A0D000 THREAD: 0xFF1CF020 (0x22fe020) Cid: 1ec.324 CreateTime: 0x1c569df9ebf9160 2005-06-05 15:02:41Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD5000(2689000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1CF07C Contents: FF19B51C:FF1CE89C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1CF08C(22fe08c) PostBlockList: 0xE12A6970:E12A6970 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7CD6000 Stack Limit: 0xF7CD3000 Kernel Stack: 0xF7CD5C48(24b4000 NA NA ) Resident: 1 User stack base: 0x00A90000(268b000 331b000 333d000 3396000 33d4000 33d5000 33f6000 33f7000 33f8000 33d9000 ) User stack Limit: 0x00A86000 THREAD: 0xFF1CE840 (0x2704840) Cid: 1ec.338 CreateTime: 0x1c569df9ee8d370 2005-06-05 15:02:41Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAF000(2863000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1CE89C Contents: FF1CF07C:FCA2B07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1CE8AC(27048ac) PostBlockList: 0xFF1CEA04:FF1CEA04 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL LPC Server thread working on message Id 0xcfe Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7CC2000 Stack Limit: 0xF7CBF000 Kernel Stack: 0xF7CC1C48(2721000 5925000 3488000 ) Resident: 0 User stack base: 0x00B20000(2844000 35fd000 3de6000 ) User stack Limit: 0x00B1D000 THREAD: 0xFF1CD020 (0x4703020) Cid: 1ec.33c CreateTime: 0x1c569df9eea5aa0 2005-06-05 15:02:41Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAE000(2845000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF1CD07C Contents: FF19B51C:FF27F07C Queue List: 0xFF1E92A0:FF1E92A0 WaitBlockList: 0xFF1CD08C(470308c) PostBlockList: 0xE2108850:E2108850 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F961B4 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7CC6000 Stack Limit: 0xF7CC3000 Kernel Stack: 0xF7CC5C90(26dc000 NA NA ) Resident: 1 User stack base: 0x00B60000(2712000 2708000 407a000 ) User stack Limit: 0x00B5D000 THREAD: 0xFF1AB660 (0x3354660) Cid: 1ec.360 CreateTime: 0x1c569dfa026aa70 2005-06-05 15:02:43Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAD000(33ab000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1AB6BC Contents: FF19489C:FF2285BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1D50E8(22200e8) PostBlockList: 0xE2106470:E2106470 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x778321FE C:\WINNT\System32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B58000 Stack Limit: 0xF7B55000 Kernel Stack: 0xF7B57930(Paged< 0:676000> NA NA ) Resident: 0 User stack base: 0x00BB0000(338d000 ) User stack Limit: 0x00BAF000 THREAD: 0xFF19F3E0 (0x37d03e0) Cid: 1ec.39c CreateTime: 0x1c569dfa190d1e0 2005-06-05 15:02:45Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFAC000(3801000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F06408 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF19F43C Contents: FF140AFC:FF19489C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF19F44C(37d044c) PostBlockList: 0xFF19F5A4:FF19F5A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF0670000 Stack Limit: 0xF066D000 Kernel Stack: 0xF066FC20(Paged< 0:67d000> NA NA ) Resident: 0 User stack base: 0x00C00000(37cd000 37ce000 ) User stack Limit: 0x00BFE000 THREAD: 0xFF194840 (0x38cf840) Cid: 1ec.3c0 CreateTime: 0x1c569dfa21d6720 2005-06-05 15:02:46Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA9000(3911000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF19489C Contents: FF19F43C:FF1AB6BC Queue List: 0xFF25A3A0:FF25A3A0 WaitBlockList: 0xFF1948AC(38cf8ac) PostBlockList: 0xFF194A04:FF194A04 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B30000 Stack Limit: 0xF7B2D000 Kernel Stack: 0xF7B2FC90(3943000 NA NA ) Resident: 0 User stack base: 0x00DC0000(3905000 e35000 ) User stack Limit: 0x00DBE000 THREAD: 0xFF140AA0 (0x3442aa0) Cid: 1ec.49c CreateTime: 0x1c569dfb1e41bb0 2005-06-05 15:03:13Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFA6000(232d000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF140AFC Contents: FF13933C:FF19F43C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF140B0C(3442b0c) PostBlockList: 0xFF140C64:FF140C64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x761D1FD3 c:\winnt\system32\ntmssvc.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF79C9000 Stack Limit: 0xF79C6000 Kernel Stack: 0xF79C8CA0(Paged< 0:67b000> NA NA ) Resident: 0 User stack base: 0x00F90000(206f000 ) User stack Limit: 0x00F8F000 THREAD: 0xFF1392E0 (0x1bc62e0) Cid: 1ec.34c CreateTime: 0x1c569dfb47098c0 2005-06-05 15:03:17Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF0C000(42af000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF13933C Contents: FF1AB6BC:FF140AFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF13934C(1bc634c) PostBlockList: 0xFF1394A4:FF1394A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B60000 Stack Limit: 0xF7B5D000 Kernel Stack: 0xF7B5FCA0(Paged< 0:67a000> NA NA ) Resident: 0 User stack base: 0x01210000(2d70000 4331000 ) User stack Limit: 0x0120E000 THREAD: 0xFF139B20 (0x1bc6b20) Cid: 1ec.4a8 CreateTime: 0x1c569dfb47fe0a0 2005-06-05 15:03:17Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FF0B000(3758000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF139B7C Contents: FF26F07C:FF1A295C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF139B8C(1bc6b8c) PostBlockList: 0xFF139CE4:FF139CE4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x66E0A585 c:\winnt\system32\tapisrv.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B1C000 Stack Limit: 0xF7B19000 Kernel Stack: 0xF7B1BCA0(3ceb000 3c25000 1e06000 ) Resident: 0 User stack base: 0x01260000(39fa000 ) User stack Limit: 0x0125F000 THREAD: 0xFF131380 (0x917380) Cid: 1ec.4e4 CreateTime: 0x1c569dfb67cba10 2005-06-05 15:03:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FEFF000(4cfe000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1313DC Contents: FF276ABC:FF1CF07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1313EC(9173ec) PostBlockList: 0xFF131544:FF131544 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7AE7000 Stack Limit: 0xF7AE4000 Kernel Stack: 0xF7AE6C48(541f000 NA NA ) Resident: 0 User stack base: 0x01670000(519f000 ) User stack Limit: 0x0166F000 THREAD: 0xFF19B4C0 (0x384a4c0) Cid: 1ec.3a0 CreateTime: 0x1c569e129581970 2005-06-05 15:13:43Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD6000(6abf000) ThreadsProcess: 0xFF277960 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF19B51C Contents: FF13771C:FF1CF07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF19B52C(384a52c) PostBlockList: 0xFF19B684:FF19B684 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7905000 Stack Limit: 0xF7902000 Kernel Stack: 0xF7904C48(7596000 e9a000 66b7000 ) Resident: 0 User stack base: 0x01730000(5948000 6591000 aa1000 6340000 ) User stack Limit: 0x0172C000 THREAD: 0xFF1376C0 (0x3f2a6c0) Cid: 1ec.3ec CreateTime: 0x1c569e1e804f6f0 2005-06-05 15:19:03Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(0) ThreadsProcess: 0xFF277960 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF13771C Contents: FF2087FC:FF19B51C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF13772C(3f2a72c) PostBlockList: 0xFF137884:FF137884 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF76C5000 Stack Limit: 0xF76C2000 Kernel Stack: 0xF76C4C48(1def000 b2e000 34ad000 ) Resident: 0 THREAD: 0xFF2087A0 (0x6b927a0) Cid: 1ec.4d4 CreateTime: 0x1c569e1e86cdfb0 2005-06-05 15:19:03Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD8000(0) ThreadsProcess: 0xFF277960 svchost.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Non-Alertable WaitListHead: 0xFF2087FC Contents: FCA371FC:FF1DB4FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF208854(6b92854) PostBlockList: 0xFF208964:FF208964 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77A78671 C:\WINNT\system32\OLE32.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF76A1000 Stack Limit: 0xF769E000 Kernel Stack: 0xF76A0CC4(NA NA Paged< 0:2a0000> ) Resident: 0 + 1f8 nc.exe Source: from_active_process_list Eprocess Block: 0xFF25A020 (0x2272004) CreateTime: 0x1c569df94ec5ac0 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x1a19000 Process Environment Block: 0x7FFDF000 (1b1e000) Loader module block: 0x00131E90 (1b1e00c) Command Line: "c:\winnt\system32\nc.exe" -L -p 3000 -t -e cmd.exe Section: 0xE1344AB0 (0x1accab0) Section Base Address: 0x00400000 (2957000) SectionBasedAddress: 0x08C6D4A8 ) SizeOfSegment: 0x13000 SectionFileName: \winnt\system32\nc.exe 0xe134a208 (0x1af5208) Handle Table: 0xFF25B1A8 (0x194a1a8) Count: 96 TableCode: 0xE1E88000 Process exiting: 0 VAD Root: 0xFF25A3C8(22723c8) Private: 190 Modified: 0 Locked: 0 AccessToken: 0xE1E87030(733030) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,663d} ParentToken ID: {0,0} Modified ID: {0,64d0} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege 0x00400000 0x00413000 (2957000) nc.exe c:\winnt\system32\nc.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00131F10 FullDllName physical address: 292257c BaseDllName physical address: 2267f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F78 BaseDllName address: 0x00131F9C FullDllName physical address: 2267f78 BaseDllName physical address: 2267f9c 0x77E80000 0x77F35000 (58b4000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132418 BaseDllName address: 0x001323F0 FullDllName physical address: 28a8418 BaseDllName physical address: 28a83f0 0x75050000 0x75058000 (765c000) WSOCK32.dll c:\winnt\system32\WSOCK32.dll Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324E8 BaseDllName address: 0x001324C8 FullDllName physical address: 28a84e8 BaseDllName physical address: 28a84c8 0x75030000 0x75044000 (76c5000) WS2_32.DLL c:\winnt\system32\WS2_32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001328C8 BaseDllName address: 0x001328A8 FullDllName physical address: 28a88c8 BaseDllName physical address: 28a88a8 0x78000000 0x78046000 (59bc000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132980 BaseDllName address: 0x00132960 FullDllName physical address: 28a8980 BaseDllName physical address: 28a8960 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132A40 BaseDllName address: 0x00132A18 FullDllName physical address: 28a8a40 BaseDllName physical address: 28a8a18 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132AF8 BaseDllName address: 0x00132AD8 FullDllName physical address: 28a8af8 BaseDllName physical address: 28a8ad8 0x75020000 0x75028000 (7666000) WS2HELP.DLL c:\winnt\system32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132BB0 BaseDllName address: 0x00132B90 FullDllName physical address: 28a8bb0 BaseDllName physical address: 28a8b90 0x78280000 0x7828C000 (361000) rnr20.dll C:\WINNT\System32\rnr20.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013A2C8 BaseDllName address: 0x00132C48 FullDllName physical address: 28de2c8 BaseDllName physical address: 28a8c48 0x77E10000 0x77E74000 (5a02000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0x46 TlsIndex: 0 FullDllName virtual address: 0x0013A280 BaseDllName address: 0x0013A358 FullDllName physical address: 28de280 BaseDllName physical address: 28de358 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0x22 TlsIndex: 0 FullDllName virtual address: 0x0013A3E8 BaseDllName address: 0x0013A3C8 FullDllName physical address: 28de3e8 BaseDllName physical address: 28de3c8 0x77980000 0x779A4000 (769b000) DNSAPI.DLL c:\winnt\system32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x0013A498 BaseDllName address: 0x0013A478 FullDllName physical address: 28de498 BaseDllName physical address: 28de478 0x777E0000 0x777E8000 (331000) winrnr.dll C:\WINNT\System32\winrnr.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013DC08 BaseDllName address: 0x0013CB78 FullDllName physical address: 5c8c08 BaseDllName physical address: 29e7b78 0x77950000 0x77979000 (5989000) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x0013DC50 BaseDllName address: 0x0013CCC8 FullDllName physical address: 5c8c50 BaseDllName physical address: 29e7cc8 0x777F0000 0x777F5000 (381000) rasadhlp.dll c:\winnt\system32\rasadhlp.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013E400 BaseDllName address: 0x0013CB50 FullDllName physical address: 282c400 BaseDllName physical address: 29e7b50 0x77830000 0x7783E000 (bb2000) RTUTILS.DLL c:\winnt\system32\RTUTILS.DLL Flags: 0xc4004 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0013E448 BaseDllName address: 0x0013DE48 FullDllName physical address: 282c448 BaseDllName physical address: 5c8e48 0x74FD0000 0x74FED000 (ee7000) msafd.dll C:\WINNT\system32\msafd.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0013CBC0 BaseDllName address: 0x0013E490 FullDllName physical address: 29e7bc0 BaseDllName physical address: 282c490 0x77340000 0x77353000 (b70000) IPHLPAPI.DLL c:\winnt\system32\IPHLPAPI.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x00138310 BaseDllName address: 0x0013CB98 FullDllName physical address: 618310 BaseDllName physical address: 29e7b98 0x77520000 0x77525000 (b2d000) ICMP.DLL c:\winnt\system32\ICMP.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0013E298 BaseDllName address: 0x0013E2D8 FullDllName physical address: 282c298 BaseDllName physical address: 282c2d8 0x77320000 0x77337000 (cbf000) MPRAPI.DLL c:\winnt\system32\MPRAPI.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0013E368 BaseDllName address: 0x0013E348 FullDllName physical address: 282c368 BaseDllName physical address: 282c348 0x75150000 0x7515F000 (767b000) SAMLIB.DLL c:\winnt\system32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0013ED38 BaseDllName address: 0x0013ED18 FullDllName physical address: 282cd38 BaseDllName physical address: 282cd18 0x75170000 0x751BF000 (7646000) NETAPI32.DLL c:\winnt\system32\NETAPI32.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0013EDD0 BaseDllName address: 0x0013E4B0 FullDllName physical address: 282cdd0 BaseDllName physical address: 282c4b0 0x77BE0000 0x77BEF000 (75fa000) SECUR32.DLL c:\winnt\system32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x0013EE88 BaseDllName address: 0x0013EE68 FullDllName physical address: 282ce88 BaseDllName physical address: 282ce68 0x751C0000 0x751C6000 (7688000) NETRAP.DLL c:\winnt\system32\NETRAP.DLL Flags: 0x4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0013EF40 BaseDllName address: 0x0013EF20 FullDllName physical address: 282cf40 BaseDllName physical address: 282cf20 0x77A50000 0x77B45000 (58c9000) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84006 LoadCount: 0xe TlsIndex: 0 FullDllName virtual address: 0x0013EFF8 BaseDllName address: 0x0013EFD8 FullDllName physical address: 28cd000 BaseDllName physical address: 282cfd8 0x779B0000 0x77A45000 (58fa000) OLEAUT32.DLL C:\WINNT\system32\OLEAUT32.DLL Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x0013F0B0 BaseDllName address: 0x0013F088 FullDllName physical address: 28cd0b0 BaseDllName physical address: 28cd088 0x773B0000 0x773DE000 (bd8000) ACTIVEDS.DLL c:\winnt\system32\ACTIVEDS.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0013F170 BaseDllName address: 0x0013F148 FullDllName physical address: 28cd170 BaseDllName physical address: 28cd148 0x77380000 0x773A2000 (b99000) ADSLDPC.DLL c:\winnt\system32\ADSLDPC.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0013F228 BaseDllName address: 0x0013F208 FullDllName physical address: 28cd228 BaseDllName physical address: 28cd208 0x77880000 0x7790D000 (7ce6000) SETUPAPI.DLL c:\winnt\system32\SETUPAPI.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0013F2E8 BaseDllName address: 0x0013F2C0 FullDllName physical address: 28cd2e8 BaseDllName physical address: 28cd2c0 0x77C10000 0x77C6D000 (7606000) USERENV.DLL c:\winnt\system32\USERENV.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0013F3A0 BaseDllName address: 0x0013F380 FullDllName physical address: 28cd3a0 BaseDllName physical address: 28cd380 0x774E0000 0x77512000 (b9d000) RASAPI32.DLL c:\winnt\system32\RASAPI32.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0013F460 BaseDllName address: 0x0013F438 FullDllName physical address: 28cd460 BaseDllName physical address: 28cd438 0x774C0000 0x774D1000 (c0e000) RASMAN.DLL c:\winnt\system32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0013F518 BaseDllName address: 0x0013F4F8 FullDllName physical address: 28cd518 BaseDllName physical address: 28cd4f8 0x77530000 0x77552000 (bbc000) TAPI32.DLL c:\winnt\system32\TAPI32.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0013F5D0 BaseDllName address: 0x0013F5B0 FullDllName physical address: 28cd5d0 BaseDllName physical address: 28cd5b0 0x77B50000 0x77BD9000 (59cb000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0013F690 BaseDllName address: 0x0013F668 FullDllName physical address: 28cd690 BaseDllName physical address: 28cd668 0x77C70000 0x77CBA000 (59ba000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0013F748 BaseDllName address: 0x0013F728 FullDllName physical address: 28cd748 BaseDllName physical address: 28cd728 0x77360000 0x77379000 (b78000) DHCPCSVC.DLL c:\winnt\system32\DHCPCSVC.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0013F808 BaseDllName address: 0x0013F7E0 FullDllName physical address: 28cd808 BaseDllName physical address: 28cd7e0 0x691D0000 0x69255000 (d00000) CLBCATQ.DLL c:\winnt\system32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013F998 BaseDllName address: 0x0013F978 FullDllName physical address: 28cd998 BaseDllName physical address: 28cd978 0x75010000 0x75017000 (f54000) wshtcpip.dll C:\WINNT\System32\wshtcpip.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00142268 BaseDllName address: 0x001447C0 FullDllName physical address: 5af268 BaseDllName physical address: 7827c0 Thread List Head: 0xFF25A070 THREAD: 0xFF25ADA0 (0x2272da0) Cid: 1f8.1f4 CreateTime: 0x1c569df94ec5ac0 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(1b43000) ThreadsProcess: 0xFF25A020 nc.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E892C8 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF25ADFC Contents: FF25507C:FF23991C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF25AE0C(2272e0c) PostBlockList: 0xE1352F90:E134A890 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x00404C00 c:\winnt\system32\nc.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF80C3000 Stack Limit: 0xF80C0000 Kernel Stack: 0xF80C2CA0(Paged< 0:639000> NA NA ) Resident: 0 User stack base: 0x00130000(1ac4000 1b4d000 60a000 15dc000 28dd000 5be000 65f000 660000 781000 ) User stack Limit: 0x00127000 THREAD: 0xFF255020 (0x23a6020) Cid: 1f8.200 CreateTime: 0x1c569df95204f20 2005-06-05 15:02:25Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(2c0f000) ThreadsProcess: 0xFF25A020 nc.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF25507C Contents: FF241DFC:FF25ADFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF259B68(26f8b68) PostBlockList: 0xFF2551E4:FF2551E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x778321FE c:\winnt\system32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF803B000 Stack Limit: 0xF8038000 Kernel Stack: 0xF803A930(Paged< 0:638000> NA NA ) Resident: 0 User stack base: 0x00B00000(2adb000 ) User stack Limit: 0x00AFF000 + 224 UMGR32.EXE Source: from_active_process_list Eprocess Block: 0xFF2461E0 (0x4be51c4) CreateTime: 0x1c569df9628aa90 2005-06-05 15:02:26Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x4d45000 Process Environment Block: 0x7FFDF000 (4c5e000) Loader module block: 0x00131E90 (4c5e00c) Command Line: "C:\WINNT\System32\UMGR32.EXE" Section: 0xE1374C10 (0x27ffc10) Section Base Address: 0x03140000 (4ac4000) SectionBasedAddress: 0x08DBAC30 ) SizeOfSegment: 0x26000 SectionFileName: \WINNT\System32\UMGR32.EXE 0xe1361648 (0x226a648) Handle Table: 0xFF24EEA8 (0x7d47ea8) Count: 120 TableCode: 0xE1EA0000 Process exiting: 0 VAD Root: 0xFF247D08(4bc8d08) Private: 290 Modified: 12 Locked: 0 AccessToken: 0xE1E9FDB0(4bf1db0) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,74b1} ParentToken ID: {0,0} Modified ID: {0,79b3} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege Enabled 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege Enabled 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled 0x03140000 0x03166000 (4ac4000) UMGR32.EXE C:\WINNT\System32\UMGR32.EXE Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00131F10 FullDllName physical address: 4e6257c BaseDllName physical address: 4cacf10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 4cacf80 BaseDllName physical address: 4cacfa4 0x77E80000 0x77F35000 (58b4000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x001323F8 FullDllName physical address: 4d6d420 BaseDllName physical address: 4d6d3f8 0x77E10000 0x77E74000 (5a02000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324F0 BaseDllName address: 0x001324D0 FullDllName physical address: 4d6d4f0 BaseDllName physical address: 4d6d4d0 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001325A8 BaseDllName address: 0x00132588 FullDllName physical address: 4d6d5a8 BaseDllName physical address: 4d6d588 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132660 BaseDllName address: 0x00132638 FullDllName physical address: 4d6d660 BaseDllName physical address: 4d6d638 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132718 BaseDllName address: 0x001326F8 FullDllName physical address: 4d6d718 BaseDllName physical address: 4d6d6f8 0x69800000 0x69A42000 (592f000) SHELL32.dll C:\WINNT\system32\SHELL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327D0 BaseDllName address: 0x001327B0 FullDllName physical address: 4d6d7d0 BaseDllName physical address: 4d6d7b0 0x77C70000 0x77CBA000 (59ba000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132888 BaseDllName address: 0x00132868 FullDllName physical address: 4d6d888 BaseDllName physical address: 4d6d868 0x77B50000 0x77BD9000 (59cb000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132948 BaseDllName address: 0x00132920 FullDllName physical address: 4d6d948 BaseDllName physical address: 4d6d920 0x75170000 0x751BF000 (7646000) NETAPI32.DLL C:\WINNT\System32\NETAPI32.DLL Flags: 0xc4004 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x001348B0 BaseDllName address: 0x001329E0 FullDllName physical address: 50f98b0 BaseDllName physical address: 4d6d9e0 0x78000000 0x78046000 (59bc000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0x7f TlsIndex: 0 FullDllName virtual address: 0x00134C40 BaseDllName address: 0x00134C20 FullDllName physical address: 50f9c40 BaseDllName physical address: 50f9c20 0x77BE0000 0x77BEF000 (75fa000) SECUR32.DLL C:\WINNT\System32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0xb TlsIndex: 0 FullDllName virtual address: 0x00134CF8 BaseDllName address: 0x00134CD8 FullDllName physical address: 50f9cf8 BaseDllName physical address: 50f9cd8 0x751C0000 0x751C6000 (7688000) NETRAP.DLL C:\WINNT\System32\NETRAP.DLL Flags: 0x4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x00134DB0 BaseDllName address: 0x00134D90 FullDllName physical address: 50f9db0 BaseDllName physical address: 50f9d90 0x75150000 0x7515F000 (767b000) SAMLIB.DLL C:\WINNT\System32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x00134E68 BaseDllName address: 0x00134E48 FullDllName physical address: 50f9e68 BaseDllName physical address: 50f9e48 0x75030000 0x75044000 (76c5000) WS2_32.DLL C:\WINNT\System32\WS2_32.DLL Flags: 0x84006 LoadCount: 0x56 TlsIndex: 0 FullDllName virtual address: 0x00134F20 BaseDllName address: 0x00134F00 FullDllName physical address: 50f9f20 BaseDllName physical address: 50f9f00 0x75020000 0x75028000 (7666000) WS2HELP.DLL C:\WINNT\System32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0x41 TlsIndex: 0 FullDllName virtual address: 0x00134FD8 BaseDllName address: 0x00134FB8 FullDllName physical address: 505d000 BaseDllName physical address: 50f9fb8 0x77950000 0x77979000 (5989000) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x00135090 BaseDllName address: 0x00135070 FullDllName physical address: 505d090 BaseDllName physical address: 505d070 0x77980000 0x779A4000 (769b000) DNSAPI.DLL C:\WINNT\System32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0x9 TlsIndex: 0 FullDllName virtual address: 0x00135148 BaseDllName address: 0x00135128 FullDllName physical address: 505d148 BaseDllName physical address: 505d128 0x75050000 0x75058000 (765c000) WSOCK32.DLL C:\WINNT\System32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x00135200 BaseDllName address: 0x001351E0 FullDllName physical address: 505d200 BaseDllName physical address: 505d1e0 0x75090000 0x750A0000 (59eb000) MPR.DLL C:\WINNT\system32\MPR.DLL Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x001363E0 BaseDllName address: 0x001363C8 FullDllName physical address: 52233e0 BaseDllName physical address: 52233c8 0x77A50000 0x77B45000 (58c9000) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84004 LoadCount: 0x10 TlsIndex: 0 FullDllName virtual address: 0x00138058 BaseDllName address: 0x00138140 FullDllName physical address: 534d058 BaseDllName physical address: 534d140 0x779B0000 0x77A45000 (58fa000) oleaut32.dll C:\WINNT\system32\oleaut32.dll Flags: 0x84004 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x00138260 BaseDllName address: 0x001380C0 FullDllName physical address: 534d260 BaseDllName physical address: 534d0c0 0x74890000 0x748A2000 (5752000) AVICAP32.dll C:\WINNT\System32\AVICAP32.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00148E98 BaseDllName address: 0x001389C0 FullDllName physical address: 54f5e98 BaseDllName physical address: 534d9c0 0x77570000 0x775A0000 (7cd4000) WINMM.dll C:\WINNT\System32\WINMM.dll Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00148028 BaseDllName address: 0x00148008 FullDllName physical address: 54f5028 BaseDllName physical address: 54f5008 0x77820000 0x77827000 (59a7000) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001481D8 BaseDllName address: 0x001481B8 FullDllName physical address: 54f51d8 BaseDllName physical address: 54f51b8 0x759B0000 0x759B6000 (5898000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00148290 BaseDllName address: 0x00148270 FullDllName physical address: 54f5290 BaseDllName physical address: 54f5270 0x6A8F0000 0x6A910000 (5723000) MSVFW32.dll C:\WINNT\System32\MSVFW32.dll Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00159008 BaseDllName address: 0x00148320 FullDllName physical address: 57a2008 BaseDllName physical address: 54f5320 0x74FD0000 0x74FED000 (ee7000) msafd.dll C:\WINNT\system32\msafd.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00155B88 BaseDllName address: 0x00155BC8 FullDllName physical address: 1938b88 BaseDllName physical address: 1938bc8 0x77340000 0x77353000 (b70000) IPHLPAPI.DLL C:\WINNT\System32\IPHLPAPI.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x00155B40 BaseDllName address: 0x00155C38 FullDllName physical address: 1938b40 BaseDllName physical address: 1938c38 0x77520000 0x77525000 (b2d000) ICMP.DLL C:\WINNT\System32\ICMP.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00155CE8 BaseDllName address: 0x00155CC8 FullDllName physical address: 1938ce8 BaseDllName physical address: 1938cc8 0x77320000 0x77337000 (cbf000) MPRAPI.DLL C:\WINNT\System32\MPRAPI.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00155D98 BaseDllName address: 0x00155D78 FullDllName physical address: 1938d98 BaseDllName physical address: 1938d78 0x773B0000 0x773DE000 (bd8000) ACTIVEDS.DLL C:\WINNT\System32\ACTIVEDS.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00155E58 BaseDllName address: 0x00155E30 FullDllName physical address: 1938e58 BaseDllName physical address: 1938e30 0x77380000 0x773A2000 (b99000) ADSLDPC.DLL C:\WINNT\System32\ADSLDPC.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00155F10 BaseDllName address: 0x00155EF0 FullDllName physical address: 1938f10 BaseDllName physical address: 1938ef0 0x77830000 0x7783E000 (bb2000) RTUTILS.DLL C:\WINNT\System32\RTUTILS.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00191660 BaseDllName address: 0x00155FA8 FullDllName physical address: 1aee660 BaseDllName physical address: 1938fa8 0x77880000 0x7790D000 (7ce6000) SETUPAPI.DLL C:\WINNT\System32\SETUPAPI.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x001916F8 BaseDllName address: 0x00155FC8 FullDllName physical address: 1aee6f8 BaseDllName physical address: 1938fc8 0x77C10000 0x77C6D000 (7606000) USERENV.DLL C:\WINNT\System32\USERENV.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x001917B0 BaseDllName address: 0x00191790 FullDllName physical address: 1aee7b0 BaseDllName physical address: 1aee790 0x774E0000 0x77512000 (b9d000) RASAPI32.DLL C:\WINNT\System32\RASAPI32.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00191870 BaseDllName address: 0x00191848 FullDllName physical address: 1aee870 BaseDllName physical address: 1aee848 0x774C0000 0x774D1000 (c0e000) RASMAN.DLL C:\WINNT\System32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00191928 BaseDllName address: 0x00191908 FullDllName physical address: 1aee928 BaseDllName physical address: 1aee908 0x77530000 0x77552000 (bbc000) TAPI32.DLL C:\WINNT\System32\TAPI32.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x001919E0 BaseDllName address: 0x001919C0 FullDllName physical address: 1aee9e0 BaseDllName physical address: 1aee9c0 0x77360000 0x77379000 (b78000) DHCPCSVC.DLL C:\WINNT\System32\DHCPCSVC.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00191AA0 BaseDllName address: 0x00191A78 FullDllName physical address: 1aeeaa0 BaseDllName physical address: 1aeea78 0x691D0000 0x69255000 (d00000) CLBCATQ.DLL C:\WINNT\System32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00191B98 BaseDllName address: 0x00191B78 FullDllName physical address: 1aeeb98 BaseDllName physical address: 1aeeb78 0x75010000 0x75017000 (f54000) wshtcpip.dll C:\WINNT\System32\wshtcpip.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00175EC0 BaseDllName address: 0x0015EF98 FullDllName physical address: 6ba8ec0 BaseDllName physical address: 65bbf98 0x78280000 0x7828C000 (361000) rnr20.dll C:\WINNT\System32\rnr20.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00191B38 BaseDllName address: 0x0017DFE8 FullDllName physical address: 1aeeb38 BaseDllName physical address: de2fe8 0x777E0000 0x777E8000 (331000) winrnr.dll C:\WINNT\System32\winrnr.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014A960 BaseDllName address: 0x0014B868 FullDllName physical address: 65c4960 BaseDllName physical address: 6c05868 0x777F0000 0x777F5000 (381000) rasadhlp.dll C:\WINNT\System32\rasadhlp.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0017DFA0 BaseDllName address: 0x0014B840 FullDllName physical address: de2fa0 BaseDllName physical address: 6c05840 Thread List Head: 0xFF246230 THREAD: 0xFF245020 (0x4c75020) Cid: 224.220 CreateTime: 0x1c569df9628aa90 2005-06-05 15:02:26Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(4c83000) ThreadsProcess: 0xFF2461E0 UMGR32.EXE Priority: 4 Base Priority: 4 Priority decrement: 0 Win32Thread: 0xE1EA1C68 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF24507C Contents: FF23225C:FF25F41C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF24508C(4c7508c) PostBlockList: 0xE1EA16F0:E1EA16F0 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x03145232 C:\WINNT\System32\UMGR32.EXE Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF0630000 Stack Limit: 0xF062C000 Kernel Stack: 0xF062FBFC(Paged< 0:1b7000> NA NA NA ) Resident: 0 User stack base: 0x00130000(4caa000 5272000 52e0000 ) User stack Limit: 0x0012D000 THREAD: 0xFF2433E0 (0x55b33e0) Cid: 224.228 CreateTime: 0x1c569df96506570 2005-06-05 15:02:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(52cf000) ThreadsProcess: 0xFF2461E0 UMGR32.EXE Priority: 1 Base Priority: 1 Priority decrement: 0 Win32Thread: 0xE1EA4A88 Ready WaitListHead: 0xFF24343C Contents: 8047F788:8047F788 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF243494(55b3494) PostBlockList: 0xE1362DD0:E1DD4AB0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF0530000 Stack Limit: 0xF052C000 Kernel Stack: 0xF052FCC4(529f000 523e000 50fd000 53c0000 ) Resident: 1 User stack base: 0x00870000(5410000 6475000 1b2a000 4694000 4615000 5376000 51b7000 49b8000 45d9000 4e9a000 ) User stack Limit: 0x00866000 THREAD: 0xFF232200 (0x6c11200) Cid: 224.264 CreateTime: 0x1c569df9721be20 2005-06-05 15:02:28Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(454f000) ThreadsProcess: 0xFF2461E0 UMGR32.EXE Priority: 4 Base Priority: 4 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF23225C Contents: FCDFE07C:FF24507C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF235E08(7799e08) PostBlockList: 0xFF2323C4:FF2323C4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x778321FE C:\WINNT\System32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FD9000 Stack Limit: 0xF7FD6000 Kernel Stack: 0xF7FD8930(Paged< 0:1b6000> NA NA ) Resident: 0 User stack base: 0x01700000(4818000 ) User stack Limit: 0x016FF000 + 230 regsvc.exe Source: from_active_process_list Eprocess Block: 0xFF241020 (0x54c1004) CreateTime: 0x1c569df9662bbb0 2005-06-05 15:02:27Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x6393000 Process Environment Block: 0x7FFDF000 (56e9000) Loader module block: 0x00071E90 (56e900c) Command Line: C:\WINNT\system32\regsvc.exe Section: 0xE12D0FD0 (0x1936fd0) Section Base Address: 0x01000000 (524a000) SectionBasedAddress: 0x30F86C20 ) SizeOfSegment: 0x14000 SectionFileName: \WINNT\system32\regsvc.exe 0xe1ea4d48 (0x50bbd48) Handle Table: 0xFF244DE8 (0x51e5de8) Count: 30 TableCode: 0xE1EA5000 Process exiting: 0 VAD Root: 0xFCA30C08(104dc08) Private: 73 Modified: 0 Locked: 0 AccessToken: 0xE1EA47B0(50bb7b0) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,79e1} ParentToken ID: {0,0} Modified ID: {0,6730} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled 0x01000000 0x01014000 (524a000) regsvc.exe C:\WINNT\system32\regsvc.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00071F10 FullDllName physical address: 552d57c BaseDllName physical address: 57f7f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F80 BaseDllName address: 0x00071FA4 FullDllName physical address: 57f7f80 BaseDllName physical address: 57f7fa4 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072420 BaseDllName address: 0x000723F8 FullDllName physical address: 5598420 BaseDllName physical address: 55983f8 0x77E80000 0x77F35000 (58b4000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724E0 BaseDllName address: 0x000724B8 FullDllName physical address: 55984e0 BaseDllName physical address: 55984b8 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072598 BaseDllName address: 0x00072578 FullDllName physical address: 5598598 BaseDllName physical address: 5598578 0x77BE0000 0x77BEF000 (75fa000) secur32.dll C:\WINNT\system32\secur32.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00077B68 BaseDllName address: 0x00077B48 FullDllName physical address: 6517b68 BaseDllName physical address: 6517b48 Thread List Head: 0xFF241070 THREAD: 0xFF241DA0 (0x54c1da0) Cid: 230.22c CreateTime: 0x1c569df9662bbb0 2005-06-05 15:02:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(54ee000) ThreadsProcess: 0xFF241020 regsvc.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF241DFC Contents: FF23D07C:FF25507C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF241E0C(54c1e0c) PostBlockList: 0xFF241F64:FF241F64 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x01002E80 C:\WINNT\system32\regsvc.exe Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF801F000 Stack Limit: 0xF801C000 Kernel Stack: 0xF801EBFC(Paged< 0:637000> NA NA ) Resident: 0 User stack base: 0x00070000(5575000 565a000 ) User stack Limit: 0x0006E000 THREAD: 0xFF247020 (0x4bc8020) Cid: 230.23c CreateTime: 0x1c569df968a7690 2005-06-05 15:02:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(5798000) ThreadsProcess: 0xFF241020 regsvc.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF24707C Contents: FF22CCFC:FF26D4FC Queue List: 0xFF2401C0:FF2401C0 WaitBlockList: 0xFF24708C(4bc808c) PostBlockList: 0xFF2471E4:FF2471E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FF9000 Stack Limit: 0xF7FF6000 Kernel Stack: 0xF7FF8C90(566000 NA NA ) Resident: 0 User stack base: 0x006D0000(5862000 ) User stack Limit: 0x006CF000 + 240 MSTask.exe Source: from_active_process_list Eprocess Block: 0xFF23ED60 (0x560ad44) CreateTime: 0x1c569df96909350 2005-06-05 15:02:27Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x5841000 Process Environment Block: 0x7FFDF000 (56d4000) Loader module block: 0x00071E90 (56d400c) Command Line: C:\WINNT\system32\MSTask.exe Section: 0xE1EA6AB0 (0x55b5ab0) Section Base Address: 0x01000000 (64d7000) SectionBasedAddress: 0x08DACC20 ) SizeOfSegment: 0x1e000 SectionFileName: \WINNT\system32\MSTask.exe 0xe1dd5fc8 (0x7732fc8) Handle Table: 0xFF23ECC8 (0x560acc8) Count: 142 TableCode: 0xE1EA9000 Process exiting: 0 VAD Root: 0xFF23EAC8(560aac8) Private: 222 Modified: 0 Locked: 1 AccessToken: 0xE1EA8030(57d2030) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,7b70} ParentToken ID: {0,0} Modified ID: {0,6730} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled 0x01000000 0x0101E000 (64d7000) MSTask.exe C:\WINNT\system32\MSTask.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002057C BaseDllName address: 0x00071F10 FullDllName physical address: 57d857c BaseDllName physical address: 5522f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F80 BaseDllName address: 0x00071FA4 FullDllName physical address: 5522f80 BaseDllName physical address: 5522fa4 0x78000000 0x78046000 (59bc000) MSVCRT.dll C:\WINNT\system32\MSVCRT.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072418 BaseDllName address: 0x000723F8 FullDllName physical address: 56c3418 BaseDllName physical address: 56c33f8 0x77E80000 0x77F35000 (58b4000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724D8 BaseDllName address: 0x000724B0 FullDllName physical address: 56c34d8 BaseDllName physical address: 56c34b0 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000725B0 BaseDllName address: 0x00072588 FullDllName physical address: 56c35b0 BaseDllName physical address: 56c3588 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072668 BaseDllName address: 0x00072648 FullDllName physical address: 56c3668 BaseDllName physical address: 56c3648 0x77F40000 0x77F7C000 (5892000) GDI32.dll C:\WINNT\system32\GDI32.dll Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072720 BaseDllName address: 0x00072700 FullDllName physical address: 56c3720 BaseDllName physical address: 56c3700 0x77E10000 0x77E74000 (5a02000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000727D0 BaseDllName address: 0x000727B0 FullDllName physical address: 56c37d0 BaseDllName physical address: 56c37b0 0x75170000 0x751BF000 (7646000) NETAPI32.dll C:\WINNT\system32\NETAPI32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072890 BaseDllName address: 0x00072868 FullDllName physical address: 56c3890 BaseDllName physical address: 56c3868 0x77BE0000 0x77BEF000 (75fa000) SECUR32.DLL C:\WINNT\system32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072C70 BaseDllName address: 0x00072C50 FullDllName physical address: 56c3c70 BaseDllName physical address: 56c3c50 0x751C0000 0x751C6000 (7688000) NETRAP.DLL C:\WINNT\system32\NETRAP.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072D28 BaseDllName address: 0x00072D08 FullDllName physical address: 56c3d28 BaseDllName physical address: 56c3d08 0x75150000 0x7515F000 (767b000) SAMLIB.DLL C:\WINNT\system32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072DE0 BaseDllName address: 0x00072DC0 FullDllName physical address: 56c3de0 BaseDllName physical address: 56c3dc0 0x75030000 0x75044000 (76c5000) WS2_32.DLL C:\WINNT\system32\WS2_32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072E98 BaseDllName address: 0x00072E78 FullDllName physical address: 56c3e98 BaseDllName physical address: 56c3e78 0x75020000 0x75028000 (7666000) WS2HELP.DLL C:\WINNT\system32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072F50 BaseDllName address: 0x00072F30 FullDllName physical address: 56c3f50 BaseDllName physical address: 56c3f30 0x77950000 0x77979000 (5989000) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073008 BaseDllName address: 0x00072FE8 FullDllName physical address: 6937008 BaseDllName physical address: 56c3fe8 0x77980000 0x779A4000 (769b000) DNSAPI.DLL C:\WINNT\system32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000730C0 BaseDllName address: 0x000730A0 FullDllName physical address: 69370c0 BaseDllName physical address: 69370a0 0x75050000 0x75058000 (765c000) WSOCK32.DLL C:\WINNT\system32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073178 BaseDllName address: 0x00073158 FullDllName physical address: 6937178 BaseDllName physical address: 6937158 0x77BF0000 0x77C01000 (7a16000) NTDSAPI.dll C:\WINNT\system32\NTDSAPI.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073230 BaseDllName address: 0x00073210 FullDllName physical address: 6937230 BaseDllName physical address: 6937210 0x77C70000 0x77CBA000 (59ba000) SHLWAPI.dll C:\WINNT\system32\SHLWAPI.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000732E8 BaseDllName address: 0x000732C8 FullDllName physical address: 69372e8 BaseDllName physical address: 69372c8 0x69800000 0x69A42000 (592f000) SHELL32.dll C:\WINNT\system32\SHELL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000733A0 BaseDllName address: 0x00073380 FullDllName physical address: 69373a0 BaseDllName physical address: 6937380 0x77B50000 0x77BD9000 (59cb000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073460 BaseDllName address: 0x00073438 FullDllName physical address: 6937460 BaseDllName physical address: 6937438 0x77C10000 0x77C6D000 (7606000) USERENV.dll C:\WINNT\system32\USERENV.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00073518 BaseDllName address: 0x000734F8 FullDllName physical address: 6937518 BaseDllName physical address: 69374f8 0x74FF0000 0x75002000 (e6b000) mswsock.dll C:\WINNT\system32\mswsock.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0007AFE8 BaseDllName address: 0x0007A058 FullDllName physical address: df1000 BaseDllName physical address: df4058 0x74FD0000 0x74FED000 (ee7000) msafd.dll C:\WINNT\system32\msafd.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00077F78 BaseDllName address: 0x0007A6E8 FullDllName physical address: 6542f78 BaseDllName physical address: df46e8 0x77340000 0x77353000 (b70000) IPHLPAPI.DLL C:\WINNT\system32\IPHLPAPI.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x0007E9A0 BaseDllName address: 0x0007F388 FullDllName physical address: 28b59a0 BaseDllName physical address: 1ad4388 0x77520000 0x77525000 (b2d000) ICMP.DLL C:\WINNT\system32\ICMP.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0007F400 BaseDllName address: 0x00078F80 FullDllName physical address: 1ad4400 BaseDllName physical address: e0ff80 0x77320000 0x77337000 (cbf000) MPRAPI.DLL C:\WINNT\system32\MPRAPI.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007F4B0 BaseDllName address: 0x0007F490 FullDllName physical address: 1ad44b0 BaseDllName physical address: 1ad4490 0x77A50000 0x77B45000 (58c9000) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84006 LoadCount: 0xe TlsIndex: 0 FullDllName virtual address: 0x0007F568 BaseDllName address: 0x0007F548 FullDllName physical address: 1ad4568 BaseDllName physical address: 1ad4548 0x779B0000 0x77A45000 (58fa000) OLEAUT32.DLL C:\WINNT\system32\OLEAUT32.DLL Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x0007F620 BaseDllName address: 0x0007F5F8 FullDllName physical address: 1ad4620 BaseDllName physical address: 1ad45f8 0x773B0000 0x773DE000 (bd8000) ACTIVEDS.DLL C:\WINNT\system32\ACTIVEDS.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007F6E0 BaseDllName address: 0x0007F6B8 FullDllName physical address: 1ad46e0 BaseDllName physical address: 1ad46b8 0x77380000 0x773A2000 (b99000) ADSLDPC.DLL C:\WINNT\system32\ADSLDPC.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007F798 BaseDllName address: 0x0007F778 FullDllName physical address: 1ad4798 BaseDllName physical address: 1ad4778 0x77830000 0x7783E000 (bb2000) RTUTILS.DLL C:\WINNT\system32\RTUTILS.DLL Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x0007F850 BaseDllName address: 0x0007F830 FullDllName physical address: 1ad4850 BaseDllName physical address: 1ad4830 0x77880000 0x7790D000 (7ce6000) SETUPAPI.DLL C:\WINNT\system32\SETUPAPI.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x0007F910 BaseDllName address: 0x0007F8E8 FullDllName physical address: 1ad4910 BaseDllName physical address: 1ad48e8 0x774E0000 0x77512000 (b9d000) RASAPI32.DLL C:\WINNT\system32\RASAPI32.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007F9D0 BaseDllName address: 0x0007F9A8 FullDllName physical address: 1ad49d0 BaseDllName physical address: 1ad49a8 0x774C0000 0x774D1000 (c0e000) RASMAN.DLL C:\WINNT\system32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007FA88 BaseDllName address: 0x0007FA68 FullDllName physical address: 1ad4a88 BaseDllName physical address: 1ad4a68 0x77530000 0x77552000 (bbc000) TAPI32.DLL C:\WINNT\system32\TAPI32.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007FB40 BaseDllName address: 0x0007FB20 FullDllName physical address: 1ad4b40 BaseDllName physical address: 1ad4b20 0x77360000 0x77379000 (b78000) DHCPCSVC.DLL C:\WINNT\system32\DHCPCSVC.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0007FC00 BaseDllName address: 0x0007FBD8 FullDllName physical address: 1ad4c00 BaseDllName physical address: 1ad4bd8 0x691D0000 0x69255000 (d00000) CLBCATQ.DLL C:\WINNT\system32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0007FE68 BaseDllName address: 0x0007FE48 FullDllName physical address: 1ad4e68 BaseDllName physical address: 1ad4e48 0x75010000 0x75017000 (f54000) wshtcpip.dll C:\WINNT\System32\wshtcpip.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000827A8 BaseDllName address: 0x00082840 FullDllName physical address: 51777a8 BaseDllName physical address: 5177840 0x78280000 0x7828C000 (361000) rnr20.dll C:\WINNT\System32\rnr20.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0007FC98 BaseDllName address: 0x000859F8 FullDllName physical address: 1ad4c98 BaseDllName physical address: 4e359f8 0x777E0000 0x777E8000 (331000) winrnr.dll C:\WINNT\System32\winrnr.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000859B0 BaseDllName address: 0x000868D8 FullDllName physical address: 4e359b0 BaseDllName physical address: 4d888d8 0x777F0000 0x777F5000 (381000) rasadhlp.dll C:\WINNT\system32\rasadhlp.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00085918 BaseDllName address: 0x000868B0 FullDllName physical address: 4e35918 BaseDllName physical address: 4d888b0 0x76A40000 0x76A46000 (1f9000) MSIDLE.DLL C:\WINNT\system32\MSIDLE.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0008A028 BaseDllName address: 0x0008A008 FullDllName physical address: 57b6028 BaseDllName physical address: 57b6008 Thread List Head: 0xFF23EDB0 THREAD: 0xFF23D020 (0x56b1020) Cid: 240.234 CreateTime: 0x1c569df96909350 2005-06-05 15:02:27Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(5639000) ThreadsProcess: 0xFF23ED60 MSTask.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EAA988 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF23D07C Contents: FF237C7C:FF241DFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF23D08C(56b108c) PostBlockList: 0xFF23D1E4:FF23D1E4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x01002F10 C:\WINNT\system32\MSTask.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF8624000 Stack Limit: 0xF8621000 Kernel Stack: 0xF8623BFC(Paged< 0:635000> NA NA ) Resident: 0 User stack base: 0x00070000(5780000 64ba000 ) User stack Limit: 0x0006E000 THREAD: 0xFF237C20 (0x646cc20) Cid: 240.238 CreateTime: 0x1c569df9704b590 2005-06-05 15:02:28Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(6b4a000) ThreadsProcess: 0xFF23ED60 MSTask.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EB24A8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF237C7C Contents: FF23081C:FF23D07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1AEA88(2db6a88) PostBlockList: 0xE1EBD4B0:E12DCFD0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7F6A000 Stack Limit: 0xF7F67000 Kernel Stack: 0xF7F69930(Paged< 0:634000> NA NA ) Resident: 0 User stack base: 0x006F0000(77eb000 19d5000 4f97000 4c8b000 47ec000 4c4d000 4b4e000 4bef000 4df0000 ) User stack Limit: 0x006E7000 THREAD: 0xFF234C40 (0x28a2c40) Cid: 240.258 CreateTime: 0x1c569df97189300 2005-06-05 15:02:28Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(5116000) ThreadsProcess: 0xFF23ED60 MSTask.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF234C9C Contents: FF233DBC:FF14807C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF234CAC(28a2cac) PostBlockList: 0xFF234E04:FF234E04 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FFD000 Stack Limit: 0xF7FFA000 Kernel Stack: 0xF7FFCC48(56ed000 NA NA ) Resident: 0 User stack base: 0x007B0000(621000 ) User stack Limit: 0x007AF000 THREAD: 0xFF2307C0 (0x7da7c0) Cid: 240.268 CreateTime: 0x1c569df9724cc80 2005-06-05 15:02:28Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(1ac6000) ThreadsProcess: 0xFF23ED60 MSTask.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF23081C Contents: FF21953C:FF237C7C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF234528(28a2528) PostBlockList: 0xFF230984:FF230984 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x778321FE C:\WINNT\system32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8127000 Stack Limit: 0xF8124000 Kernel Stack: 0xF8126930(Paged< 0:632000> NA NA ) Resident: 0 User stack base: 0x00C10000(4a0f000 ) User stack Limit: 0x00C0F000 THREAD: 0xFF22CCA0 (0xb6eca0) Cid: 240.26c CreateTime: 0x1c569df97310600 2005-06-05 15:02:28Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDA000(4f15000) ThreadsProcess: 0xFF23ED60 MSTask.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF22CCFC Contents: FF20C07C:FF24707C Queue List: 0xFF2601E0:FF2601E0 WaitBlockList: 0xFF22CD0C(b6ed0c) PostBlockList: 0xFF22CE64:FF22CE64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FD5000 Stack Limit: 0xF7FD2000 Kernel Stack: 0xF7FD4C90(322b000 NA NA ) Resident: 0 User stack base: 0x00C60000(4f38000 ) User stack Limit: 0x00C5F000 THREAD: 0xFF22C220 (0xb6e220) Cid: 240.270 CreateTime: 0x1c569df97310600 2005-06-05 15:02:28Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD9000(5577000) ThreadsProcess: 0xFF23ED60 MSTask.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EBF208 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF22C27C Contents: FF2842BC:FF1D379C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF22C28C(b6e28c) PostBlockList: 0xFF22C3E4:FF22C3E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x01002939 C:\WINNT\system32\MSTask.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7EFA000 Stack Limit: 0xF7EF7000 Kernel Stack: 0xF7EF9C20(a9f000 NA NA ) Resident: 0 User stack base: 0x00CA0000(4f58000 ) User stack Limit: 0x00C9F000 THREAD: 0xFF22ADA0 (0x4f61da0) Cid: 240.274 CreateTime: 0x1c569df973a3120 2005-06-05 15:02:28Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFD8000(51da000) ThreadsProcess: 0xFF23ED60 MSTask.exe Priority: 7 Base Priority: 6 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF22ADFC Contents: FF1DA07C:FF26C4BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF22AE0C(4f61e0c) PostBlockList: 0xFF22AF64:FF22AF64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x01007A77 C:\WINNT\system32\MSTask.exe Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FD1000 Stack Limit: 0xF7FCE000 Kernel Stack: 0xF7FD0CA0(55fd000 NA NA ) Resident: 0 User stack base: 0x00CE0000(4c3b000 ) User stack Limit: 0x00CDF000 + 28c VsStat.exe Source: from_active_process_list Eprocess Block: 0xFF226C80 (0x778c64) CreateTime: 0x1c569df98780820 2005-06-05 15:02:30Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x4cd2000 Process Environment Block: 0x7FFDF000 (4f42000) Loader module block: 0x00131E90 (4f4200c) Command Line: "C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe" Section: 0xE12EE7B0 (0x19c17b0) Section Base Address: 0x00400000 (e51000) SectionBasedAddress: 0x08FB0428 ) SizeOfSegment: 0x17000 SectionFileName: \Program Files\McAfee\McAfee VirusScan\VsStat.exe 0xe1ec5748 (0x4f00748) Handle Table: 0xFF22A408 (0x4f61408) Count: 64 TableCode: 0xE1ECC000 Process exiting: 0 VAD Root: 0xFF24C388(4605388) Private: 246 Modified: 6 Locked: 0 AccessToken: 0xE1ECBC30(1959c30) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,8c81} ParentToken ID: {0,0} Modified ID: {0,4921} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege 0x00400000 0x00417000 (e51000) VsStat.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000205A8 BaseDllName address: 0x00131F10 FullDllName physical address: 64865a8 BaseDllName physical address: 4f90f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 4f90f80 BaseDllName physical address: 4f90fa4 0x77E80000 0x77F35000 (58b4000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x001323F8 FullDllName physical address: 2391420 BaseDllName physical address: 23913f8 0x77E10000 0x77E74000 (5a02000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324F0 BaseDllName address: 0x001324D0 FullDllName physical address: 23914f0 BaseDllName physical address: 23914d0 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001325A8 BaseDllName address: 0x00132588 FullDllName physical address: 23915a8 BaseDllName physical address: 2391588 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132660 BaseDllName address: 0x00132638 FullDllName physical address: 2391660 BaseDllName physical address: 2391638 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132718 BaseDllName address: 0x001326F8 FullDllName physical address: 2391718 BaseDllName physical address: 23916f8 0x69800000 0x69A42000 (592f000) SHELL32.dll C:\WINNT\system32\SHELL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327D0 BaseDllName address: 0x001327B0 FullDllName physical address: 23917d0 BaseDllName physical address: 23917b0 0x77C70000 0x77CBA000 (59ba000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132888 BaseDllName address: 0x00132868 FullDllName physical address: 2391888 BaseDllName physical address: 2391868 0x77B50000 0x77BD9000 (59cb000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132948 BaseDllName address: 0x00132920 FullDllName physical address: 2391948 BaseDllName physical address: 2391920 0x77820000 0x77827000 (59a7000) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132A00 BaseDllName address: 0x001329E0 FullDllName physical address: 2391a00 BaseDllName physical address: 23919e0 0x759B0000 0x759B6000 (5898000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132AB8 BaseDllName address: 0x00132A98 FullDllName physical address: 2391ab8 BaseDllName physical address: 2391a98 0x11400000 0x1144B000 (2810000) VsUtil.dll C:\Program Files\McAfee\McAfee VirusScan\VsUtil.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00134EA8 BaseDllName address: 0x00134F18 FullDllName physical address: 18fdea8 BaseDllName physical address: 18fdf18 0x76B30000 0x76B6E000 (5921000) comdlg32.dll C:\WINNT\system32\comdlg32.dll Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00134FA0 BaseDllName address: 0x00133590 FullDllName physical address: 18fdfa0 BaseDllName physical address: 759590 0x78000000 0x78046000 (59bc000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00135058 BaseDllName address: 0x00135038 FullDllName physical address: 515a058 BaseDllName physical address: 515a038 0x10000000 0x10012000 (456a000) NAKRNL32.DLL C:\Program Files\Common Files\Network Associates\McPal\NAKRNL32.DLL Flags: 0x84004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x001366E0 BaseDllName address: 0x00136110 FullDllName physical address: 7de6e0 BaseDllName physical address: 7de110 0x00AF0000 0x00B2A000 (4654000) NAUTIL32.DLL C:\Program Files\Common Files\Network Associates\McPal\NAUTIL32.DLL Flags: 0x284004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x001367D8 BaseDllName address: 0x00136868 FullDllName physical address: 7de7d8 BaseDllName physical address: 7de868 0x75090000 0x750A0000 (59eb000) MPR.dll C:\WINNT\system32\MPR.dll Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00134AB8 BaseDllName address: 0x001349E8 FullDllName physical address: 18fdab8 BaseDllName physical address: 18fd9e8 0x11D00000 0x11D10000 (4c37000) NTClient.dll C:\Program Files\McAfee\McAfee VirusScan\NTClient.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00136668 BaseDllName address: 0x00136988 FullDllName physical address: 7de668 BaseDllName physical address: 7de988 0x11200000 0x11212000 (4ae5000) AvSynch.dll C:\Program Files\McAfee\McAfee VirusScan\AvSynch.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00136B20 BaseDllName address: 0x001360F0 FullDllName physical address: 7deb20 BaseDllName physical address: 7de0f0 0x11A00000 0x11A41000 (49bd000) Syncutil.dll C:\Program Files\McAfee\McAfee VirusScan\Syncutil.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00136BE8 BaseDllName address: 0x00136C60 FullDllName physical address: 7debe8 BaseDllName physical address: 7dec60 0x11700000 0x11751000 (560e000) ResDll.dll C:\Program Files\McAfee\McAfee VirusScan\ResDll.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00136CD8 BaseDllName address: 0x00136D48 FullDllName physical address: 7decd8 BaseDllName physical address: 7ded48 Thread List Head: 0xFF226CD0 THREAD: 0xFF2269C0 (0x7789c0) Cid: 28c.288 CreateTime: 0x1c569df98780820 2005-06-05 15:02:30Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(1ae7000) ThreadsProcess: 0xFF226C80 VsStat.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1ED1BC8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF226A1C Contents: FF23E69C:FF18253C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF226A2C(778a2c) PostBlockList: 0xE12B05F0:E12B05F0 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x0040AC9F C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF80E3000 Stack Limit: 0xF80E0000 Kernel Stack: 0xF80E2C20(Paged< 0:99a000> NA NA ) Resident: 0 User stack base: 0x00130000(7dce000 4ad8000 5677000 4ea1000 521b000 ) User stack Limit: 0x0012B000 THREAD: 0xFF2194E0 (0x45714e0) Cid: 28c.2b8 CreateTime: 0x1c569df98de69b0 2005-06-05 15:02:31Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(4f78000) ThreadsProcess: 0xFF226C80 VsStat.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF21953C Contents: FF1D56BC:FF23081C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF21954C(457154c) PostBlockList: 0xFF2196A4:FF2196A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x11201ED0 C:\Program Files\McAfee\McAfee VirusScan\AvSynch.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF802F000 Stack Limit: 0xF802C000 Kernel Stack: 0xF802E930(Paged< 0:630000> NA NA ) Resident: 0 User stack base: 0x01150000(493d000 ) User stack Limit: 0x0114F000 + 2c4 Avconsol.exe Source: from_active_process_list Eprocess Block: 0xFF20D520 (0x477e504) CreateTime: 0x1c569df9944cb40 2005-06-05 15:02:31Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x5789000 Process Environment Block: 0x7FFDF000 (4d6c000) Loader module block: 0x00131E90 (4d6c00c) Command Line: "C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe" Section: 0xE1D636B0 (0x752a6b0) Section Base Address: 0x00400000 (1b28000) SectionBasedAddress: 0x09147C20 ) SizeOfSegment: 0x2c000 SectionFileName: \Program Files\McAfee\McAfee VirusScan\Avconsol.exe 0xe1f10368 (0x5453368) Handle Table: 0xFF253828 (0x651828) Count: 69 TableCode: 0xE1F15000 Process exiting: 0 VAD Root: 0xFF204E28(4dfbe28) Private: 429 Modified: 37 Locked: 0 AccessToken: 0xE1F119B0(289f9b0) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,a2f7} ParentToken ID: {0,0} Modified ID: {0,4921} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege 0x00400000 0x0042C000 (1b28000) Avconsol.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000205A8 BaseDllName address: 0x00131F10 FullDllName physical address: 7d05a8 BaseDllName physical address: 659af10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F88 BaseDllName address: 0x00131FAC FullDllName physical address: 659af88 BaseDllName physical address: 659afac 0x77820000 0x77827000 (59a7000) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x00132400 FullDllName physical address: 481b420 BaseDllName physical address: 481b400 0x77E80000 0x77F35000 (58b4000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324E0 BaseDllName address: 0x001324B8 FullDllName physical address: 481b4e0 BaseDllName physical address: 481b4b8 0x759B0000 0x759B6000 (5898000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132598 BaseDllName address: 0x00132578 FullDllName physical address: 481b598 BaseDllName physical address: 481b578 0x77E10000 0x77E74000 (5a02000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132648 BaseDllName address: 0x00132628 FullDllName physical address: 481b648 BaseDllName physical address: 481b628 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132700 BaseDllName address: 0x001326E0 FullDllName physical address: 481b700 BaseDllName physical address: 481b6e0 0x77B50000 0x77BD9000 (59cb000) COMCTL32.dll C:\WINNT\system32\COMCTL32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327B8 BaseDllName address: 0x00132790 FullDllName physical address: 481b7b8 BaseDllName physical address: 481b790 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132878 BaseDllName address: 0x00132850 FullDllName physical address: 481b878 BaseDllName physical address: 481b850 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132930 BaseDllName address: 0x00132910 FullDllName physical address: 481b930 BaseDllName physical address: 481b910 0x69800000 0x69A42000 (592f000) SHELL32.dll C:\WINNT\system32\SHELL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132A00 BaseDllName address: 0x001329E0 FullDllName physical address: 481ba00 BaseDllName physical address: 481b9e0 0x77C70000 0x77CBA000 (59ba000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132AB8 BaseDllName address: 0x00132A98 FullDllName physical address: 481bab8 BaseDllName physical address: 481ba98 0x10000000 0x10012000 (456a000) NAKRNL32.DLL C:\Program Files\Common Files\Network Associates\McPal\NAKRNL32.DLL Flags: 0x84004 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00135F18 BaseDllName address: 0x00133598 FullDllName physical address: 5851f18 BaseDllName physical address: 563598 0x009E0000 0x00A1A000 (4654000) NAUTIL32.DLL C:\Program Files\Common Files\Network Associates\McPal\NAUTIL32.DLL Flags: 0x284004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00136008 BaseDllName address: 0x00136098 FullDllName physical address: 5dc008 BaseDllName physical address: 5dc098 0x75090000 0x750A0000 (59eb000) MPR.dll C:\WINNT\system32\MPR.dll Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00134AC0 BaseDllName address: 0x001349F0 FullDllName physical address: 5568ac0 BaseDllName physical address: 55689f0 0x76B30000 0x76B6E000 (5921000) comdlg32.dll C:\WINNT\system32\comdlg32.dll Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x001361A0 BaseDllName address: 0x00136178 FullDllName physical address: 5dc1a0 BaseDllName physical address: 5dc178 0x78000000 0x78046000 (59bc000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x00136258 BaseDllName address: 0x00136238 FullDllName physical address: 5dc258 BaseDllName physical address: 5dc238 0x00B40000 0x00BF2000 (4e8a000) MCSCAN32.DLL C:\Program Files\Common Files\Network Associates\VirusScan Engine\4.0.xx\MCSCAN32.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00136498 BaseDllName address: 0x00136310 FullDllName physical address: 5dc498 BaseDllName physical address: 5dc310 0x11400000 0x1144B000 (2810000) VsUtil.dll C:\Program Files\McAfee\McAfee VirusScan\VsUtil.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00136C38 BaseDllName address: 0x001362F0 FullDllName physical address: 5dcc38 BaseDllName physical address: 5dc2f0 0x11D00000 0x11D10000 (4c37000) NTClient.dll C:\Program Files\McAfee\McAfee VirusScan\NTClient.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00134B00 BaseDllName address: 0x00137108 FullDllName physical address: 5568b00 BaseDllName physical address: 5880108 0x11200000 0x11212000 (4ae5000) AvSynch.dll C:\Program Files\McAfee\McAfee VirusScan\AvSynch.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00137180 BaseDllName address: 0x00136F68 FullDllName physical address: 5880180 BaseDllName physical address: 5dcf68 0x11A00000 0x11A41000 (49bd000) Syncutil.dll C:\Program Files\McAfee\McAfee VirusScan\Syncutil.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00137248 BaseDllName address: 0x001372C0 FullDllName physical address: 5880248 BaseDllName physical address: 58802c0 0x11700000 0x11751000 (560e000) ResDll.dll C:\Program Files\McAfee\McAfee VirusScan\ResDll.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00137338 BaseDllName address: 0x001373A8 FullDllName physical address: 5880338 BaseDllName physical address: 58803a8 Thread List Head: 0xFF20D570 THREAD: 0xFF20C020 (0x4ece020) Cid: 2c4.2c0 CreateTime: 0x1c569df9944cb40 2005-06-05 15:02:31Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(4851000) ThreadsProcess: 0xFF20D520 Avconsol.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F163C8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF20C07C Contents: FF13E07C:FCC84DFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF20C08C(4ece08c) PostBlockList: 0xE1D43C90:E1D43C90 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00416CA4 C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7DD3000 Stack Limit: 0xF7DCF000 Kernel Stack: 0xF7DD2C20(56bc000 NA NA NA ) Resident: 0 User stack base: 0x00130000(6b18000 18fc000 2251000 224f000 224a000 224d000 ) User stack Limit: 0x0012A000 THREAD: 0xFF1D5660 (0x2220660) Cid: 2c4.30c CreateTime: 0x1c569df9b61bba0 2005-06-05 15:02:35Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDC000(22c6000) ThreadsProcess: 0xFF20D520 Avconsol.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1E61008 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1D56BC Contents: FF180C3C:FF21953C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1D56CC(22206cc) PostBlockList: 0xFF1D5824:FF1D5824 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x11201ED0 C:\Program Files\McAfee\McAfee VirusScan\AvSynch.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7C13000 Stack Limit: 0xF7C10000 Kernel Stack: 0xF7C12930(Paged< 0:62f000> NA NA ) Resident: 0 User stack base: 0x01460000(22c7000 2dd0000 31b4000 ) User stack Limit: 0x0145D000 + 2d0 WinMgmt.exe Source: from_active_process_list Eprocess Block: 0xFF1FD720 (0x4859704) CreateTime: 0x1c569df99c39fd0 2005-06-05 15:02:32Z SecurityDescriptor: 0xE1000C78(159ac78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f0fff;;;SY)(A;;0x120410;;;BA) Session: 0x0 DirectoryTableBase: 0x68d4000 Process Environment Block: 0x7FFDF000 (4dcc000) Loader module block: 0x00131E90 (4dcc00c) Command Line: Section: 0xE12DBF10 (0x1965f10) Section Base Address: 0x00400000 () SectionBasedAddress: 0x09245C20 ) SizeOfSegment: 0x30000 SectionFileName: \WINNT\System32\WBEM\WinMgmt.exe 0xe138c148 (0x290a148) Handle Table: 0xFF1FDF88 (0x4859f88) Count: 90 TableCode: 0xE1F30000 Process exiting: 0 VAD Root: 0xFF15A248(23a8248) Private: 158 Modified: 2563 Locked: 0 AccessToken: 0xE1F2FCD0(494ecd0) SecurityDescriptor: 0xE130EF78(1a37f78) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;SWRC;;;BA) UserSid: S-1-5-18 AuthenticationID: {0,3e7} Expiration: 3000-01-01 01:01:01Z Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: *SYSTEM* {0,0} TokenFlags: 0x9 Token ID: {0,aec4} ParentToken ID: {0,0} Modified ID: {0,6730} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-32-544 Attributes: Default Enabled Owner 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-18 Privileges: 1 0x7 SeTcbPrivilege Default Enabled 2 0x2 SeCreateTokenPrivilege 3 0x9 SeTakeOwnershipPrivilege 4 0x15 SeCreatePagefilePrivilege Default Enabled 5 0x4 SeLockMemoryPrivilege Default Enabled 6 0x3 SeAssignPrimaryTokenPrivilege 7 0x5 SeIncreaseQuotaPrivilege 8 0x14 SeIncreaseBasePriorityPrivilege Default Enabled 9 0x16 SeCreatePermanentPrivilege Default Enabled 10 0x20 SeDebugPrivilege Default Enabled 11 0x21 SeAuditPrivilege Default Enabled 12 0x8 SeSecurityPrivilege 13 0x22 SeSystemEnvironmentPrivilege 14 0x23 SeChangeNotifyPrivilege Default Enabled 15 0x17 SeBackupPrivilege 16 0x18 SeRestorePrivilege 17 0x19 SeShutdownPrivilege 18 0x10 SeLoadDriverPrivilege Enabled 19 0x13 SeProfileSingleProcessPrivilege Default Enabled 20 0x12 SeSystemtimePrivilege 21 0x25 SeUndockPrivilege Enabled 0x00400000 0x00430000 (1) WinMgmt.exe <Paged: 0:6c0584> Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00020584 BaseDllName address: 0x00131F10 FullDllName physical address: 6c0584 BaseDllName physical address: ffcf10 0x77F80000 0x77FFA000 (1) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: ffcf80 BaseDllName physical address: ffcfa4 0x65C20000 0x65CCD000 (1) wbemcomn.dll C:\WINNT\System32\WBEM\wbemcomn.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132798 BaseDllName address: 0x001323F8 FullDllName physical address: 41db798 BaseDllName physical address: 41db3f8 0x77E10000 0x77E74000 (1) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x00132838 FullDllName physical address: 41db420 BaseDllName physical address: 41db838 0x77E80000 0x77F35000 (1) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001328D0 BaseDllName address: 0x001328A8 FullDllName physical address: 41db8d0 BaseDllName physical address: 41db8a8 0x77F40000 0x77F7C000 (1) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132988 BaseDllName address: 0x00132968 FullDllName physical address: 41db988 BaseDllName physical address: 41db968 0x78000000 0x78046000 (1) MSVCRT.dll C:\WINNT\system32\MSVCRT.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132A38 BaseDllName address: 0x00132A18 FullDllName physical address: 41dba38 BaseDllName physical address: 41dba18 0x77DB0000 0x77E0A000 (1) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132B10 BaseDllName address: 0x00132AE8 FullDllName physical address: 41dbb10 BaseDllName physical address: 41dbae8 0x77D40000 0x77DB0000 (1) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132BC8 BaseDllName address: 0x00132BA8 FullDllName physical address: 41dbbc8 BaseDllName physical address: 41dbba8 0x779B0000 0x77A45000 (1) OLEAUT32.dll C:\WINNT\system32\OLEAUT32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132C88 BaseDllName address: 0x00132C60 FullDllName physical address: 41dbc88 BaseDllName physical address: 41dbc60 0x77A50000 0x77B45000 (1) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132D40 BaseDllName address: 0x00132D20 FullDllName physical address: 41dbd40 BaseDllName physical address: 41dbd20 0x691D0000 0x69255000 (1) CLBCATQ.DLL C:\WINNT\system32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013F1E0 BaseDllName address: 0x0013F1C0 FullDllName physical address: 652e1e0 BaseDllName physical address: 652e1c0 Thread List Head: 0xFF1FD770 THREAD: 0xFF1FC020 (0x198a020) Cid: 2d0.2cc CreateTime: 0x1c569df99c39fd0 2005-06-05 15:02:32Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDE000(515000) ThreadsProcess: 0xFF1FD720 WinMgmt.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F2E668 Wait:(Executive) UserMode Non-Alertable WaitListHead: 0xFF1FC07C Contents: FF12ADFC:FF1AB6BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1FC08C(198a08c) PostBlockList: 0xFF1FC1E4:FF1FC1E4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x0041EFB6 <Paged: 0:6c0584> Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7DB3000 Stack Limit: 0xF7DB0000 Kernel Stack: 0xF7DB2BFC(Paged< 0:962000> NA NA ) Resident: 0 User stack base: 0x00130000(Paged< 0:18a000> Paged< 0:18b000> ) User stack Limit: 0x0012E000 THREAD: 0xFF1EC8A0 (0x4eb98a0) Cid: 2d0.2e8 CreateTime: 0x1c569df9a57d900 2005-06-05 15:02:33Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDD000(1c6b000) ThreadsProcess: 0xFF1FD720 WinMgmt.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F48828 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1EC8FC Contents: FF13A85C:FF13807C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1936E8(38e66e8) PostBlockList: 0xE1F484D0:E1F428D0 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77DC5AB7 C:\WINNT\system32\ADVAPI32.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7DA3000 Stack Limit: 0xF7DA0000 Kernel Stack: 0xF7DA2930(200a000 NA NA ) Resident: 0 User stack base: 0x00970000(80c000 38d8000 ) User stack Limit: 0x0096E000 THREAD: 0xFF18C4A0 (0x3a594a0) Cid: 2d0.154 CreateTime: 0x1c569dfa2885e40 2005-06-05 15:02:47Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x7FFDB000(3e20000) ThreadsProcess: 0xFF1FD720 WinMgmt.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE20A9748 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF18C4FC Contents: FCA2555C:FF1DA07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18C50C(3a5950c) PostBlockList: 0xFF18C664:FF18C664 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00000000 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF78B5000 Stack Limit: 0xF78B2000 Kernel Stack: 0xF78B4C48(644f000 NA NA ) Resident: 0 User stack base: 0x00B80000(38fe000 Paged< 0:5b8000> Paged< 0:5bb000> Paged< 0:557000> ) User stack Limit: 0x00B7C000 + 348 Explorer.Exe Source: from_active_process_list Eprocess Block: 0xFF1CDA00 (0x47039e4) CreateTime: 0x1c569df9f1523e0 2005-06-05 15:02:41Z SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x2cc0000 Process Environment Block: 0x7FFDF000 (2c65000) Loader module block: 0x00071E90 (2c6500c) Command Line: Explorer.Exe Section: 0xE12F39D0 (0x199b9d0) Section Base Address: 0x00400000 (565c000) SectionBasedAddress: 0x09542C28 ) SizeOfSegment: 0x3e000 SectionFileName: \WINNT\Explorer.Exe 0xe12e4b68 (0x197db68) Handle Table: 0xFF281E48 (0x9f9e48) Count: 307 TableCode: 0xE1FE2000 Process exiting: 0 VAD Root: 0xFF166728(7c66728) Private: 1444 Modified: 2440 Locked: 0 AccessToken: 0xE1EBA730(772c730) SecurityDescriptor: 0xE12CA398(1941398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,dba0} ParentToken ID: {0,0} Modified ID: {0,1d985} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x0043E000 (565c000) Explorer.Exe C:\WINNT\Explorer.Exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00020568 BaseDllName address: 0x00071F10 FullDllName physical address: 2c4a568 BaseDllName physical address: 2c56f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00071F88 BaseDllName address: 0x00071FAC FullDllName physical address: 2c56f88 BaseDllName physical address: 2c56fac 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072428 BaseDllName address: 0x00072400 FullDllName physical address: 2c57428 BaseDllName physical address: 2c57400 0x77E80000 0x77F35000 (58b4000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000724E8 BaseDllName address: 0x000724C0 FullDllName physical address: 2c574e8 BaseDllName physical address: 2c574c0 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000725A0 BaseDllName address: 0x00072580 FullDllName physical address: 2c575a0 BaseDllName physical address: 2c57580 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072658 BaseDllName address: 0x00072638 FullDllName physical address: 2c57658 BaseDllName physical address: 2c57638 0x77E10000 0x77E74000 (5a02000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072708 BaseDllName address: 0x000726E8 FullDllName physical address: 2c57708 BaseDllName physical address: 2c576e8 0x77C70000 0x77CBA000 (59ba000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000727C0 BaseDllName address: 0x000727A0 FullDllName physical address: 2c577c0 BaseDllName physical address: 2c577a0 0x77B50000 0x77BD9000 (59cb000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00072880 BaseDllName address: 0x00072858 FullDllName physical address: 2c57880 BaseDllName physical address: 2c57858 0x69800000 0x69A42000 (592f000) SHELL32.dll C:\WINNT\system32\SHELL32.dll Flags: 0x84004 LoadCount: 0x2e TlsIndex: 0 FullDllName virtual address: 0x00074DA8 BaseDllName address: 0x00072918 FullDllName physical address: 2ce0da8 BaseDllName physical address: 2c57918 0x77A50000 0x77B45000 (58c9000) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84004 LoadCount: 0x3e TlsIndex: 0 FullDllName virtual address: 0x00077580 BaseDllName address: 0x00077560 FullDllName physical address: 2d3e580 BaseDllName physical address: 2d3e560 0x691D0000 0x69255000 (1) CLBCATQ.DLL C:\WINNT\System32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00077DE8 BaseDllName address: 0x00077A30 FullDllName physical address: 2d3ede8 BaseDllName physical address: 2d3ea30 0x779B0000 0x77A45000 (1) OLEAUT32.dll C:\WINNT\system32\OLEAUT32.dll Flags: 0x84006 LoadCount: 0x12 TlsIndex: 0 FullDllName virtual address: 0x000780A0 BaseDllName address: 0x0007F978 FullDllName physical address: 24c10a0 BaseDllName physical address: 2f3e978 0x78000000 0x78046000 (59bc000) MSVCRT.dll C:\WINNT\system32\MSVCRT.dll Flags: 0x84006 LoadCount: 0x3d TlsIndex: 0 FullDllName virtual address: 0x00078158 BaseDllName address: 0x00078138 FullDllName physical address: 24c1158 BaseDllName physical address: 24c1138 0x77840000 0x7787C000 (2654000) cscui.dll C:\WINNT\System32\cscui.dll Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00089850 BaseDllName address: 0x00089830 FullDllName physical address: 3017850 BaseDllName physical address: 3017830 0x770C0000 0x770E3000 (a67000) CSCDLL.DLL C:\WINNT\System32\CSCDLL.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x000899F0 BaseDllName address: 0x000899D0 FullDllName physical address: 30179f0 BaseDllName physical address: 30179d0 0x76C80000 0x76D90000 (1) SHDOCVW.DLL C:\WINNT\System32\SHDOCVW.DLL Flags: 0xc4004 LoadCount: 0xc TlsIndex: 0 FullDllName virtual address: 0x00083E10 BaseDllName address: 0x00083E88 FullDllName physical address: 2fe9e10 BaseDllName physical address: 2fe9e88 0x76E10000 0x76ED7000 (1) browseui.dll C:\WINNT\System32\browseui.dll Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0008D268 BaseDllName address: 0x0008D2B0 FullDllName physical address: 3049268 BaseDllName physical address: 30492b0 0x77C10000 0x77C6D000 (1) USERENV.DLL C:\WINNT\System32\USERENV.DLL Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00093C00 BaseDllName address: 0x00092E78 FullDllName physical address: 3101c00 BaseDllName physical address: 3140e78 0x1A400000 0x1A471000 (1) URLMON.DLL C:\WINNT\system32\URLMON.DLL Flags: 0x84004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00098720 BaseDllName address: 0x00099948 FullDllName physical address: 2dac720 BaseDllName physical address: 2d8d948 0x77820000 0x77827000 (1) VERSION.DLL C:\WINNT\system32\VERSION.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x000AFBA0 BaseDllName address: 0x000AFB80 FullDllName physical address: 3168ba0 BaseDllName physical address: 3168b80 0x759B0000 0x759B6000 (1) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00090BE8 BaseDllName address: 0x000AFC38 FullDllName physical address: 30ccbe8 BaseDllName physical address: 3168c38 0x75D50000 0x75DD2000 (1) mlang.dll C:\WINNT\System32\mlang.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0008FED8 BaseDllName address: 0x000998B0 FullDllName physical address: 3092ed8 BaseDllName physical address: 2d8d8b0 0x75AF0000 0x75D30000 (1) mshtml.dll C:\WINNT\System32\mshtml.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000A1F08 BaseDllName address: 0x000962D0 FullDllName physical address: 31edf08 BaseDllName physical address: 2da42d0 0x76C00000 0x76C74000 (1) <Paged: 0:7d31d0> C:\WINNT\system32\WININET.DLL Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0008D0C8 BaseDllName address: 0x000A21D0 FullDllName physical address: 30490c8 BaseDllName physical address: 7d31d0 0x774E0000 0x77512000 (1) RASAPI32.DLL C:\WINNT\System32\RASAPI32.DLL Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000B23B0 BaseDllName address: 0x000ACC98 FullDllName physical address: 32f03b0 BaseDllName physical address: 32e1c98 0x774C0000 0x774D1000 (1) RASMAN.DLL C:\WINNT\System32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000B2410 BaseDllName address: 0x000ACC78 FullDllName physical address: 32f0410 BaseDllName physical address: 32e1c78 0x75030000 0x75044000 (1) WS2_32.DLL C:\WINNT\System32\WS2_32.DLL Flags: 0x84006 LoadCount: 0xf TlsIndex: 0 FullDllName virtual address: 0x000B24C8 BaseDllName address: 0x000B24A8 FullDllName physical address: 32f04c8 BaseDllName physical address: 32f04a8 0x75020000 0x75028000 (1) WS2HELP.DLL C:\WINNT\System32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x000B2580 BaseDllName address: 0x000B2560 FullDllName physical address: 32f0580 BaseDllName physical address: 32f0560 0x77530000 0x77552000 (1) TAPI32.DLL C:\WINNT\System32\TAPI32.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x000B2638 BaseDllName address: 0x000B2618 FullDllName physical address: 32f0638 BaseDllName physical address: 32f0618 0x77830000 0x7783E000 (1) RTUTILS.DLL C:\WINNT\System32\RTUTILS.DLL Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000B2C38 BaseDllName address: 0x000B2C18 FullDllName physical address: 32f0c38 BaseDllName physical address: 32f0c18 0x75AB0000 0x75AB5000 (1) sensapi.dll C:\WINNT\System32\sensapi.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B2F18 BaseDllName address: 0x000B26D0 FullDllName physical address: 32f0f18 BaseDllName physical address: 32f06d0 0x6E3D0000 0x6E413000 (1) INETCFG.DLL C:\WINNT\System32\INETCFG.DLL Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B6438 BaseDllName address: 0x000AE048 FullDllName physical address: 3406438 BaseDllName physical address: 3432048 0x76B30000 0x76B6E000 (1) comdlg32.dll C:\WINNT\system32\comdlg32.dll Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B6480 BaseDllName address: 0x000B6128 FullDllName physical address: 3406480 BaseDllName physical address: 3406128 0x75090000 0x750A0000 (1) MPR.dll C:\WINNT\system32\MPR.dll Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000B61A0 BaseDllName address: 0x000ADFF0 FullDllName physical address: 34061a0 BaseDllName physical address: 3377ff0 0x6EA10000 0x6EA15000 (1) ICFGNT5.DLL C:\WINNT\System32\ICFGNT5.DLL Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000ADAC8 BaseDllName address: 0x000AD848 FullDllName physical address: 3377ac8 BaseDllName physical address: 3377848 0x77880000 0x7790D000 (1) SETUPAPI.dll C:\WINNT\System32\SETUPAPI.dll Flags: 0x84006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x000ADB60 BaseDllName address: 0x000B6150 FullDllName physical address: 3377b60 BaseDllName physical address: 3406150 0x76DF0000 0x76E01000 (1) mydocs.dll C:\WINNT\System32\mydocs.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000D21B8 BaseDllName address: 0x000D2198 FullDllName physical address: 34341b8 BaseDllName physical address: 3434198 0x76FA0000 0x76FAF000 (1) ntshrui.dll C:\WINNT\System32\ntshrui.dll Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x000D2930 BaseDllName address: 0x000D2220 FullDllName physical address: 3434930 BaseDllName physical address: 3434220 0x773E0000 0x773F2000 (1) ATL.DLL C:\WINNT\System32\ATL.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x000D2B50 BaseDllName address: 0x000AD830 FullDllName physical address: 3434b50 BaseDllName physical address: 3377830 0x75170000 0x751BF000 (1) NETAPI32.DLL C:\WINNT\System32\NETAPI32.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x000AE160 BaseDllName address: 0x000AE138 FullDllName physical address: 3432160 BaseDllName physical address: 3432138 0x77BE0000 0x77BEF000 (1) SECUR32.DLL C:\WINNT\System32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x000AE1F8 BaseDllName address: 0x00097DA0 FullDllName physical address: 34321f8 BaseDllName physical address: 2db0da0 0x751C0000 0x751C6000 (1) NETRAP.DLL C:\WINNT\System32\NETRAP.DLL Flags: 0x4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x000AE290 BaseDllName address: 0x000D28F0 FullDllName physical address: 3432290 BaseDllName physical address: 34348f0 0x75150000 0x7515F000 (1) SAMLIB.DLL C:\WINNT\System32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x000AE328 BaseDllName address: 0x000D2910 FullDllName physical address: 3432328 BaseDllName physical address: 3434910 0x77950000 0x77979000 (1) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x000AE3C0 BaseDllName address: 0x0008FF30 FullDllName physical address: 34323c0 BaseDllName physical address: 3092f30 0x77980000 0x779A4000 (1) DNSAPI.DLL C:\WINNT\System32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x000AE478 BaseDllName address: 0x000AE458 FullDllName physical address: 3432478 BaseDllName physical address: 3432458 0x75050000 0x75058000 (1) WSOCK32.DLL C:\WINNT\System32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x000AE530 BaseDllName address: 0x000AE510 FullDllName physical address: 3432530 BaseDllName physical address: 3432510 0x76D90000 0x76DE3000 (1) shdoclc.dll C:\WINNT\System32\shdoclc.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BD2E0 BaseDllName address: 0x000AE740 FullDllName physical address: 35022e0 BaseDllName physical address: 3432740 0x76F20000 0x76F95000 (35a4000) NETSHELL.dll C:\WINNT\system32\NETSHELL.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C0668 BaseDllName address: 0x000C06B0 FullDllName physical address: 3550668 BaseDllName physical address: 35506b0 0x770F0000 0x772AE000 (1) MSI.DLL C:\WINNT\System32\MSI.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BFCE8 BaseDllName address: 0x000C00E0 FullDllName physical address: 3515ce8 BaseDllName physical address: 35500e0 0x75DE0000 0x75E57000 (1) jscript.dll C:\WINNT\System32\jscript.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BC2C8 BaseDllName address: 0x000BAC98 FullDllName physical address: 34262c8 BaseDllName physical address: 3424c98 0x76680000 0x766C1000 (1) webcheck.dll C:\WINNT\System32\webcheck.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BC368 BaseDllName address: 0x000BC3B0 FullDllName physical address: 3426368 BaseDllName physical address: 34263b0 0x766D0000 0x766E8000 (1) stobject.dll C:\WINNT\System32\stobject.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000BC710 BaseDllName address: 0x000BC6E8 FullDllName physical address: 3426710 BaseDllName physical address: 34266e8 0x76740000 0x76748000 (1) BATMETER.DLL C:\WINNT\System32\BATMETER.DLL Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000BC9F0 BaseDllName address: 0x000BC9C8 FullDllName physical address: 34269f0 BaseDllName physical address: 34269c8 0x766F0000 0x766F7000 (1) POWRPROF.DLL C:\WINNT\System32\POWRPROF.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x000BCA60 BaseDllName address: 0x000BCA38 FullDllName physical address: 3426a60 BaseDllName physical address: 3426a38 0x77570000 0x775A0000 (1) WINMM.DLL C:\WINNT\System32\WINMM.DLL Flags: 0xc4006 LoadCount: 0x10 TlsIndex: 0 FullDllName virtual address: 0x000C9A30 BaseDllName address: 0x000BCAF8 FullDllName physical address: 35a9a30 BaseDllName physical address: 3426af8 0x75160000 0x7516C000 (1) ntlanman.dll C:\WINNT\System32\ntlanman.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000CDD70 BaseDllName address: 0x00099C70 FullDllName physical address: 36b3d70 BaseDllName physical address: 2d8dc70 0x75210000 0x75225000 (1) NETUI0.DLL C:\WINNT\System32\NETUI0.DLL Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000CE108 BaseDllName address: 0x000C9B50 FullDllName physical address: 3769108 BaseDllName physical address: 35a9b50 0x751D0000 0x75208000 (1) NETUI1.DLL C:\WINNT\System32\NETUI1.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000CE1A0 BaseDllName address: 0x0008F578 FullDllName physical address: 37691a0 BaseDllName physical address: 3092578 0x77560000 0x77569000 (1) wdmaud.drv C:\WINNT\System32\wdmaud.drv Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x000AFAF0 BaseDllName address: 0x0008FEB8 FullDllName physical address: 3168af0 BaseDllName physical address: 3092eb8 0x75AC0000 0x75AE8000 (1) MSLS31.DLL C:\WINNT\System32\MSLS31.DLL Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C0380 BaseDllName address: 0x000D96C0 FullDllName physical address: 3550380 BaseDllName physical address: 38e16c0 0x77400000 0x77408000 (1) msacm32.drv C:\WINNT\System32\msacm32.drv Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000E0208 BaseDllName address: 0x000BD250 FullDllName physical address: 3a46208 BaseDllName physical address: 3502250 0x77410000 0x77423000 (1) MSACM32.dll C:\WINNT\System32\MSACM32.dll Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0009E168 BaseDllName address: 0x000D1EF0 FullDllName physical address: 3223168 BaseDllName physical address: 3871ef0 0x76290000 0x762CD000 (1) es.dll C:\WINNT\System32\es.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00077C58 BaseDllName address: 0x00089968 FullDllName physical address: 2d3ec58 BaseDllName physical address: 3017968 0x76120000 0x76178000 (1) TXFAUX.DLL C:\WINNT\System32\TXFAUX.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000BF860 BaseDllName address: 0x000B72F8 FullDllName physical address: 3515860 BaseDllName physical address: 33da2f8 0x75E60000 0x75E7A000 (1) IMM32.DLL C:\WINNT\System32\IMM32.DLL Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0008FE70 BaseDllName address: 0x0009B218 FullDllName physical address: 3092e70 BaseDllName physical address: 31ec218 0x6E490000 0x6E49A000 (1) imgutil.dll C:\WINNT\System32\imgutil.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000B6EA8 BaseDllName address: 0x000B63C0 FullDllName physical address: 3406ea8 BaseDllName physical address: 34063c0 0x76710000 0x76719000 (1) LINKINFO.DLL C:\WINNT\System32\LINKINFO.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000B6B58 BaseDllName address: 0x000B7318 FullDllName physical address: 3406b58 BaseDllName physical address: 33da318 0x69190000 0x6919E000 (1) pngfilt.dll C:\WINNT\System32\pngfilt.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000C6278 BaseDllName address: 0x0009AE28 FullDllName physical address: 35cb278 BaseDllName physical address: 31ebe28 0x10000000 0x1000A000 (1) WMHook.dll C:\Program Files\Sony\Jog Dial Utility\WMHook.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000D59F0 BaseDllName address: 0x000DA568 FullDllName physical address: 34529f0 BaseDllName physical address: 3902568 0x01D30000 0x01D3C000 (1) EzAuto.dll C:\Program Files\Apoint\EzAuto.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000D25F0 BaseDllName address: 0x000E6E98 FullDllName physical address: 34345f0 BaseDllName physical address: 3d45e98 0x76EE0000 0x76EEB000 (1) browselc.dll C:\WINNT\System32\browselc.dll Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000D24D8 BaseDllName address: 0x000BFB88 FullDllName physical address: 34344d8 BaseDllName physical address: 3515b88 0x658F0000 0x65A04000 (1) webvw.dll C:\WINNT\System32\webvw.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000DF0C8 BaseDllName address: 0x000DEED8 FullDllName physical address: 392a0c8 BaseDllName physical address: 392ded8 0x71F00000 0x71F4D000 (1) docprop2.dll C:\WINNT\System32\docprop2.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000F4530 BaseDllName address: 0x000DEFF8 FullDllName physical address: 2e94530 BaseDllName physical address: 392a000 0x6A8F0000 0x6A910000 (1) <Paged: 0:909fe8> C:\WINNT\System32\MSVFW32.DLL Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x000F4590 BaseDllName address: 0x000FFFE8 FullDllName physical address: 2e94590 BaseDllName physical address: 909fe8 0x74870000 0x74886000 (1) AVIFIL32.DLL C:\WINNT\System32\AVIFIL32.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000F4600 BaseDllName address: 0x000F45D8 FullDllName physical address: 2e94600 BaseDllName physical address: 2e945d8 0x70020000 0x70025000 (1) faxshell.dll C:\WINNT\system32\faxshell.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000ECD40 BaseDllName address: 0x000ECD88 FullDllName physical address: 43e2d40 BaseDllName physical address: 43e2d88 0x75D40000 0x75D46000 (1) msadp32.acm C:\WINNT\System32\msadp32.acm Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000E8F50 BaseDllName address: 0x000F4648 FullDllName physical address: 2f62f50 BaseDllName physical address: 2e94648 0x6B3D0000 0x6B40C000 (1) mshtmled.dll C:\WINNT\System32\mshtmled.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000F3858 BaseDllName address: 0x00102250 FullDllName physical address: f66858 BaseDllName physical address: 636b250 0x66650000 0x666A4000 (1) USP10.DLL C:\WINNT\System32\USP10.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x000F0430 BaseDllName address: 0x000FDBF0 FullDllName physical address: d20430 BaseDllName physical address: 48babf0 Thread List Head: 0xFF1CDA50 THREAD: 0xFF1CD780 (0x4703780) Cid: 348.344 CreateTime: 0x1c569df9f1523e0 2005-06-05 15:02:41Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(2c67000) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F600E8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF1CD7DC Contents: FF28457C:FF28D07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1CD7EC(47037ec) PostBlockList: 0xE1DD4E90:E1EC22D0 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x004015A8 C:\WINNT\Explorer.Exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7C63000 Stack Limit: 0xF7C5F000 Kernel Stack: 0xF7C62CC8(2c86000 NA NA NA ) Resident: 0 User stack base: 0x00070000(2c34000 2c3d000 2f9e000 Paged< 0:7e9000> Paged< 0:7ea000> Paged< 0:7eb000> Paged< 0:7ec000> Paged< 0:495000> Paged< 0:420000> Paged< 0:434000> Paged< 0:435000> Paged< 0:436000> Paged< 0:437000> Paged< 0:438000> ) User stack Limit: 0x00062000 THREAD: 0xFF1B2160 (0x2d3d160) Cid: 348.358 CreateTime: 0x1c569df9f50bc30 2005-06-05 15:02:42Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(3d74000) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE2013648 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1B21BC Contents: FF1AF1DC:FF1CD7DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1B21CC(2d3d1cc) PostBlockList: 0xFF1B2324:FF1B2324 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL LPC Server thread working on message Id 0xd1f Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7F3A000 Stack Limit: 0xF7F37000 Kernel Stack: 0xF7F39C48(38cc000 NA NA ) Resident: 0 User stack base: 0x00CF0000(4686000 ) User stack Limit: 0x00CEF000 THREAD: 0xFF1B16A0 (0x2ff56a0) Cid: 348.35c CreateTime: 0x1c569df9f6620d0 2005-06-05 15:02:42Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDC000(3051000) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 10 Base Priority: 9 Priority decrement: 0 Win32Thread: 0xE1ED5A48 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF1B16FC Contents: FF17779C:FF139B7C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1B170C(2ff570c) PostBlockList: 0xFF1B1864:FF1B1864 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77C8962F C:\WINNT\system32\SHLWAPI.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7C53000 Stack Limit: 0xF7C4E000 Kernel Stack: 0xF7C52CC8(3032000 8a8000 fed000 84d000 3b0d000 ) Resident: 1 User stack base: 0x00D30000(3058000 30c0000 Paged< 0:70f000> Paged< 0:712000> Paged< 0:41c000> ) User stack Limit: 0x00D2B000 THREAD: 0xFF1AF180 (0x30bd180) Cid: 348.304 CreateTime: 0x1c569df9fb10100 2005-06-05 15:02:42Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDB000(4d7f000) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EE3EA8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1AF1DC Contents: FF1A219C:FF1B21BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF12E168(664168) PostBlockList: 0xFF1AF344:FF1AF344 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x69803C33 C:\WINNT\system32\SHELL32.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7C33000 Stack Limit: 0xF7C30000 Kernel Stack: 0xF7C32930(66c7000 NA NA ) Resident: 0 User stack base: 0x00D80000(3541000 Paged< 0:41f000> ) User stack Limit: 0x00D7E000 THREAD: 0xFF1AC4E0 (0x33384e0) Cid: 348.2bc CreateTime: 0x1c569dfa0208db0 2005-06-05 15:02:43Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDA000(0) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1AC53C Contents: FF1A807C:FF13F07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1AC54C(333854c) PostBlockList: 0xFF1AC6A4:FF1AC6A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x778321FE C:\WINNT\System32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7D2F000 Stack Limit: 0xF7D2C000 Kernel Stack: 0xF7D2E930(2f43000 NA NA ) Resident: 0 THREAD: 0xFF1A8020 (0x3492020) Cid: 348.368 CreateTime: 0x1c569dfa08259b0 2005-06-05 15:02:44Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD8000(3494000) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EFE708 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1A807C Contents: FF189CBC:FF1AC53C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1A808C(349208c) PostBlockList: 0xFF1A81E4:FF1A81E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77C77CC4 C:\WINNT\system32\SHLWAPI.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF0640000 Stack Limit: 0xF063D000 Kernel Stack: 0xF063F930(3493000 NA NA ) Resident: 0 User stack base: 0x012E0000(343c000 Paged< 0:716000> Paged< 0:717000> Paged< 0:7d1000> Paged< 0:7d0000> Paged< 0:7d5000> Paged< 0:7d6000> ) User stack Limit: 0x012D9000 THREAD: 0xFF1A2900 (0x364e900) Cid: 348.384 CreateTime: 0x1c569dfa12d7eb0 2005-06-05 15:02:45Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD5000(367c000) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Alertable WaitListHead: 0xFF1A295C Contents: FF139B7C:FCA33DBC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1A29B4(364e9b4) PostBlockList: 0xFF1A2AC4:FF1A2AC4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F828B5 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B48000 Stack Limit: 0xF7B45000 Kernel Stack: 0xF7B47CC4(34b1000 3f3c000 4062000 ) Resident: 0 User stack base: 0x014F0000(89a000 ) User stack Limit: 0x014EF000 THREAD: 0xFF1A2140 (0x364e140) Cid: 348.388 CreateTime: 0x1c569dfa1415c20 2005-06-05 15:02:45Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD4000(2aa6000) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F0CEA8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF1A219C Contents: FF13169C:FF1AF1DC Queue List: 0xFF1A47E0:FF1A47E0 WaitBlockList: 0xFF1A21AC(364e1ac) PostBlockList: 0xFF1A2304:FF1A2304 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77F961B4 C:\WINNT\System32\ntdll.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7D63000 Stack Limit: 0xF7D60000 Kernel Stack: 0xF7D62C20(376c000 NA NA ) Resident: 0 User stack base: 0x01630000(2ac5000 2da6000 32e6000 Paged< 0:48e000> ) User stack Limit: 0x0162C000 THREAD: 0xFF1A0740 (0x37c0740) Cid: 348.38c CreateTime: 0x1c569dfa162fa40 2005-06-05 15:02:45Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFAF000(0) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 3 Base Priority: 1 Priority decrement: 0 Win32Thread: 0xE1EEB4E8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1A079C Contents: FF24F07C:FF1455BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1A07AC(37c07ac) PostBlockList: 0xFF1A0904:FF1A0904 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x766819DC C:\WINNT\System32\webcheck.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7F7A000 Stack Limit: 0xF7F77000 Kernel Stack: 0xF7F79930(6b4000 NA NA ) Resident: 0 THREAD: 0xFF1A04C0 (0x37c04c0) Cid: 348.390 CreateTime: 0x1c569dfa162fa40 2005-06-05 15:02:45Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFAE000(3775000) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F6CA48 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF1A051C Contents: FF18181C:FF21107C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1A052C(37c052c) PostBlockList: 0xFF1A0684:FF1A0684 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x766D1690 C:\WINNT\System32\stobject.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7F8A000 Stack Limit: 0xF7F84000 Kernel Stack: 0xF7F89C20(3820000 37df000 37be000 3860000 6c46000 3914000 ) Resident: 1 User stack base: 0x016B0000(3796000 4038000 Paged< 0:888000> Paged< 0:493000> ) User stack Limit: 0x016AC000 THREAD: 0xFF189C60 (0x3a7dc60) Cid: 348.3b4 CreateTime: 0x1c569dfa3011610 2005-06-05 15:02:48Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFAB000(0) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF189CBC Contents: FF1A59BC:FF1A807C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF189CCC(3a7dccc) PostBlockList: 0xFF189E24:FF189E24 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77562BDF C:\WINNT\System32\wdmaud.drv Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7FE5000 Stack Limit: 0xF7FE2000 Kernel Stack: 0xF7FE4930(50da000 NA NA ) Resident: 0 THREAD: 0xFF1A5960 (0x3524960) Cid: 348.3d0 CreateTime: 0x1c569dfa30ed6c0 2005-06-05 15:02:48Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFAA000(3bd4000) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF1A59BC Contents: FF1455BC:FF189CBC Queue List: 0xFCCC8760:FCCC8760 WaitBlockList: 0xFF1A59CC(35249cc) PostBlockList: 0xFF1A5B24:FF1A5B24 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B24000 Stack Limit: 0xF7B21000 Kernel Stack: 0xF7B23C90(3bf3000 NA NA ) Resident: 0 User stack base: 0x01900000(3c80000 ) User stack Limit: 0x018FF000 THREAD: 0xFF145560 (0x27a2560) Cid: 348.45c CreateTime: 0x1c569dfb025e8f0 2005-06-05 15:03:10Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD6000(0) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1455BC Contents: FF1A079C:FF1A59BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1455CC(27a25cc) PostBlockList: 0xFF145724:FF145724 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x766D5659 C:\WINNT\System32\stobject.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF79C1000 Stack Limit: 0xF79BE000 Kernel Stack: 0xF79C0CA0(4149000 NA NA ) Resident: 1 THREAD: 0xFF131640 (0x917640) Cid: 348.36c CreateTime: 0x1c569dfc4b621e0 2005-06-05 15:03:44Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD7000(62de000) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F26008 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF13169C Contents: FF12E8FC:FCDFEDFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1316AC(9176ac) PostBlockList: 0xFF131804:FF131804 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x76E36A12 C:\WINNT\System32\browseui.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF79BD000 Stack Limit: 0xF79B7000 Kernel Stack: 0xF79BCCC8(62fd000 NA NA NA NA NA ) Resident: 0 User stack base: 0x01FD0000(2f85000 5917000 3edc000 795a000 Paged< 0:961000> Paged< 0:8d4000> Paged< 0:8d5000> Paged< 0:8de000> Paged< 0:8dd000> Paged< 0:8e1000> Paged< 0:8ec000> Paged< 0:8ed000> Paged< 0:8ef000> ) User stack Limit: 0x01FC3000 THREAD: 0xFF13F020 (0x2061020) Cid: 348.490 CreateTime: 0x1c569dfc7876260 2005-06-05 15:03:49Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFA7000(0) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 10 Base Priority: 10 Priority decrement: 0 Win32Thread: 0xE20B18C8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF13F07C Contents: FCA371FC:FF13169C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF13F08C(206108c) PostBlockList: 0xFF13F1E4:FF13F1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77575BB9 C:\WINNT\System32\WINMM.DLL Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7C73000 Stack Limit: 0xF7C70000 Kernel Stack: 0xF7C72C20(6bf2000 NA NA ) Resident: 1 THREAD: 0xFF13E2E0 (0x21602e0) Cid: 348.370 CreateTime: 0x1c569e07693bf00 2005-06-05 15:08:43Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFAD000(0) ThreadsProcess: 0xFF1CDA00 Explorer.Exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE21145E8 Wait:(DelayExecution) UserMode Alertable WaitListHead: 0xFF13E33C Contents: FCA33DBC:FF1455BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF13E394(2160394) PostBlockList: 0xFF13E4A4:FF13E4A4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL LPC Server thread working on message Id 0xcfd Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF78F5000 Stack Limit: 0xF78F2000 Kernel Stack: 0xF78F4CC4(6363000 3ff8000 e30000 ) Resident: 1 + 398 Apoint.exe Source: from_active_process_list Eprocess Block: 0xFF1A12E0 (0x36ee2c4) CreateTime: 0x1c569dfa17cf470 2005-06-05 15:02:45Z SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x36fb000 Process Environment Block: 0x7FFDF000 (37ae000) Loader module block: 0x00131E90 (37ae00c) Command Line: "C:\Program Files\Apoint\Apoint.exe" Section: 0xE1334650 (0x1a96650) Section Base Address: 0x00400000 (371a000) SectionBasedAddress: 0x09809C28 ) SizeOfSegment: 0x1a000 SectionFileName: \Program Files\Apoint\Apoint.exe 0xe1e2b5a8 (0x7a2d5a8) Handle Table: 0xFF1A1248 (0x36ee248) Count: 50 TableCode: 0xE2029000 Process exiting: 0 VAD Root: 0xFF191068(39b1068) Private: 298 Modified: 0 Locked: 0 AccessToken: 0xE1F035D0(4f9d5d0) SecurityDescriptor: 0xE12CA398(1941398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,15ab6} ParentToken ID: {0,0} Modified ID: {0,ee03} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x0041A000 (371a000) Apoint.exe C:\Program Files\Apoint\Apoint.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00020588 BaseDllName address: 0x00131F10 FullDllName physical address: 37b3588 BaseDllName physical address: 37c5f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 37c5f80 BaseDllName physical address: 37c5fa4 0x77E80000 0x77F35000 (58b4000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x001323F8 FullDllName physical address: 377e420 BaseDllName physical address: 377e3f8 0x77E10000 0x77E74000 (5a02000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324F0 BaseDllName address: 0x001324D0 FullDllName physical address: 377e4f0 BaseDllName physical address: 377e4d0 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001325A8 BaseDllName address: 0x00132588 FullDllName physical address: 377e5a8 BaseDllName physical address: 377e588 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132660 BaseDllName address: 0x00132638 FullDllName physical address: 377e660 BaseDllName physical address: 377e638 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132718 BaseDllName address: 0x001326F8 FullDllName physical address: 377e718 BaseDllName physical address: 377e6f8 0x69800000 0x69A42000 (592f000) SHELL32.dll C:\WINNT\system32\SHELL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327D0 BaseDllName address: 0x001327B0 FullDllName physical address: 377e7d0 BaseDllName physical address: 377e7b0 0x77C70000 0x77CBA000 (59ba000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132888 BaseDllName address: 0x00132868 FullDllName physical address: 377e888 BaseDllName physical address: 377e868 0x77B50000 0x77BD9000 (59cb000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132948 BaseDllName address: 0x00132920 FullDllName physical address: 377e948 BaseDllName physical address: 377e920 0x77570000 0x775A0000 (7cd4000) WINMM.dll C:\WINNT\System32\WINMM.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132A00 BaseDllName address: 0x001329E0 FullDllName physical address: 377ea00 BaseDllName physical address: 377e9e0 0x10000000 0x1000A000 (39b5000) VXDIF.DLL C:\WINNT\System32\VXDIF.DLL Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00135E60 BaseDllName address: 0x00135E40 FullDllName physical address: 3850e60 BaseDllName physical address: 3850e40 0x77A50000 0x77B45000 (58c9000) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84004 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x001360F0 BaseDllName address: 0x00136228 FullDllName physical address: 39130f0 BaseDllName physical address: 3913228 0x779B0000 0x77A45000 (58fa000) OLEAUT32.DLL C:\WINNT\system32\OLEAUT32.DLL Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0013FB00 BaseDllName address: 0x0013FAD8 FullDllName physical address: 3b19b00 BaseDllName physical address: 3b19ad8 0x691D0000 0x69255000 (d00000) CLBCATQ.DLL C:\WINNT\System32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00141F10 BaseDllName address: 0x00141CE8 FullDllName physical address: 3b58f10 BaseDllName physical address: 3b58ce8 0x78000000 0x78046000 (59bc000) MSVCRT.dll C:\WINNT\system32\MSVCRT.dll Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x001420D8 BaseDllName address: 0x001420B8 FullDllName physical address: 3b570d8 BaseDllName physical address: 3b570b8 0x77840000 0x7787C000 (2654000) cscui.dll C:\WINNT\System32\cscui.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00148A30 BaseDllName address: 0x00148A10 FullDllName physical address: 3bf0a30 BaseDllName physical address: 3bf0a10 0x770C0000 0x770E3000 (a67000) CSCDLL.DLL C:\WINNT\System32\CSCDLL.DLL Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00148BF0 BaseDllName address: 0x00148BD0 FullDllName physical address: 3bf0bf0 BaseDllName physical address: 3bf0bd0 0x770F0000 0x772AE000 (18e8000) MSI.DLL C:\WINNT\System32\MSI.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014BB08 BaseDllName address: 0x0014BAF0 FullDllName physical address: 1c48b08 BaseDllName physical address: 1c48af0 0x00EE0000 0x00EFA000 (3dff000) Apoint.DLL C:\Program Files\Apoint\Apoint.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00144B78 BaseDllName address: 0x001433F8 FullDllName physical address: 3bb8b78 BaseDllName physical address: 3bb63f8 0x76B30000 0x76B6E000 (5921000) comdlg32.dll C:\WINNT\system32\comdlg32.dll Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00143340 BaseDllName address: 0x00143980 FullDllName physical address: 3bb6340 BaseDllName physical address: 3bb6980 0x77820000 0x77827000 (59a7000) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001440C8 BaseDllName address: 0x00143418 FullDllName physical address: 3bb80c8 BaseDllName physical address: 3bb6418 0x759B0000 0x759B6000 (5898000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00144560 BaseDllName address: 0x0013FAB8 FullDllName physical address: 3bb8560 BaseDllName physical address: 3b19ab8 0x01010000 0x01150000 (416b000) ApRes.dll C:\Program Files\Apoint\ApRes.dll Flags: 0x204004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014BDB8 BaseDllName address: 0x0013F930 FullDllName physical address: 1c48db8 BaseDllName physical address: 3b19930 0x01150000 0x0115C000 (42f0000) EzAuto.dll C:\Program Files\Apoint\EzAuto.dll Flags: 0x284004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0014BE58 BaseDllName address: 0x001433D8 FullDllName physical address: 1c48e58 BaseDllName physical address: 3bb63d8 0x01270000 0x0129D000 (42bd000) EzLaunch.DLL C:\Program Files\Apoint\EzLaunch.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00143C98 BaseDllName address: 0x00143F30 FullDllName physical address: 3bb6c98 BaseDllName physical address: 3bb6f30 0x77800000 0x7781D000 (53a9000) WINSPOOL.DRV C:\WINNT\System32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00145550 BaseDllName address: 0x001444F0 FullDllName physical address: 3b99550 BaseDllName physical address: 3bb84f0 0x013B0000 0x013BA000 (40bd000) WMHook.dll C:\Program Files\Sony\Jog Dial Utility\WMHook.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014B020 BaseDllName address: 0x0014BFE8 FullDllName physical address: 1c48020 BaseDllName physical address: 1c48fe8 Thread List Head: 0xFF1A1330 THREAD: 0xFF19F020 (0x37d0020) Cid: 398.394 CreateTime: 0x1c569dfa17cf470 2005-06-05 15:02:45Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(37d7000) ThreadsProcess: 0xFF1A12E0 Apoint.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EEE5A8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF19F07C Contents: FF11107C:FCDFF8FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF19F08C(37d008c) PostBlockList: 0xFF19F1E4:FF19F1E4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x004064A4 C:\Program Files\Apoint\Apoint.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7F4A000 Stack Limit: 0xF7F46000 Kernel Stack: 0xF7F49C20(38a0000 381f000 37fe000 3862000 ) Resident: 1 User stack base: 0x00130000(37cc000 37fa000 39ef000 3afa000 3b39000 3727000 3b74000 ) User stack Limit: 0x00129000 THREAD: 0xFF1898A0 (0x3a7d8a0) Cid: 398.350 CreateTime: 0x1c569dfa30732d0 2005-06-05 15:02:48Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(3be2000) ThreadsProcess: 0xFF1A12E0 Apoint.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF1898FC Contents: FF17AA9C:FF1CE41C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18990C(3a7d90c) PostBlockList: 0xFF189A64:FF189A64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B28000 Stack Limit: 0xF7B25000 Kernel Stack: 0xF7B27C48(3ba9000 NA NA ) Resident: 0 User stack base: 0x00EE0000(3bc6000 ) User stack Limit: 0x00EDF000 + 3bc HKserv.exe Source: from_active_process_list Eprocess Block: 0xFF1952C0 (0x38eb2a4) CreateTime: 0x1c569dfa215c330 2005-06-05 15:02:46Z SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x3906000 Process Environment Block: 0x7FFDF000 (38f4000) Loader module block: 0x00131E90 (38f400c) Command Line: "C:\Program Files\Sony\HotKey Utility\HKserv.exe" Section: 0xE1E1DEB0 (0x7902eb0) Section Base Address: 0x00400000 (350a000) SectionBasedAddress: 0x098C8C28 ) SizeOfSegment: 0xc000 SectionFileName: \Program Files\Sony\HotKey Utility\HKserv.exe 0xe1ec99a8 (0x52d79a8) Handle Table: 0xFF1A09C8 (0x37c09c8) Count: 55 TableCode: 0xE2024000 Process exiting: 0 VAD Root: 0xFF17A948(43d4948) Private: 232 Modified: 0 Locked: 0 AccessToken: 0xE1EEF030(4d49030) SecurityDescriptor: 0xE12CA398(1941398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,1e4e4} ParentToken ID: {0,0} Modified ID: {0,1d985} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x0040C000 (350a000) HKserv.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000205A0 BaseDllName address: 0x00131F10 FullDllName physical address: 38f95a0 BaseDllName physical address: 38eef10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 38eef80 BaseDllName physical address: 38eefa4 0x77570000 0x775A0000 (7cd4000) WINMM.dll C:\WINNT\System32\WINMM.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132418 BaseDllName address: 0x001323F8 FullDllName physical address: 38ef418 BaseDllName physical address: 38ef3f8 0x77E10000 0x77E74000 (5a02000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132810 BaseDllName address: 0x001327F0 FullDllName physical address: 38ef810 BaseDllName physical address: 38ef7f0 0x77E80000 0x77F35000 (58b4000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001328D0 BaseDllName address: 0x001328A8 FullDllName physical address: 38ef8d0 BaseDllName physical address: 38ef8a8 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132988 BaseDllName address: 0x00132968 FullDllName physical address: 38ef988 BaseDllName physical address: 38ef968 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132A40 BaseDllName address: 0x00132A18 FullDllName physical address: 38efa40 BaseDllName physical address: 38efa18 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132AF8 BaseDllName address: 0x00132AD8 FullDllName physical address: 38efaf8 BaseDllName physical address: 38efad8 0x77880000 0x7790D000 (7ce6000) SETUPAPI.dll C:\WINNT\System32\SETUPAPI.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132BD0 BaseDllName address: 0x00132BA8 FullDllName physical address: 38efbd0 BaseDllName physical address: 38efba8 0x78000000 0x78046000 (59bc000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132DB8 BaseDllName address: 0x00132D98 FullDllName physical address: 38efdb8 BaseDllName physical address: 38efd98 0x77C10000 0x77C6D000 (7606000) USERENV.DLL C:\WINNT\System32\USERENV.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132E70 BaseDllName address: 0x00132E50 FullDllName physical address: 38efe70 BaseDllName physical address: 38efe50 0x6C370000 0x6C462000 (39c8000) MFC42.DLL C:\WINNT\System32\MFC42.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132F28 BaseDllName address: 0x00132F08 FullDllName physical address: 38eff28 BaseDllName physical address: 38eff08 0x77B50000 0x77BD9000 (59cb000) COMCTL32.dll C:\WINNT\system32\COMCTL32.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00135FA8 BaseDllName address: 0x00133A00 FullDllName physical address: 3a6afa8 BaseDllName physical address: 3a2ba00 0x5FD00000 0x5FD0D000 (637e000) MFC42LOC.DLL C:\WINNT\System32\MFC42LOC.DLL Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00137AE8 BaseDllName address: 0x00136388 FullDllName physical address: 3aa4ae8 BaseDllName physical address: 3ac1388 0x10000000 0x10007000 (1f7e000) HKw2k.dll C:\Program Files\Sony\HotKey Utility\HKw2k.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00137C90 BaseDllName address: 0x00136368 FullDllName physical address: 3aa4c90 BaseDllName physical address: 3ac1368 0x00830000 0x0088C000 (3f99000) HKRes.dll C:\Program Files\Sony\HotKey Utility\HKRes.dll Flags: 0x204004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00137DF8 BaseDllName address: 0x00137DD8 FullDllName physical address: 3aa4df8 BaseDllName physical address: 3aa4dd8 0x00890000 0x0089E000 (414a000) JogDial.dll C:\Program Files\Common Files\Sony Shared\Jog Dial Utility\JogDial.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00137F58 BaseDllName address: 0x00137FF0 FullDllName physical address: 3aa4f58 BaseDllName physical address: 3a36000 0x77A50000 0x77B45000 (58c9000) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00132158 BaseDllName address: 0x00138060 FullDllName physical address: 38ef158 BaseDllName physical address: 3a36060 0x691D0000 0x69255000 (d00000) CLBCATQ.DLL C:\WINNT\System32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0013BAA0 BaseDllName address: 0x00137C38 FullDllName physical address: 43d0aa0 BaseDllName physical address: 3aa4c38 0x779B0000 0x77A45000 (58fa000) OLEAUT32.dll C:\WINNT\system32\OLEAUT32.dll Flags: 0x84006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0013BAE8 BaseDllName address: 0x001381E8 FullDllName physical address: 43d0ae8 BaseDllName physical address: 3a361e8 0x00ED0000 0x00EDA000 (40bd000) WMHook.dll C:\Program Files\Sony\Jog Dial Utility\WMHook.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00146A10 BaseDllName address: 0x00142D38 FullDllName physical address: 2faaa10 BaseDllName physical address: 440bd38 0x00FF0000 0x00FFE000 (261000) SnyUtils.dll C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00141E90 BaseDllName address: 0x0013D668 FullDllName physical address: 43d3e90 BaseDllName physical address: 43d2668 0x01000000 0x0101E000 (4724000) sxbios.dll C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013DE48 BaseDllName address: 0x0013E128 FullDllName physical address: 43d2e48 BaseDllName physical address: 4406128 0x77800000 0x7781D000 (53a9000) WINSPOOL.DRV C:\WINNT\System32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00142D88 BaseDllName address: 0x0013D6F0 FullDllName physical address: 440bd88 BaseDllName physical address: 43d26f0 0x766F0000 0x766F7000 (25b8000) powrprof.dll C:\WINNT\System32\powrprof.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013F540 BaseDllName address: 0x0013D718 FullDllName physical address: 4407540 BaseDllName physical address: 43d2718 Thread List Head: 0xFF195310 THREAD: 0xFF194020 (0x38cf020) Cid: 3bc.3b8 CreateTime: 0x1c569dfa215c330 2005-06-05 15:02:46Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(38fc000) ThreadsProcess: 0xFF1952C0 HKserv.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE20549A8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF19407C Contents: FF12E67C:FF226A1C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF19408C(38cf08c) PostBlockList: 0xFF1941E4:FF1941E4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00406FD4 C:\Program Files\Sony\HotKey Utility\HKserv.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7F2A000 Stack Limit: 0xF7F26000 Kernel Stack: 0xF7F29C20(Paged< 0:998000> NA NA NA ) Resident: 0 User stack base: 0x00130000(390c000 3a38000 43b2000 2f6a000 ) User stack Limit: 0x0012C000 THREAD: 0xFF17AA40 (0x43d4a40) Cid: 3bc.410 CreateTime: 0x1c569dfa51e0670 2005-06-05 15:02:51Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(43e9000) ThreadsProcess: 0xFF1952C0 HKserv.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF17AA9C Contents: FF147B9C:FF1898FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF17AAAC(43d4aac) PostBlockList: 0xFF17AC04:FF17AC04 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL LPC Server thread working on message Id 0x4f1 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B20000 Stack Limit: 0xF7B1D000 Kernel Stack: 0xF7B1FC48(3205000 NA NA ) Resident: 0 User stack base: 0x00DC0000(43ef000 ) User stack Limit: 0x00DBF000 THREAD: 0xFF149BA0 (0x54caba0) Cid: 3bc.478 CreateTime: 0x1c569dfaf9adae0 2005-06-05 15:03:09Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDB000(35b1000) ThreadsProcess: 0xFF1952C0 HKserv.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF149BFC Contents: FF15957C:FCDFFB7C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF149C0C(54cac0c) PostBlockList: 0xFF149D64:FF149D64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00FF4420 C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF79D5000 Stack Limit: 0xF79D2000 Kernel Stack: 0xF79D4CA0(35b0000 358f000 358e000 ) Resident: 1 User stack base: 0x01230000(35c9000 ) User stack Limit: 0x0122F000 + 3c8 JogServ2.exe Source: from_active_process_list Eprocess Block: 0xFF192780 (0x3992764) CreateTime: 0x1c569dfa25d9500 2005-06-05 15:02:47Z SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x39ff000 Process Environment Block: 0x7FFDF000 (3a3a000) Loader module block: 0x00131E90 (3a3a00c) Command Line: "C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe" Section: 0xE20221D0 (0x38e71d0) Section Base Address: 0x00400000 (39d9000) SectionBasedAddress: 0x098F3438 ) SizeOfSegment: 0x151000 SectionFileName: \Program Files\Sony\Jog Dial Utility\JogServ2.exe 0xe13ad3c8 (0x2b2a3c8) Handle Table: 0xFF194388 (0x38cf388) Count: 89 TableCode: 0xE2050000 Process exiting: 0 VAD Root: 0xFF160DA8(708da8) Private: 588 Modified: 4 Locked: 0 AccessToken: 0xE204F130(39bb130) SecurityDescriptor: 0xE12CA398(1941398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,1f9de} ParentToken ID: {0,0} Modified ID: {0,1d985} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x00551000 (39d9000) JogServ2.exe C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000205F4 BaseDllName address: 0x00131F10 FullDllName physical address: 39bc5f4 BaseDllName physical address: 39cff10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F88 BaseDllName address: 0x00131FAC FullDllName physical address: 39cff88 BaseDllName physical address: 39cffac 0x77820000 0x77827000 (59a7000) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x00132400 FullDllName physical address: 39d3420 BaseDllName physical address: 39d3400 0x77E80000 0x77F35000 (58b4000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324E0 BaseDllName address: 0x001324B8 FullDllName physical address: 39d34e0 BaseDllName physical address: 39d34b8 0x759B0000 0x759B6000 (5898000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132598 BaseDllName address: 0x00132578 FullDllName physical address: 39d3598 BaseDllName physical address: 39d3578 0x77E10000 0x77E74000 (5a02000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132648 BaseDllName address: 0x00132628 FullDllName physical address: 39d3648 BaseDllName physical address: 39d3628 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132700 BaseDllName address: 0x001326E0 FullDllName physical address: 39d3700 BaseDllName physical address: 39d36e0 0x77570000 0x775A0000 (7cd4000) WINMM.dll C:\WINNT\System32\WINMM.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327B0 BaseDllName address: 0x00132790 FullDllName physical address: 39d37b0 BaseDllName physical address: 39d3790 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132C00 BaseDllName address: 0x00132BD8 FullDllName physical address: 39d3c00 BaseDllName physical address: 39d3bd8 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132CB8 BaseDllName address: 0x00132C98 FullDllName physical address: 39d3cb8 BaseDllName physical address: 39d3c98 0x10000000 0x10009000 (2d53000) SeTimer.dll C:\Program Files\Sony\Jog Dial Utility\SeTimer.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132F50 BaseDllName address: 0x00132D68 FullDllName physical address: 39d3f50 BaseDllName physical address: 39d3d68 0x6C370000 0x6C462000 (39c8000) MFC42.DLL C:\WINNT\System32\MFC42.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133030 BaseDllName address: 0x00133010 FullDllName physical address: 3ae7030 BaseDllName physical address: 3ae7010 0x78000000 0x78046000 (59bc000) MSVCRT.dll C:\WINNT\system32\MSVCRT.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132D88 BaseDllName address: 0x001330C0 FullDllName physical address: 39d3d88 BaseDllName physical address: 3ae70c0 0x00230000 0x0024B000 (3b4b000) SeCommon.dll C:\Program Files\Sony\Jog Dial Utility\SeCommon.dll Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001331A0 BaseDllName address: 0x00133130 FullDllName physical address: 3ae71a0 BaseDllName physical address: 3ae7130 0x69800000 0x69A42000 (592f000) SHELL32.dll C:\WINNT\system32\SHELL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133158 BaseDllName address: 0x00133260 FullDllName physical address: 3ae7158 BaseDllName physical address: 3ae7260 0x77C70000 0x77CBA000 (59ba000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001332F0 BaseDllName address: 0x001332D0 FullDllName physical address: 3ae72f0 BaseDllName physical address: 3ae72d0 0x77B50000 0x77BD9000 (59cb000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001333B0 BaseDllName address: 0x00133388 FullDllName physical address: 3ae73b0 BaseDllName physical address: 3ae7388 0x77A50000 0x77B45000 (58c9000) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133468 BaseDllName address: 0x00133448 FullDllName physical address: 3ae7468 BaseDllName physical address: 3ae7448 0x00250000 0x00267000 (3cac000) PnPEvent.dll C:\Program Files\Sony\Jog Dial Utility\PnPEvent.dll Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133568 BaseDllName address: 0x001334F8 FullDllName physical address: 3ae7568 BaseDllName physical address: 3ae74f8 0x779B0000 0x77A45000 (58fa000) OLEAUT32.dll C:\WINNT\system32\OLEAUT32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133520 BaseDllName address: 0x00133628 FullDllName physical address: 3ae7520 BaseDllName physical address: 3ae7628 0x5FD00000 0x5FD0D000 (637e000) MFC42LOC.DLL C:\WINNT\System32\MFC42LOC.DLL Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00137A68 BaseDllName address: 0x00134108 FullDllName physical address: 3e65a68 BaseDllName physical address: 3e28108 0x00980000 0x00B11000 (3ea6000) SeLocale.DLL C:\Program Files\Sony\Jog Dial Utility\SeLocale.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00137F28 BaseDllName address: 0x00137DC8 FullDllName physical address: 3e65f28 BaseDllName physical address: 3e65dc8 0x691D0000 0x69255000 (d00000) CLBCATQ.DLL C:\WINNT\System32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00140AC8 BaseDllName address: 0x00140AA8 FullDllName physical address: 6635ac8 BaseDllName physical address: 6635aa8 0x01140000 0x012CD000 (4548000) UILib.dll C:\PROGRA~1\COMMON~1\SONYSH~1\UILIBR~1\UILib.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00144360 BaseDllName address: 0x001443D0 FullDllName physical address: 66b2360 BaseDllName physical address: 66b23d0 0x77800000 0x7781D000 (53a9000) WINSPOOL.DRV C:\WINNT\System32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00144468 BaseDllName address: 0x00144440 FullDllName physical address: 66b2468 BaseDllName physical address: 66b2440 0x012E0000 0x01367000 (3a7000) gold.dll C:\Program Files\Common Files\Sony Shared\UILibrary\Tastes\gold.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00146BB8 BaseDllName address: 0x001469B0 FullDllName physical address: 6a2bb8 BaseDllName physical address: 6a29b0 0x01490000 0x01561000 (7caa000) JogLocale.dll C:\Program Files\Sony\Jog Dial Utility\JogLocale.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014A2C0 BaseDllName address: 0x00146C60 FullDllName physical address: 7c702c0 BaseDllName physical address: 6a2c60 0x01670000 0x0167E000 (261000) SnyUtils.dll C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014AD08 BaseDllName address: 0x0014ADA0 FullDllName physical address: 7c70d08 BaseDllName physical address: 7c70da0 0x77880000 0x7790D000 (7ce6000) SETUPAPI.dll C:\WINNT\System32\SETUPAPI.dll Flags: 0x84006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00146968 BaseDllName address: 0x0014ADC8 FullDllName physical address: 6a2968 BaseDllName physical address: 7c70dc8 0x77C10000 0x77C6D000 (7606000) USERENV.DLL C:\WINNT\System32\USERENV.DLL Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0014AE40 BaseDllName address: 0x00147668 FullDllName physical address: 7c70e40 BaseDllName physical address: 847668 0x01680000 0x0169E000 (4724000) sxbios.dll C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014AB00 BaseDllName address: 0x00132198 FullDllName physical address: 7c70b00 BaseDllName physical address: 39d3198 0x766F0000 0x766F7000 (25b8000) powrprof.dll C:\WINNT\System32\powrprof.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014B770 BaseDllName address: 0x001380A8 FullDllName physical address: 7b76770 BaseDllName physical address: 3e660a8 0x018B0000 0x018BA000 (40bd000) WMHook.dll C:\Program Files\Sony\Jog Dial Utility\WMHook.dll Flags: 0x284004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0014A7A8 BaseDllName address: 0x0014B850 FullDllName physical address: 7c707a8 BaseDllName physical address: 7b76850 0x019D0000 0x01A0C000 (4de8000) GUIPlugInCJ.dll C:\Program Files\Sony\Jog GUI PlugIn CJ\GUIPlugInCJ.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014A938 BaseDllName address: 0x0014B9E0 FullDllName physical address: 7c70938 BaseDllName physical address: 7b769e0 0x01C60000 0x01C6C000 (42f0000) EzAuto.dll C:\Program Files\Apoint\EzAuto.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00143240 BaseDllName address: 0x00149BF8 FullDllName physical address: 66c3240 BaseDllName physical address: fc5bf8 0x01D80000 0x01D9A000 (3dff000) Apoint.DLL C:\Program Files\Apoint\Apoint.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014F6F8 BaseDllName address: 0x00158F68 FullDllName physical address: 2f846f8 BaseDllName physical address: 509ff68 0x76B30000 0x76B6E000 (5921000) comdlg32.dll C:\WINNT\system32\comdlg32.dll Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014BA08 BaseDllName address: 0x0014AB80 FullDllName physical address: 7b76a08 BaseDllName physical address: 7c70b80 0x01DA0000 0x01DAA000 (39b5000) Vxdif.dll C:\WINNT\System32\Vxdif.dll Flags: 0x284006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00143BD0 BaseDllName address: 0x00149328 FullDllName physical address: 66c3bd0 BaseDllName physical address: fc5328 Thread List Head: 0xFF1927D0 THREAD: 0xFF18D880 (0x3a3f880) Cid: 3c8.3c4 CreateTime: 0x1c569dfa25f1c30 2005-06-05 15:02:47Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(395e000) ThreadsProcess: 0xFF192780 JogServ2.exe Priority: 12 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE201E008 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF18D8DC Contents: FF21107C:FF1A48BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18D8EC(3a3f8ec) PostBlockList: 0xE1EC2D10:E2026B50 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x0043F6C8 C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7C23000 Stack Limit: 0xF7C1D000 Kernel Stack: 0xF7C22C20(3e0d000 3e2c000 3e2b000 3e0f000 5611000 4ec3000 ) Resident: 1 User stack base: 0x00130000(3a3d000 3e27000 2968000 5196000 45f7000 500d000 1e17000 ) User stack Limit: 0x00129000 THREAD: 0xFF159520 (0x4882520) Cid: 3c8.400 CreateTime: 0x1c569dfaafc1fc0 2005-06-05 15:03:01Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDB000(4603000) ThreadsProcess: 0xFF192780 JogServ2.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF15957C Contents: FF15FCBC:FF27581C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF15958C(488258c) PostBlockList: 0xFF1596E4:FF1596E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x01674420 C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B34000 Stack Limit: 0xF7B31000 Kernel Stack: 0xF7B33CA0(38bb000 38da000 3916000 ) Resident: 1 User stack base: 0x018B0000(4104000 ) User stack Limit: 0x018AF000 THREAD: 0xFF139020 (0x1bc6020) Cid: 3c8.4cc CreateTime: 0x1c569e084a0d660 2005-06-05 15:09:06Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(363d000) ThreadsProcess: 0xFF192780 JogServ2.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF13907C Contents: FF13407C:FCC8407C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF13908C(1bc608c) PostBlockList: 0xFF1391E4:FF1391E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8037000 Stack Limit: 0xF8034000 Kernel Stack: 0xF8036C48(1c71000 NA NA ) Resident: 0 User stack base: 0x01FC0000(2e15000 ) User stack Limit: 0x01FBF000 + 37c DragDrop.exe Source: from_active_process_list Eprocess Block: 0xFF19CD60 (0x381cd44) CreateTime: 0x1c569dfa2dae260 2005-06-05 15:02:48Z SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x3991000 Process Environment Block: 0x7FFDF000 (3635000) Loader module block: 0x00131E90 (363500c) Command Line: "C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe" /StartUp Section: 0xE1315F30 (0x1a3ef30) Section Base Address: 0x00400000 (3adb000) SectionBasedAddress: 0x09555C30 ) SizeOfSegment: 0xa9000 SectionFileName: \Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe 0xe135f368 (0x2169368) Handle Table: 0xFF1AEA08 (0x2db6a08) Count: 62 TableCode: 0xE1FE8000 Process exiting: 0 VAD Root: 0xFF1A0B48(37c0b48) Private: 851 Modified: 0 Locked: 0 AccessToken: 0xE1FE61F0(3b3a1f0) SecurityDescriptor: 0xE12CA398(1941398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,20826} ParentToken ID: {0,0} Modified ID: {0,1d985} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x004A9000 (3adb000) DragDrop.exe C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000205A8 BaseDllName address: 0x00131F10 FullDllName physical address: 38d95a8 BaseDllName physical address: 39a3f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F88 BaseDllName address: 0x00131FAC FullDllName physical address: 39a3f88 BaseDllName physical address: 39a3fac 0x10000000 0x10019000 (3b89000) PRIMOSDK.dll C:\Program Files\Drag'n Drop CD\BinFiles\PRIMOSDK.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327C8 BaseDllName address: 0x00132400 FullDllName physical address: 37247c8 BaseDllName physical address: 3724400 0x77E80000 0x77F35000 (58b4000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132428 BaseDllName address: 0x00132890 FullDllName physical address: 3724428 BaseDllName physical address: 3724890 0x77E10000 0x77E74000 (5a02000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132940 BaseDllName address: 0x00132920 FullDllName physical address: 3724940 BaseDllName physical address: 3724920 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001329F8 BaseDllName address: 0x001329D8 FullDllName physical address: 37249f8 BaseDllName physical address: 37249d8 0x77820000 0x77827000 (59a7000) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132AA8 BaseDllName address: 0x00132A88 FullDllName physical address: 3724aa8 BaseDllName physical address: 3724a88 0x759B0000 0x759B6000 (5898000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132B60 BaseDllName address: 0x00132B40 FullDllName physical address: 3724b60 BaseDllName physical address: 3724b40 0x00230000 0x0026F000 (3c84000) PX.dll C:\WINNT\System32\PX.dll Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132BF0 BaseDllName address: 0x00132908 FullDllName physical address: 3724bf0 BaseDllName physical address: 3724908 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132DE8 BaseDllName address: 0x00132DC0 FullDllName physical address: 3724de8 BaseDllName physical address: 3724dc0 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132EA0 BaseDllName address: 0x00132E80 FullDllName physical address: 3724ea0 BaseDllName physical address: 3724e80 0x00270000 0x00328000 (3f14000) ezCDmker.dll C:\Program Files\Drag'n Drop CD\BinFiles\ezCDmker.dll Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132FA8 BaseDllName address: 0x00132F38 FullDllName physical address: 3f13000 BaseDllName physical address: 3724f38 0x77570000 0x775A0000 (7cd4000) WINMM.dll C:\WINNT\System32\WINMM.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133090 BaseDllName address: 0x00133070 FullDllName physical address: 3f13090 BaseDllName physical address: 3f13070 0x76B30000 0x76B6E000 (5921000) comdlg32.dll C:\WINNT\system32\comdlg32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132F60 BaseDllName address: 0x00133250 FullDllName physical address: 3724f60 BaseDllName physical address: 3f13250 0x77C70000 0x77CBA000 (59ba000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001332E8 BaseDllName address: 0x001332C8 FullDllName physical address: 3f132e8 BaseDllName physical address: 3f132c8 0x77B50000 0x77BD9000 (59cb000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001333A8 BaseDllName address: 0x00133380 FullDllName physical address: 3f133a8 BaseDllName physical address: 3f13380 0x69800000 0x69A42000 (592f000) SHELL32.DLL C:\WINNT\system32\SHELL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133460 BaseDllName address: 0x00133440 FullDllName physical address: 3f13460 BaseDllName physical address: 3f13440 0x78000000 0x78046000 (59bc000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133518 BaseDllName address: 0x001334F8 FullDllName physical address: 3f13518 BaseDllName physical address: 3f134f8 0x77800000 0x7781D000 (53a9000) WINSPOOL.DRV C:\WINNT\System32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001335D8 BaseDllName address: 0x001335B0 FullDllName physical address: 3f135d8 BaseDllName physical address: 3f135b0 0x00330000 0x00337000 (5962000) TRANSWIN.dll C:\Program Files\Drag'n Drop CD\BinFiles\TRANSWIN.dll Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001336E0 BaseDllName address: 0x00133670 FullDllName physical address: 3f136e0 BaseDllName physical address: 3f13670 0x6C370000 0x6C462000 (39c8000) MFC42.DLL C:\WINNT\System32\MFC42.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001337C8 BaseDllName address: 0x001337A8 FullDllName physical address: 3f137c8 BaseDllName physical address: 3f137a8 0x00340000 0x0036D000 (5a65000) DGSSTRM.DLL C:\Program Files\Drag'n Drop CD\BinFiles\DGSSTRM.DLL Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133878 BaseDllName address: 0x00133858 FullDllName physical address: 3f13878 BaseDllName physical address: 3f13858 0x77410000 0x77423000 (2d13000) MSACM32.dll C:\WINNT\System32\MSACM32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133698 BaseDllName address: 0x00133940 FullDllName physical address: 3f13698 BaseDllName physical address: 3f13940 0x00370000 0x00399000 (6afe000) ezLICEN.dll C:\Program Files\Drag'n Drop CD\BinFiles\ezLICEN.dll Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133A18 BaseDllName address: 0x001339B0 FullDllName physical address: 3f13a18 BaseDllName physical address: 3f139b0 0x76C00000 0x76C74000 (5958000) WININET.dll C:\WINNT\system32\WININET.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001339D0 BaseDllName address: 0x00133AE0 FullDllName physical address: 3f139d0 BaseDllName physical address: 3f13ae0 0x752F0000 0x7530F000 (598b000) oledlg.dll C:\WINNT\System32\oledlg.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133B70 BaseDllName address: 0x00133B50 FullDllName physical address: 3f13b70 BaseDllName physical address: 3f13b50 0x77A50000 0x77B45000 (58c9000) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133C28 BaseDllName address: 0x00133C08 FullDllName physical address: 3f13c28 BaseDllName physical address: 3f13c08 0x695E0000 0x69609000 (afe000) OLEPRO32.DLL C:\WINNT\System32\OLEPRO32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133CE0 BaseDllName address: 0x00133CB8 FullDllName physical address: 3f13ce0 BaseDllName physical address: 3f13cb8 0x779B0000 0x77A45000 (58fa000) OLEAUT32.dll C:\WINNT\system32\OLEAUT32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133DA0 BaseDllName address: 0x00133D78 FullDllName physical address: 3f13da0 BaseDllName physical address: 3f13d78 0x5FD00000 0x5FD0D000 (637e000) MFC42LOC.DLL C:\WINNT\System32\MFC42LOC.DLL Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013A2E0 BaseDllName address: 0x001348D0 FullDllName physical address: 3552e0 BaseDllName physical address: d7f8d0 0x01780000 0x017EA000 (656c000) DDCDRES.DLL C:\Program Files\Drag'n Drop CD\BinFiles\DDCDRES.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0013ED00 BaseDllName address: 0x001612E0 FullDllName physical address: dc7d00 BaseDllName physical address: 4e762e0 0x01800000 0x0181D000 (5f7000) PXMAS.DLL C:\WINNT\System32\PXMAS.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00137B50 BaseDllName address: 0x00164FD0 FullDllName physical address: f1ab50 BaseDllName physical address: 4876fd0 0x01930000 0x01998000 (4ddd000) PXWAVE.DLL C:\WINNT\System32\PXWAVE.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00161258 BaseDllName address: 0x00165080 FullDllName physical address: 4e76258 BaseDllName physical address: 4d93080 0x01AB0000 0x01AB7000 (4bcd000) TRANS.DLL C:\Program Files\Drag'n Drop CD\BinFiles\TRANS.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00133E38 BaseDllName address: 0x001650F0 FullDllName physical address: 3f13e38 BaseDllName physical address: 4d930f0 0x01AC0000 0x01AE2000 (6b59000) DGMP3RD.DLL C:\Program Files\Drag'n Drop CD\BinFiles\DGMP3RD.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00164F48 BaseDllName address: 0x00166250 FullDllName physical address: 4876f48 BaseDllName physical address: 22b8250 0x01C00000 0x01C13000 (5591000) DGWAVOT.DLL C:\Program Files\Drag'n Drop CD\BinFiles\DGWAVOT.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001662C0 BaseDllName address: 0x00166338 FullDllName physical address: 22b82c0 BaseDllName physical address: 22b8338 0x01D30000 0x01D43000 (40d2000) DGWAVRD.DLL C:\Program Files\Drag'n Drop CD\BinFiles\DGWAVRD.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001663A8 BaseDllName address: 0x00166420 FullDllName physical address: 22b83a8 BaseDllName physical address: 22b8420 0x01E60000 0x01E76000 (409a000) DGWAVWT.DLL C:\Program Files\Drag'n Drop CD\BinFiles\DGWAVWT.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00166518 BaseDllName address: 0x00166590 FullDllName physical address: 22b8518 BaseDllName physical address: 22b8590 0x01F90000 0x02001000 (47f6000) DGMP3WT.DLL C:\Program Files\Drag'n Drop CD\BinFiles\DGMP3WT.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001666E0 BaseDllName address: 0x00166670 FullDllName physical address: 22b86e0 BaseDllName physical address: 22b8670 0x02020000 0x0202A000 (40bd000) WMHook.dll C:\Program Files\Sony\Jog Dial Utility\WMHook.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00166600 BaseDllName address: 0x00165248 FullDllName physical address: 22b8600 BaseDllName physical address: 4d93248 Thread List Head: 0xFF19CDB0 THREAD: 0xFF1A4860 (0x3588860) Cid: 37c.380 CreateTime: 0x1c569dfa2dae260 2005-06-05 15:02:48Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(395a000) ThreadsProcess: 0xFF19CD60 DragDrop.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE2083A48 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF1A48BC Contents: FCDFF8FC:FF12A8FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1A48CC(35888cc) PostBlockList: 0xE2045590:E2046B70 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x0044ACB1 C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF793D000 Stack Limit: 0xF7938000 Kernel Stack: 0xF793CC20(bec000 c4b000 c2a000 bed000 1eb2000 ) Resident: 1 User stack base: 0x00130000(3661000 c38000 26e000 5140000 ) User stack Limit: 0x0012C000 + 3e0 alogserv.exe Source: from_active_process_list Eprocess Block: 0xFF188020 (0x3c42004) CreateTime: 0x1c569dfa3508bd0 2005-06-05 15:02:48Z SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x3cbf000 Process Environment Block: 0x7FFDF000 (3ce4000) Loader module block: 0x00131E90 (3ce400c) Command Line: "C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe" Section: 0xE2063B50 (0x3ae3b50) Section Base Address: 0x00400000 (3c8d000) SectionBasedAddress: 0x09567C30 ) SizeOfSegment: 0x8000 SectionFileName: \Program Files\McAfee\McAfee VirusScan\alogserv.exe 0xe1309d68 (0x19fad68) Handle Table: 0xFF1CB548 (0x2d34548) Count: 21 TableCode: 0xE1FF8000 Process exiting: 0 VAD Root: 0xFF184008(3e2f008) Private: 106 Modified: 0 Locked: 0 AccessToken: 0xE1FF6A10(3ca6a10) SecurityDescriptor: 0xE12CA398(1941398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,211fc} ParentToken ID: {0,0} Modified ID: {0,1d985} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x00408000 (3c8d000) alogserv.exe C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000205A8 BaseDllName address: 0x00131F10 FullDllName physical address: 3cc95a8 BaseDllName physical address: 3cd9f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F88 BaseDllName address: 0x00131FAC FullDllName physical address: 3cd9f88 BaseDllName physical address: 3cd9fac 0x10000000 0x1000D000 (3d98000) ACTILOG.dll C:\Program Files\McAfee\McAfee VirusScan\ACTILOG.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327C0 BaseDllName address: 0x00132400 FullDllName physical address: 3cba7c0 BaseDllName physical address: 3cba400 0x77E80000 0x77F35000 (58b4000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x00132888 FullDllName physical address: 3cba420 BaseDllName physical address: 3cba888 0x77E10000 0x77E74000 (5a02000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132938 BaseDllName address: 0x00132918 FullDllName physical address: 3cba938 BaseDllName physical address: 3cba918 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001329F0 BaseDllName address: 0x001329D0 FullDllName physical address: 3cba9f0 BaseDllName physical address: 3cba9d0 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132AA8 BaseDllName address: 0x00132A80 FullDllName physical address: 3cbaaa8 BaseDllName physical address: 3cbaa80 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132B60 BaseDllName address: 0x00132B40 FullDllName physical address: 3cbab60 BaseDllName physical address: 3cbab40 0x00B40000 0x00B4A000 (40bd000) WMHook.dll C:\Program Files\Sony\Jog Dial Utility\WMHook.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00134EB8 BaseDllName address: 0x00132BF8 FullDllName physical address: 3e32eb8 BaseDllName physical address: 3cbabf8 Thread List Head: 0xFF188070 THREAD: 0xFF188DA0 (0x3c42da0) Cid: 3e0.3dc CreateTime: 0x1c569dfa3508bd0 2005-06-05 15:02:48Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(3cec000) ThreadsProcess: 0xFF188020 alogserv.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE2014268 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF188DFC Contents: FF18253C:FF28E07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF188E0C(3c42e0c) PostBlockList: 0xFF188F64:FF188F64 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x00402560 C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7DE3000 Stack Limit: 0xF7DDF000 Kernel Stack: 0xF7DE2C20(Paged< 0:99c000> NA NA NA ) Resident: 0 User stack base: 0x00130000(3cd5000 3e46000 ) User stack Limit: 0x0012E000 THREAD: 0xFF180BE0 (0x98dbe0) Cid: 3e0.408 CreateTime: 0x1c569dfa4267a10 2005-06-05 15:02:50Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(4037000) ThreadsProcess: 0xFF188020 alogserv.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF180C3C Contents: FF14D07C:FF1D56BC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF180C4C(98dc4c) PostBlockList: 0xFF180DA4:FF180DA4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x00401300 C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B14000 Stack Limit: 0xF7B11000 Kernel Stack: 0xF7B13930(Paged< 0:643000> NA NA ) Resident: 0 User stack base: 0x00AC0000(4013000 4065000 ) User stack Limit: 0x00ABE000 + 3f4 tgcmd.exe Source: from_active_process_list Eprocess Block: 0xFF184100 (0x3e2f0e4) CreateTime: 0x1c569dfa3c01880 2005-06-05 15:02:49Z SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x3e9c000 Process Environment Block: 0x7FFDF000 (3ee2000) Loader module block: 0x00131E90 (3ee200c) Command Line: Section: 0xE13AC5F0 (0x2b2c5f0) Section Base Address: 0x00400000 () SectionBasedAddress: 0x099DBC28 ) SizeOfSegment: 0xa5000 SectionFileName: \Program Files\Support.com\Client\bin\tgcmd.exe 0xe1eae1e8 (0x48571e8) Handle Table: 0xFF1858E8 (0x3e218e8) Count: 198 TableCode: 0xE204C000 Process exiting: 0 VAD Root: 0xFF1821C8(3f5b1c8) Private: 353 Modified: 2600 Locked: 0 AccessToken: 0xE204A350(3e90350) SecurityDescriptor: 0xE12CA398(1941398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,21898} ParentToken ID: {0,0} Modified ID: {0,1d985} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x004A5000 (1) tgcmd.exe <Paged: 0:6535a8> Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000205A8 BaseDllName address: 0x00131F10 FullDllName physical address: 6535a8 BaseDllName physical address: 3ed6f10 0x77F80000 0x77FFA000 (1) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 3ed6f80 BaseDllName physical address: 3ed6fa4 0x75050000 0x75058000 (1) WSOCK32.dll C:\WINNT\System32\WSOCK32.dll Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132418 BaseDllName address: 0x001323F8 FullDllName physical address: 3ed7418 BaseDllName physical address: 3ed73f8 0x77E80000 0x77F35000 (1) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132828 BaseDllName address: 0x00132800 FullDllName physical address: 3ed7828 BaseDllName physical address: 3ed7800 0x75030000 0x75044000 (1) WS2_32.DLL C:\WINNT\System32\WS2_32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001328E0 BaseDllName address: 0x001328C0 FullDllName physical address: 3ed78e0 BaseDllName physical address: 3ed78c0 0x78000000 0x78046000 (1) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132998 BaseDllName address: 0x00132978 FullDllName physical address: 3ed7998 BaseDllName physical address: 3ed7978 0x77DB0000 0x77E0A000 (1) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132A70 BaseDllName address: 0x00132A48 FullDllName physical address: 3ed7a70 BaseDllName physical address: 3ed7a48 0x77D40000 0x77DB0000 (1) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132B28 BaseDllName address: 0x00132B08 FullDllName physical address: 3ed7b28 BaseDllName physical address: 3ed7b08 0x75020000 0x75028000 (1) WS2HELP.DLL C:\WINNT\System32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132BE0 BaseDllName address: 0x00132BC0 FullDllName physical address: 3ed7be0 BaseDllName physical address: 3ed7bc0 0x77E10000 0x77E74000 (1) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132C98 BaseDllName address: 0x00132C78 FullDllName physical address: 3ed7c98 BaseDllName physical address: 3ed7c78 0x77F40000 0x77F7C000 (1) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132D50 BaseDllName address: 0x00132D30 FullDllName physical address: 3ed7d50 BaseDllName physical address: 3ed7d30 0x69800000 0x69A42000 (1) SHELL32.dll C:\WINNT\system32\SHELL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132E00 BaseDllName address: 0x00132DE0 FullDllName physical address: 3ed7e00 BaseDllName physical address: 3ed7de0 0x77C70000 0x77CBA000 (1) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132EB8 BaseDllName address: 0x00132E98 FullDllName physical address: 3ed7eb8 BaseDllName physical address: 3ed7e98 0x77B50000 0x77BD9000 (1) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132F78 BaseDllName address: 0x00132F50 FullDllName physical address: 3ed7f78 BaseDllName physical address: 3ed7f50 0x77A50000 0x77B45000 (1) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133030 BaseDllName address: 0x00133010 FullDllName physical address: 3fbd030 BaseDllName physical address: 3fbd010 0x779B0000 0x77A45000 (1) OLEAUT32.dll C:\WINNT\system32\OLEAUT32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001330E8 BaseDllName address: 0x001330C0 FullDllName physical address: 3fbd0e8 BaseDllName physical address: 3fbd0c0 0x60F30000 0x60F5D000 (1) SSLEAY32.dll C:\Program Files\Support.com\Client\bin\SSLEAY32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133328 BaseDllName address: 0x00133180 FullDllName physical address: 3fbd328 BaseDllName physical address: 3fbd180 0x60F60000 0x60FF3000 (1) LIBEAY32.dll C:\Program Files\Support.com\Client\bin\LIBEAY32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133418 BaseDllName address: 0x001333F0 FullDllName physical address: 3fbd418 BaseDllName physical address: 3fbd3f0 0x75170000 0x751BF000 (1) NETAPI32.dll C:\WINNT\System32\NETAPI32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001331A8 BaseDllName address: 0x001334E0 FullDllName physical address: 3fbd1a8 BaseDllName physical address: 3fbd4e0 0x77BE0000 0x77BEF000 (1) SECUR32.DLL C:\WINNT\System32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133578 BaseDllName address: 0x00133558 FullDllName physical address: 3fbd578 BaseDllName physical address: 3fbd558 0x751C0000 0x751C6000 (1) NETRAP.DLL C:\WINNT\System32\NETRAP.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133630 BaseDllName address: 0x00133610 FullDllName physical address: 3fbd630 BaseDllName physical address: 3fbd610 0x75150000 0x7515F000 (1) SAMLIB.DLL C:\WINNT\System32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001336E8 BaseDllName address: 0x001336C8 FullDllName physical address: 3fbd6e8 BaseDllName physical address: 3fbd6c8 0x77950000 0x77979000 (1) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001337A0 BaseDllName address: 0x00133780 FullDllName physical address: 3fbd7a0 BaseDllName physical address: 3fbd780 0x77980000 0x779A4000 (1) DNSAPI.DLL C:\WINNT\System32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133858 BaseDllName address: 0x00133838 FullDllName physical address: 3fbd858 BaseDllName physical address: 3fbd838 0x76C00000 0x76C74000 (1) WININET.DLL C:\WINNT\system32\WININET.DLL Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00136A70 BaseDllName address: 0x00136A50 FullDllName physical address: 6c51a70 BaseDllName physical address: 6c51a50 0x1A400000 0x1A471000 (1) URLMON.DLL C:\WINNT\system32\URLMON.DLL Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001380E8 BaseDllName address: 0x001380C8 FullDllName physical address: b480e8 BaseDllName physical address: b480c8 0x77820000 0x77827000 (1) VERSION.DLL C:\WINNT\system32\VERSION.DLL Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001381A0 BaseDllName address: 0x00138180 FullDllName physical address: b481a0 BaseDllName physical address: b48180 0x759B0000 0x759B6000 (1) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00136950 BaseDllName address: 0x00138238 FullDllName physical address: 6c51950 BaseDllName physical address: b48238 0x774E0000 0x77512000 (1) RASAPI32.DLL C:\WINNT\System32\RASAPI32.DLL Flags: 0xc4004 LoadCount: 0x12 TlsIndex: 0 FullDllName virtual address: 0x001406D8 BaseDllName address: 0x001396A0 FullDllName physical address: a666d8 BaseDllName physical address: c536a0 0x774C0000 0x774D1000 (1) RASMAN.DLL C:\WINNT\System32\RASMAN.DLL Flags: 0xc4006 LoadCount: 0x12 TlsIndex: 0 FullDllName virtual address: 0x00140B88 BaseDllName address: 0x001396C8 FullDllName physical address: a66b88 BaseDllName physical address: c536c8 0x77530000 0x77552000 (1) TAPI32.DLL C:\WINNT\System32\TAPI32.DLL Flags: 0x84006 LoadCount: 0x12 TlsIndex: 0 FullDllName virtual address: 0x00140C40 BaseDllName address: 0x00140C20 FullDllName physical address: a66c40 BaseDllName physical address: a66c20 0x77830000 0x7783E000 (1) RTUTILS.DLL C:\WINNT\System32\RTUTILS.DLL Flags: 0xc4004 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00141100 BaseDllName address: 0x001410E0 FullDllName physical address: a6a100 BaseDllName physical address: a6a0e0 0x75AB0000 0x75AB5000 (1) sensapi.dll C:\WINNT\System32\sensapi.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00141848 BaseDllName address: 0x001418B8 FullDllName physical address: a6a848 BaseDllName physical address: a6a8b8 0x77C10000 0x77C6D000 (1) USERENV.DLL C:\WINNT\System32\USERENV.DLL Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00146278 BaseDllName address: 0x00141958 FullDllName physical address: bff278 BaseDllName physical address: a6a958 0x78280000 0x7828C000 (1) rnr20.dll C:\WINNT\System32\rnr20.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001465F8 BaseDllName address: 0x00146638 FullDllName physical address: bff5f8 BaseDllName physical address: bff638 0x74FD0000 0x74FED000 (1) msafd.dll C:\WINNT\system32\msafd.dll Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00145E38 BaseDllName address: 0x001465B0 FullDllName physical address: be0e38 BaseDllName physical address: bff5b0 0x77340000 0x77353000 (1) IPHLPAPI.DLL C:\WINNT\System32\IPHLPAPI.DLL Flags: 0xc4006 LoadCount: 0x5 TlsIndex: 0 FullDllName virtual address: 0x00145CC8 BaseDllName address: 0x00141890 FullDllName physical address: be0cc8 BaseDllName physical address: a6a890 0x77520000 0x77525000 (1) ICMP.DLL C:\WINNT\System32\ICMP.DLL Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 FullDllName virtual address: 0x00145F38 BaseDllName address: 0x00145F18 FullDllName physical address: be0f38 BaseDllName physical address: be0f18 0x77320000 0x77337000 (1) MPRAPI.DLL C:\WINNT\System32\MPRAPI.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00145FE8 BaseDllName address: 0x00145FC8 FullDllName physical address: bff000 BaseDllName physical address: be0fc8 0x773B0000 0x773DE000 (1) ACTIVEDS.DLL C:\WINNT\System32\ACTIVEDS.DLL Flags: 0xc4006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00146080 BaseDllName address: 0x001465D0 FullDllName physical address: bff080 BaseDllName physical address: bff5d0 0x77380000 0x773A2000 (1) ADSLDPC.DLL C:\WINNT\System32\ADSLDPC.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x00146138 BaseDllName address: 0x00146118 FullDllName physical address: bff138 BaseDllName physical address: bff118 0x77880000 0x7790D000 (1) SETUPAPI.DLL C:\WINNT\System32\SETUPAPI.DLL Flags: 0x84006 LoadCount: 0x3 TlsIndex: 0 FullDllName virtual address: 0x001461D0 BaseDllName address: 0x00146880 FullDllName physical address: bff1d0 BaseDllName physical address: bff880 0x77360000 0x77379000 (1) DHCPCSVC.DLL C:\WINNT\System32\DHCPCSVC.DLL Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x001478A8 BaseDllName address: 0x001418D8 FullDllName physical address: b3c8a8 BaseDllName physical address: a6a8d8 0x691D0000 0x69255000 (1) CLBCATQ.DLL C:\WINNT\System32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00147AA0 BaseDllName address: 0x00147A80 FullDllName physical address: b3caa0 BaseDllName physical address: b3ca80 0x777E0000 0x777E8000 (1) <Paged: 0:660080> C:\WINNT\System32\winrnr.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014D958 BaseDllName address: 0x00149080 FullDllName physical address: 470a958 BaseDllName physical address: 660080 0x777F0000 0x777F5000 (1) rasadhlp.dll C:\WINNT\System32\rasadhlp.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00146820 BaseDllName address: 0x0014C470 FullDllName physical address: bff820 BaseDllName physical address: 46bf470 0x75010000 0x75017000 (1) wshtcpip.dll C:\WINNT\System32\wshtcpip.dll Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0014EEC0 BaseDllName address: 0x0014EF08 FullDllName physical address: 48d2ec0 BaseDllName physical address: 48d2f08 0x75090000 0x750A0000 (1) mpr.dll C:\WINNT\system32\mpr.dll Flags: 0xc4004 LoadCount: 0x12 TlsIndex: 0 FullDllName virtual address: 0x0014C320 BaseDllName address: 0x0014D6E0 FullDllName physical address: 46bf320 BaseDllName physical address: 470a6e0 0x10000000 0x1000A000 (1) WMHook.dll C:\Program Files\Sony\Jog Dial Utility\WMHook.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00145BE8 BaseDllName address: 0x0014D9C8 FullDllName physical address: be0be8 BaseDllName physical address: 470a9c8 Thread List Head: 0xFF184150 THREAD: 0xFF183020 (0x3ec4020) Cid: 3f4.3f0 CreateTime: 0x1c569dfa3c19fb0 2005-06-05 15:02:49Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(0) ThreadsProcess: 0xFF184100 tgcmd.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE2044508 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF18307C Contents: FF1738FC:FF13E07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18308C(3ec408c) PostBlockList: 0xE1EC15F0:E202CC30 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x0040FB59 <Paged: 0:6535a8> Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF79AD000 Stack Limit: 0xF79AA000 Kernel Stack: 0xF79AC930(42f5000 NA NA ) Resident: 0 THREAD: 0xFF1738A0 (0x25c58a0) Cid: 3f4.420 CreateTime: 0x1c569dfa6f19dd0 2005-06-05 15:02:54Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(0) ThreadsProcess: 0xFF184100 tgcmd.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1738FC Contents: FF16FC7C:FF18307C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1A5828(3524828) PostBlockList: 0xFF173A64:FF173A64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x778321FE C:\WINNT\System32\RTUTILS.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF80E7000 Stack Limit: 0xF80E4000 Kernel Stack: 0xF80E6930(3e6000 NA NA ) Resident: 0 THREAD: 0xFF16FC20 (0x4591c20) Cid: 3f4.42c CreateTime: 0x1c569dfa79e4a00 2005-06-05 15:02:56Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDC000(0) ThreadsProcess: 0xFF184100 tgcmd.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF16FC7C Contents: FF16F6FC:FF1738FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF16FC8C(4591c8c) PostBlockList: 0xE2020310:E202C250 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x0040F2CB <Paged: 0:6535a8> Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7AF7000 Stack Limit: 0xF7AF4000 Kernel Stack: 0xF7AF6CA0(45b5000 NA NA ) Resident: 0 THREAD: 0xFF16F960 (0x4591960) Cid: 3f4.430 CreateTime: 0x1c569dfa79e4a00 2005-06-05 15:02:56Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDB000(465a000) ThreadsProcess: 0xFF184100 tgcmd.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF16F9BC Contents: FCA33DBC:FCA371FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1608A8(7088a8) PostBlockList: 0xE1353250:E2053010 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x0040F2CB <Paged: 0:6535a8> Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7AF3000 Stack Limit: 0xF7AF0000 Kernel Stack: 0xF7AF2930(19000 NA NA ) Resident: 0 User stack base: 0x012C0000(4722000 7dc3000 55f8000 55ff000 5044000 ) User stack Limit: 0x012BB000 THREAD: 0xFF16F6A0 (0x45916a0) Cid: 3f4.434 CreateTime: 0x1c569dfa79e4a00 2005-06-05 15:02:56Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDA000(7d9e000) ThreadsProcess: 0xFF184100 tgcmd.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE20A9CA8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF16F6FC Contents: FF16F37C:FF16FC7C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF19BF88(384af88) PostBlockList: 0xFF16F864:FF16F864 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x0040F2CB <Paged: 0:6535a8> Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF78C5000 Stack Limit: 0xF78C2000 Kernel Stack: 0xF78C4930(5646000 NA NA ) Resident: 0 User stack base: 0x013C0000(4648000 7d3b000 Paged< 0:55d000> Paged< 0:508000> Paged< 0:509000> Paged< 0:50a000> Paged< 0:50b000> Paged< 0:50c000> Paged< 0:50d000> Paged< 0:50e000> Paged< 0:50f000> Paged< 0:510000> Paged< 0:511000> Paged< 0:512000> Paged< 0:513000> Paged< 0:514000> Paged< 0:515000> Paged< 0:516000> Paged< 0:550000> ) User stack Limit: 0x013AD000 THREAD: 0xFF16F320 (0x4591320) Cid: 3f4.438 CreateTime: 0x1c569dfa79fd130 2005-06-05 15:02:56Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD9000(0) ThreadsProcess: 0xFF184100 tgcmd.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF16F37C Contents: FF16A1BC:FF16F6FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF16F38C(459138c) PostBlockList: 0xFF16F4E4:FF16F4E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x0040F2CB <Paged: 0:6535a8> Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7AEB000 Stack Limit: 0xF7AE8000 Kernel Stack: 0xF7AEACA0(746000 NA NA ) Resident: 0 THREAD: 0xFF16A160 (0x51c8160) Cid: 3f4.444 CreateTime: 0x1c569dfa8032460 2005-06-05 15:02:56Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD7000(0) ThreadsProcess: 0xFF184100 tgcmd.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Alertable WaitListHead: 0xFF16A1BC Contents: FF1CE89C:FF16F37C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF16A1CC(51c81cc) PostBlockList: 0xFF16A324:FF16A324 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x7517B646 C:\WINNT\System32\NETAPI32.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7AE3000 Stack Limit: 0xF7AE0000 Kernel Stack: 0xF7AE2930(548c000 NA NA ) Resident: 0 THREAD: 0xFF133DA0 (0x6673da0) Cid: 3f4.2e0 CreateTime: 0x1c569e1e83455c0 2005-06-05 15:19:03Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD6000(3073000) ThreadsProcess: 0xFF184100 tgcmd.exe Priority: 9 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrQueue) UserMode Non-Alertable WaitListHead: 0xFF133DFC Contents: FF22C27C:FF28F67C Queue List: 0xFCD4A900:FCD4A900 WaitBlockList: 0xFF133E0C(6673e0c) PostBlockList: 0xFF133F64:FF133F64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x74FD54A2 C:\WINNT\system32\msafd.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF76A9000 Stack Limit: 0xF76A6000 Kernel Stack: 0xF76A8C90(NA NA Paged< 0:297000> ) Resident: 0 User stack base: 0x019F0000(2254000 ) User stack Limit: 0x019EF000 + 3fc Apntex.exe Source: from_active_process_list Eprocess Block: 0xFF1827E0 (0x3f5b7c4) CreateTime: 0x1c569dfa40f8e40 2005-06-05 15:02:50Z SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x3faf000 Process Environment Block: 0x7FFDF000 (3fb4000) Loader module block: 0x00131E90 (3fb400c) Command Line: "Apntex.exe" Section: 0xE12FB190 (0x19ef190) Section Base Address: 0x00400000 (3de2000) SectionBasedAddress: 0x099BCC20 ) SizeOfSegment: 0x8000 SectionFileName: \Program Files\Apoint\Apntex.exe 0xe1ffe4c8 (0x3da14c8) Handle Table: 0xFF1CAEE8 (0x2d33ee8) Count: 24 TableCode: 0xE2073000 Process exiting: 0 VAD Root: 0xFF186288(3d57288) Private: 88 Modified: 0 Locked: 0 AccessToken: 0xE2072030(3fcc030) SecurityDescriptor: 0xE12CA398(1941398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,21b74} ParentToken ID: {0,0} Modified ID: {0,ee03} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x00408000 (3de2000) Apntex.exe C:\Program Files\Apoint\Apntex.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00020588 BaseDllName address: 0x00131F10 FullDllName physical address: 3fb9588 BaseDllName physical address: 3fe8f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 3fe8f80 BaseDllName physical address: 3fe8fa4 0x77E80000 0x77F35000 (58b4000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x001323F8 FullDllName physical address: 3de9420 BaseDllName physical address: 3de93f8 0x77E10000 0x77E74000 (5a02000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324F0 BaseDllName address: 0x001324D0 FullDllName physical address: 3de94f0 BaseDllName physical address: 3de94d0 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001325A8 BaseDllName address: 0x00132588 FullDllName physical address: 3de95a8 BaseDllName physical address: 3de9588 0x10000000 0x1000A000 (39b5000) VXDIF.DLL C:\WINNT\System32\VXDIF.DLL Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00133548 BaseDllName address: 0x00133588 FullDllName physical address: 3f6c548 BaseDllName physical address: 3f6c588 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x001335F8 BaseDllName address: 0x00133038 FullDllName physical address: 3f6c5f8 BaseDllName physical address: 3f6c038 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001336B0 BaseDllName address: 0x00133690 FullDllName physical address: 3f6c6b0 BaseDllName physical address: 3f6c690 0x009C0000 0x009CA000 (40bd000) WMHook.dll C:\Program Files\Sony\Jog Dial Utility\WMHook.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00134C58 BaseDllName address: 0x00134CC8 FullDllName physical address: 3f78c58 BaseDllName physical address: 3f78cc8 Thread List Head: 0xFF182830 THREAD: 0xFF1824E0 (0x3f5b4e0) Cid: 3fc.3f8 CreateTime: 0x1c569dfa40f8e40 2005-06-05 15:02:50Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(3fd6000) ThreadsProcess: 0xFF1827E0 Apntex.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F0D008 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF18253C Contents: FF226A1C:FF188DFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18254C(3f5b54c) PostBlockList: 0xFF1826A4:FF1826A4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x004014E0 C:\Program Files\Apoint\Apntex.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7BF3000 Stack Limit: 0xF7BEF000 Kernel Stack: 0xF7BF2C20(Paged< 0:99b000> NA NA NA ) Resident: 0 User stack base: 0x00130000(3fe6000 3e0b000 ) User stack Limit: 0x0012E000 THREAD: 0xFF185020 (0x3e21020) Cid: 3fc.3e8 CreateTime: 0x1c569dfa4129ca0 2005-06-05 15:02:50Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(3e16000) ThreadsProcess: 0xFF1827E0 Apntex.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1D61008 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF18507C Contents: FCA2D07C:FF12E8FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF18508C(3e2108c) PostBlockList: 0xFF1851E4:FF1851E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x004011E0 C:\Program Files\Apoint\Apntex.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF77E5000 Stack Limit: 0xF77E2000 Kernel Stack: 0xF77E4CA0(4387000 NA NA ) Resident: 0 User stack base: 0x009B0000(3f59000 3e3b000 ) User stack Limit: 0x009AE000 + 428 PcfMgr.exe Source: from_active_process_list Eprocess Block: 0xFF177AC0 (0x5901aa4) CreateTime: 0x1c569dfa5336b10 2005-06-05 15:02:52Z SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x58aa000 Process Environment Block: 0x7FFDF000 (58f0000) Loader module block: 0x00131E90 (58f000c) Command Line: "C:\Program Files\PowerPanel\Program\PcfMgr.exe" /launch Section: 0xE130D970 (0x1a30970) Section Base Address: 0x00400000 (43ed000) SectionBasedAddress: 0x2E9FF430 ) SizeOfSegment: 0xc5000 SectionFileName: \Program Files\PowerPanel\Program\PcfMgr.exe 0xe137daa8 (0x28e0aa8) Handle Table: 0xFF18D248 (0x3a3f248) Count: 120 TableCode: 0xE2088000 Process exiting: 0 VAD Root: 0xFF15BD48(65f9d48) Private: 540 Modified: 1 Locked: 0 AccessToken: 0xE20879D0(58a39d0) SecurityDescriptor: 0xE12CA398(1941398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,22473} ParentToken ID: {0,0} Modified ID: {0,29956} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x004C5000 (43ed000) PcfMgr.exe C:\Program Files\PowerPanel\Program\PcfMgr.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x000205D8 BaseDllName address: 0x00131F10 FullDllName physical address: 58cc5d8 BaseDllName physical address: 5903f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 5903f80 BaseDllName physical address: 5903fa4 0x77570000 0x775A0000 (7cd4000) WINMM.dll C:\WINNT\System32\WINMM.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132418 BaseDllName address: 0x001323F8 FullDllName physical address: 58e4418 BaseDllName physical address: 58e43f8 0x77E10000 0x77E74000 (5a02000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132848 BaseDllName address: 0x00132828 FullDllName physical address: 58e4848 BaseDllName physical address: 58e4828 0x77E80000 0x77F35000 (58b4000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132908 BaseDllName address: 0x001328E0 FullDllName physical address: 58e4908 BaseDllName physical address: 58e48e0 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001329C0 BaseDllName address: 0x001329A0 FullDllName physical address: 58e49c0 BaseDllName physical address: 58e49a0 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132A78 BaseDllName address: 0x00132A50 FullDllName physical address: 58e4a78 BaseDllName physical address: 58e4a50 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132B30 BaseDllName address: 0x00132B10 FullDllName physical address: 58e4b30 BaseDllName physical address: 58e4b10 0x76B30000 0x76B6E000 (5921000) comdlg32.dll C:\WINNT\system32\comdlg32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132C08 BaseDllName address: 0x00132BE0 FullDllName physical address: 58e4c08 BaseDllName physical address: 58e4be0 0x77C70000 0x77CBA000 (59ba000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132CC0 BaseDllName address: 0x00132CA0 FullDllName physical address: 58e4cc0 BaseDllName physical address: 58e4ca0 0x77B50000 0x77BD9000 (59cb000) COMCTL32.DLL C:\WINNT\system32\COMCTL32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132D80 BaseDllName address: 0x00132D58 FullDllName physical address: 58e4d80 BaseDllName physical address: 58e4d58 0x69800000 0x69A42000 (592f000) SHELL32.DLL C:\WINNT\system32\SHELL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132E38 BaseDllName address: 0x00132E18 FullDllName physical address: 58e4e38 BaseDllName physical address: 58e4e18 0x78000000 0x78046000 (59bc000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132EF0 BaseDllName address: 0x00132ED0 FullDllName physical address: 58e4ef0 BaseDllName physical address: 58e4ed0 0x77800000 0x7781D000 (53a9000) WINSPOOL.DRV C:\WINNT\System32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132FB0 BaseDllName address: 0x00132F88 FullDllName physical address: 58e4fb0 BaseDllName physical address: 58e4f88 0x752F0000 0x7530F000 (598b000) oledlg.dll C:\WINNT\System32\oledlg.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001331D0 BaseDllName address: 0x001331B0 FullDllName physical address: 596a1d0 BaseDllName physical address: 596a1b0 0x77A50000 0x77B45000 (58c9000) OLE32.DLL C:\WINNT\system32\OLE32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133288 BaseDllName address: 0x00133268 FullDllName physical address: 596a288 BaseDllName physical address: 596a268 0x779B0000 0x77A45000 (58fa000) OLEAUT32.dll C:\WINNT\system32\OLEAUT32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133340 BaseDllName address: 0x00133318 FullDllName physical address: 596a340 BaseDllName physical address: 596a318 0x691D0000 0x69255000 (d00000) CLBCATQ.DLL C:\WINNT\System32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0015B568 BaseDllName address: 0x00135248 FullDllName physical address: bf8568 BaseDllName physical address: 59d9248 0x10000000 0x1018D000 (4548000) UILib.dll C:\PROGRA~1\COMMON~1\SONYSH~1\UILIBR~1\UILib.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00162460 BaseDllName address: 0x001624D0 FullDllName physical address: 149460 BaseDllName physical address: 1494d0 0x77820000 0x77827000 (59a7000) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00162560 BaseDllName address: 0x00162540 FullDllName physical address: 149560 BaseDllName physical address: 149540 0x759B0000 0x759B6000 (5898000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00162618 BaseDllName address: 0x001625F8 FullDllName physical address: 149618 BaseDllName physical address: 1495f8 0x00F30000 0x00FB7000 (3a7000) gold.dll C:\Program Files\Common Files\Sony Shared\UILibrary\Tastes\gold.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00164B40 BaseDllName address: 0x00164AA0 FullDllName physical address: 5deb40 BaseDllName physical address: 5deaa0 0x01100000 0x01150000 (44b6000) EngPM.dll C:\Program Files\PowerPanel\Program\EngPM.dll Flags: 0x204004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0016AE18 BaseDllName address: 0x00165618 FullDllName physical address: 6bb4e18 BaseDllName physical address: fc3618 0x01150000 0x01164000 (50a0000) PMDM.dll C:\Program Files\PowerPanel\PROGRAM\PMDM.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0016B050 BaseDllName address: 0x0016B110 FullDllName physical address: 4be6050 BaseDllName physical address: 4be6110 0x01180000 0x01186000 (1a87000) EngDM.DLL C:\Program Files\PowerPanel\Program\EngDM.DLL Flags: 0x204004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00177D38 BaseDllName address: 0x001568B0 FullDllName physical address: 51b1d38 BaseDllName physical address: 44d18b0 0x01190000 0x011BA000 (7b64000) PTLACPI.DLL C:\Program Files\PowerPanel\Program\PTLACPI.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00177DA0 BaseDllName address: 0x0016B288 FullDllName physical address: 51b1da0 BaseDllName physical address: 4be6288 0x770B0000 0x770B7000 (2917000) CFGMGR32.dll C:\WINNT\System32\CFGMGR32.dll Flags: 0x4006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0016AEF8 BaseDllName address: 0x00175288 FullDllName physical address: 6bb4ef8 BaseDllName physical address: 4de6288 0x77880000 0x7790D000 (7ce6000) setupapi.dll C:\WINNT\System32\setupapi.dll Flags: 0x84004 LoadCount: 0x8 TlsIndex: 0 FullDllName virtual address: 0x0016D190 BaseDllName address: 0x0016B5A0 FullDllName physical address: 4f64190 BaseDllName physical address: 4be65a0 0x77C10000 0x77C6D000 (7606000) USERENV.DLL C:\WINNT\System32\USERENV.DLL Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 FullDllName virtual address: 0x00176BB8 BaseDllName address: 0x0015C950 FullDllName physical address: 5810bb8 BaseDllName physical address: f58950 0x766F0000 0x766F7000 (25b8000) PowrProf.Dll C:\WINNT\System32\PowrProf.Dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0016AFA8 BaseDllName address: 0x0016B5C8 FullDllName physical address: 6bb4fa8 BaseDllName physical address: 4be65c8 0x015D0000 0x015DE000 (261000) SnyUtils.dll C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0016CD50 BaseDllName address: 0x00176B90 FullDllName physical address: 5482d50 BaseDllName physical address: 5810b90 0x6C370000 0x6C462000 (39c8000) MFC42.DLL C:\WINNT\System32\MFC42.DLL Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00156A00 BaseDllName address: 0x00177360 FullDllName physical address: 44d1a00 BaseDllName physical address: 51b1360 0x5FD00000 0x5FD0D000 (637e000) MFC42LOC.DLL C:\WINNT\System32\MFC42LOC.DLL Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0016D148 BaseDllName address: 0x00177CF0 FullDllName physical address: 4f64148 BaseDllName physical address: 51b1cf0 0x015E0000 0x015FE000 (4724000) sxbios.dll C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll Flags: 0x284004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00164AC0 BaseDllName address: 0x00177D18 FullDllName physical address: 5deac0 BaseDllName physical address: 51b1d18 0x77840000 0x7787C000 (2654000) cscui.dll C:\WINNT\System32\cscui.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0016D108 BaseDllName address: 0x0016F820 FullDllName physical address: 4f64108 BaseDllName physical address: 5425820 0x770C0000 0x770E3000 (a67000) CSCDLL.DLL C:\WINNT\System32\CSCDLL.DLL Flags: 0x84006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x00176A68 BaseDllName address: 0x00173890 FullDllName physical address: 5810a68 BaseDllName physical address: 3420890 0x01860000 0x0186A000 (40bd000) WMHook.dll C:\Program Files\Sony\Jog Dial Utility\WMHook.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0016D1D8 BaseDllName address: 0x00176B70 FullDllName physical address: 4f641d8 BaseDllName physical address: 5810b70 0x77560000 0x77569000 (4551000) wdmaud.drv C:\WINNT\System32\wdmaud.drv Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x00176778 BaseDllName address: 0x0016FAC0 FullDllName physical address: 5810778 BaseDllName physical address: 5425ac0 0x01AD0000 0x01AEF000 (2b4e000) BSACPICM.DLL C:\Program Files\PowerPanel\Program\BSACPICM.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00176C00 BaseDllName address: 0x0016E960 FullDllName physical address: 5810c00 BaseDllName physical address: 2980960 0x01C00000 0x01C24000 (30e6000) BSNTSBS.DLL C:\Program Files\PowerPanel\Program\BSNTSBS.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00172648 BaseDllName address: 0x00171C28 FullDllName physical address: 337a648 BaseDllName physical address: 4080c28 Thread List Head: 0xFF177B10 THREAD: 0xFF177740 (0x5901740) Cid: 428.424 CreateTime: 0x1c569dfa534f240 2005-06-05 15:02:52Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(58b2000) ThreadsProcess: 0xFF177AC0 PcfMgr.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE20862C8 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF17779C Contents: FF1B16FC:FCDFD23C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1777AC(59017ac) PostBlockList: 0xE12B1E30:E131C710 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x00437C03 C:\Program Files\PowerPanel\Program\PcfMgr.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF796D000 Stack Limit: 0xF7969000 Kernel Stack: 0xF796CC20(59ce000 1fe1000 5282000 547d000 ) Resident: 1 User stack base: 0x00130000(58bd000 59bb000 343000 7e7000 4891000 ) User stack Limit: 0x0012B000 THREAD: 0xFF15FC60 (0x54efc60) Cid: 428.3e4 CreateTime: 0x1c569dfaafc1fc0 2005-06-05 15:03:01Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDC000(5323000) ThreadsProcess: 0xFF177AC0 PcfMgr.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF15FCBC Contents: FF21107C:FF15957C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF15FCCC(54efccc) PostBlockList: 0xFF15FE24:FF15FE24 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x015D4420 C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF8027000 Stack Limit: 0xF8024000 Kernel Stack: 0xF8026CA0(4d22000 5190000 4e71000 ) Resident: 1 User stack base: 0x01810000(4044000 ) User stack Limit: 0x0180F000 THREAD: 0xFF14D020 (0x1fdf020) Cid: 428.454 CreateTime: 0x1c569dfae802930 2005-06-05 15:03:07Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDB000(2a26000) ThreadsProcess: 0xFF177AC0 PcfMgr.exe Priority: 15 Base Priority: 15 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF14D07C Contents: FF1D08FC:FF180C3C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF14D08C(1fdf08c) PostBlockList: 0xFF14D1E4:FF14D1E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77562BDF C:\WINNT\System32\wdmaud.drv Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF79D9000 Stack Limit: 0xF79D6000 Kernel Stack: 0xF79D8930(Paged< 0:63b000> NA NA ) Resident: 0 User stack base: 0x01AD0000(2a27000 ) User stack Limit: 0x01ACF000 THREAD: 0xFF134020 (0x58c7020) Cid: 428.2c8 CreateTime: 0x1c569e084a0d660 2005-06-05 15:09:06Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDA000(3560000) ThreadsProcess: 0xFF177AC0 PcfMgr.exe Priority: 9 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE20C5468 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF13407C Contents: FF22721C:FF13907C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF13408C(58c708c) PostBlockList: 0xFF1341E4:FF1341E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL LPC Server thread working on message Id 0xc4d Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF795D000 Stack Limit: 0xF795A000 Kernel Stack: 0xF795CC48(27f000 NA NA ) Resident: 0 User stack base: 0x01D40000(3521000 ) User stack Limit: 0x01D3F000 + 130 helix.exe Source: from_active_process_list Eprocess Block: 0xFF1CB020 (0x2d34004) CreateTime: 0x1c569dfcb980110 2005-06-05 15:03:56Z SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x2ecd000 Process Environment Block: 0x7FFDF000 (2952000) Loader module block: 0x00131E90 (295200c) Command Line: "E:\helix.exe" Section: 0xE13B0DB0 (0x2bf0db0) Section Base Address: 0x00400000 (2eec000) SectionBasedAddress: 0x08D7BCA0 ) SizeOfSegment: 0x26b000 SectionFileName: \helix.exe 0xe132bc68 (0x1a86c68) Handle Table: 0xFF1B3008 (0x2d4d008) Count: 195 TableCode: 0xE1C22000 Process exiting: 0 VAD Root: 0xFF20C4C8(4ece4c8) Private: 4372 Modified: 8311 Locked: 5 AccessToken: 0xE2080830(4663830) SecurityDescriptor: 0xE12CA398(1941398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,35382} ParentToken ID: {0,0} Modified ID: {0,1d985} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x0066B000 (2eec000) helix.exe E:\helix.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00020560 BaseDllName address: 0x00131F10 FullDllName physical address: 2e16560 BaseDllName physical address: 38a3f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 38a3f80 BaseDllName physical address: 38a3fa4 0x77E80000 0x77F35000 (58b4000) KERNEL32.DLL C:\WINNT\system32\KERNEL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x001323F8 FullDllName physical address: 38e4420 BaseDllName physical address: 38e43f8 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324E0 BaseDllName address: 0x001324B8 FullDllName physical address: 38e44e0 BaseDllName physical address: 38e44b8 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132598 BaseDllName address: 0x00132578 FullDllName physical address: 38e4598 BaseDllName physical address: 38e4578 0x77B50000 0x77BD9000 (59cb000) COMCTL32.dll C:\WINNT\system32\COMCTL32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132658 BaseDllName address: 0x00132630 FullDllName physical address: 38e4658 BaseDllName physical address: 38e4630 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132710 BaseDllName address: 0x001326F0 FullDllName physical address: 38e4710 BaseDllName physical address: 38e46f0 0x77E10000 0x77E74000 (5a02000) USER32.DLL C:\WINNT\system32\USER32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327C0 BaseDllName address: 0x001327A0 FullDllName physical address: 38e47c0 BaseDllName physical address: 38e47a0 0x76B30000 0x76B6E000 (5921000) comdlg32.dll C:\WINNT\system32\comdlg32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132880 BaseDllName address: 0x00132858 FullDllName physical address: 38e4880 BaseDllName physical address: 38e4858 0x77C70000 0x77CBA000 (59ba000) SHLWAPI.DLL C:\WINNT\system32\SHLWAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132938 BaseDllName address: 0x00132918 FullDllName physical address: 38e4938 BaseDllName physical address: 38e4918 0x69800000 0x69A42000 (592f000) SHELL32.DLL C:\WINNT\system32\SHELL32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001329F0 BaseDllName address: 0x001329D0 FullDllName physical address: 38e49f0 BaseDllName physical address: 38e49d0 0x78000000 0x78046000 (59bc000) MSVCRT.DLL C:\WINNT\system32\MSVCRT.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132AA8 BaseDllName address: 0x00132A88 FullDllName physical address: 38e4aa8 BaseDllName physical address: 38e4a88 0x77410000 0x77423000 (2d13000) MSACM32.dll C:\WINNT\System32\MSACM32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132B78 BaseDllName address: 0x00132B58 FullDllName physical address: 38e4b78 BaseDllName physical address: 38e4b58 0x77570000 0x775A0000 (7cd4000) WINMM.dll C:\WINNT\System32\WINMM.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132F38 BaseDllName address: 0x00132F18 FullDllName physical address: 38e4f38 BaseDllName physical address: 38e4f18 0x75170000 0x751BF000 (7646000) NETAPI32.dll C:\WINNT\System32\NETAPI32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132FF0 BaseDllName address: 0x00132FC8 FullDllName physical address: 2ab1000 BaseDllName physical address: 38e4fc8 0x77BE0000 0x77BEF000 (75fa000) SECUR32.DLL C:\WINNT\System32\SECUR32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133198 BaseDllName address: 0x00133178 FullDllName physical address: 2ab1198 BaseDllName physical address: 2ab1178 0x751C0000 0x751C6000 (7688000) NETRAP.DLL C:\WINNT\System32\NETRAP.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133250 BaseDllName address: 0x00133230 FullDllName physical address: 2ab1250 BaseDllName physical address: 2ab1230 0x75150000 0x7515F000 (767b000) SAMLIB.DLL C:\WINNT\System32\SAMLIB.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133308 BaseDllName address: 0x001332E8 FullDllName physical address: 2ab1308 BaseDllName physical address: 2ab12e8 0x75030000 0x75044000 (76c5000) WS2_32.DLL C:\WINNT\System32\WS2_32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001333C0 BaseDllName address: 0x001333A0 FullDllName physical address: 2ab13c0 BaseDllName physical address: 2ab13a0 0x75020000 0x75028000 (7666000) WS2HELP.DLL C:\WINNT\System32\WS2HELP.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133478 BaseDllName address: 0x00133458 FullDllName physical address: 2ab1478 BaseDllName physical address: 2ab1458 0x77950000 0x77979000 (5989000) WLDAP32.DLL C:\WINNT\system32\WLDAP32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133530 BaseDllName address: 0x00133510 FullDllName physical address: 2ab1530 BaseDllName physical address: 2ab1510 0x77980000 0x779A4000 (769b000) DNSAPI.DLL C:\WINNT\System32\DNSAPI.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001335E8 BaseDllName address: 0x001335C8 FullDllName physical address: 2ab15e8 BaseDllName physical address: 2ab15c8 0x75050000 0x75058000 (765c000) WSOCK32.DLL C:\WINNT\System32\WSOCK32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001336A0 BaseDllName address: 0x00133680 FullDllName physical address: 2ab16a0 BaseDllName physical address: 2ab1680 0x77A50000 0x77B45000 (58c9000) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133758 BaseDllName address: 0x00133738 FullDllName physical address: 2ab1758 BaseDllName physical address: 2ab1738 0x779B0000 0x77A45000 (58fa000) OLEAUT32.dll C:\WINNT\system32\OLEAUT32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133810 BaseDllName address: 0x001337E8 FullDllName physical address: 2ab1810 BaseDllName physical address: 2ab17e8 0x752F0000 0x7530F000 (598b000) oledlg.dll C:\WINNT\System32\oledlg.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001338C8 BaseDllName address: 0x001338A8 FullDllName physical address: 2ab18c8 BaseDllName physical address: 2ab18a8 0x695E0000 0x69609000 (afe000) OLEPRO32.DLL C:\WINNT\System32\OLEPRO32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133988 BaseDllName address: 0x00133960 FullDllName physical address: 2ab1988 BaseDllName physical address: 2ab1960 0x77820000 0x77827000 (59a7000) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133A40 BaseDllName address: 0x00133A20 FullDllName physical address: 2ab1a40 BaseDllName physical address: 2ab1a20 0x759B0000 0x759B6000 (5898000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133AF8 BaseDllName address: 0x00133AD8 FullDllName physical address: 2ab1af8 BaseDllName physical address: 2ab1ad8 0x76C00000 0x76C74000 (5958000) WININET.dll C:\WINNT\system32\WININET.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133BA8 BaseDllName address: 0x00133B88 FullDllName physical address: 2ab1ba8 BaseDllName physical address: 2ab1b88 0x77800000 0x7781D000 (53a9000) WINSPOOL.DRV C:\WINNT\System32\WINSPOOL.DRV Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133C68 BaseDllName address: 0x00133C40 FullDllName physical address: 2ab1c68 BaseDllName physical address: 2ab1c40 0x10000000 0x1000A000 (40bd000) WMHook.dll C:\Program Files\Sony\Jog Dial Utility\WMHook.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00133D00 BaseDllName address: 0x0015BE38 FullDllName physical address: 2ab1d00 BaseDllName physical address: 3faae38 0x77560000 0x77569000 (4551000) wdmaud.drv C:\WINNT\System32\wdmaud.drv Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 FullDllName virtual address: 0x0016A9F8 BaseDllName address: 0x00136E30 FullDllName physical address: 1a09f8 BaseDllName physical address: 2edce30 0x51080000 0x510D9000 (320b000) dsound.dll C:\WINNT\System32\dsound.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0016EB30 BaseDllName address: 0x0016A9B8 FullDllName physical address: 3204b30 BaseDllName physical address: 1a09b8 0x77400000 0x77408000 (2cff000) msacm32.drv C:\WINNT\System32\msacm32.drv Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0016ED30 BaseDllName address: 0x0017AFD8 FullDllName physical address: 3204d30 BaseDllName physical address: 65a7fd8 0x5EF80000 0x5EF84000 (3038000) KsUser.dll C:\WINNT\System32\KsUser.dll Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0017B5B8 BaseDllName address: 0x0017B180 FullDllName physical address: 7b635b8 BaseDllName physical address: 7b63180 0x691D0000 0x69255000 (d00000) CLBCATQ.DLL C:\WINNT\System32\CLBCATQ.DLL Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00185CF0 BaseDllName address: 0x00185AC8 FullDllName physical address: e53cf0 BaseDllName physical address: e53ac8 0x77840000 0x7787C000 (2654000) cscui.dll C:\WINNT\System32\cscui.dll Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0018A950 BaseDllName address: 0x0018A930 FullDllName physical address: 3c01950 BaseDllName physical address: 3c01930 0x770C0000 0x770E3000 (a67000) CSCDLL.DLL C:\WINNT\System32\CSCDLL.DLL Flags: 0x84006 LoadCount: 0x2 TlsIndex: 0 FullDllName virtual address: 0x0018AA00 BaseDllName address: 0x0018A9E0 FullDllName physical address: 3c01a00 BaseDllName physical address: 3c019e0 0x01FB0000 0x01FDD000 (3c44000) Clipboard.lmd E:\AutoPlay\Plugins\Clipboard\Clipboard.lmd Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00196C40 BaseDllName address: 0x00196CA0 FullDllName physical address: 3c71c40 BaseDllName physical address: 3c71ca0 0x01FF0000 0x02034000 (9a1000) Crypto.lmd E:\AutoPlay\Plugins\Crypto\Crypto.lmd Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00196950 BaseDllName address: 0x00198028 FullDllName physical address: 3c71950 BaseDllName physical address: 762028 0x023B0000 0x023BC000 (42f0000) EzAuto.dll C:\Program Files\Apoint\EzAuto.dll Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0019EBE8 BaseDllName address: 0x0019EC38 FullDllName physical address: 4328be8 BaseDllName physical address: 4328c38 0x033E0000 0x03438000 (1fd0000) ComboBox.apo E:\AutoPlay\Plugins\ComboBox\ComboBox.apo Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0019FB88 BaseDllName address: 0x001B84E8 FullDllName physical address: 37abb88 BaseDllName physical address: 67844e8 0x03450000 0x0349E000 (1e41000) WinButton.apo E:\AutoPlay\Plugins\WinButton\WinButton.apo Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00181178 BaseDllName address: 0x001811D8 FullDllName physical address: 3630178 BaseDllName physical address: 36301d8 0x03C40000 0x03C5A000 (3dff000) Apoint.DLL C:\Program Files\Apoint\Apoint.DLL Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x0019DB78 BaseDllName address: 0x001C60E0 FullDllName physical address: 6739b78 BaseDllName physical address: 31570e0 0x03C60000 0x03C6A000 (39b5000) Vxdif.dll C:\WINNT\System32\Vxdif.dll Flags: 0x284006 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x001C6170 BaseDllName address: 0x001C6150 FullDllName physical address: 3157170 BaseDllName physical address: 3157150 Thread List Head: 0xFF1CB070 THREAD: 0xFF12E8A0 (0x6648a0) Cid: 130.244 CreateTime: 0x1c569dfcb980110 2005-06-05 15:03:56Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(2ef7000) ThreadsProcess: 0xFF1CB020 helix.exe Priority: 10 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE20A2B68 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF12E8FC Contents: FCA2C67C:FF13169C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF12E90C(66490c) PostBlockList: 0xE131C5F0:E210E430 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x006627E0 E:\helix.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7805000 Stack Limit: 0xF77FF000 Kernel Stack: 0xF7804C20(63d7000 NA NA NA NA NA ) Resident: 0 User stack base: 0x00130000(78de000 2f21000 2bb5000 3bab000 d2c000 382c000 ) User stack Limit: 0x0012A000 THREAD: 0xFF12E620 (0x664620) Cid: 130.27c CreateTime: 0x1c569dfcc47bba0 2005-06-05 15:03:57Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDD000(3138000) ThreadsProcess: 0xFF1CB020 helix.exe Priority: 15 Base Priority: 15 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF12E67C Contents: FF12E3FC:FF19407C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF12E68C(66468c) PostBlockList: 0xFF12E7E4:FF12E7E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77562BDF C:\WINNT\System32\wdmaud.drv Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7D3B000 Stack Limit: 0xF7D38000 Kernel Stack: 0xF7D3A930(1ebe000 NA NA ) Resident: 0 User stack base: 0x01630000(31bd000 ) User stack Limit: 0x0162F000 THREAD: 0xFF12E3A0 (0x6643a0) Cid: 130.144 CreateTime: 0x1c569dfcc664b60 2005-06-05 15:03:57Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDC000(269b000) ThreadsProcess: 0xFF1CB020 helix.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF12E3FC Contents: FF111B7C:FF12E67C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF12A008(4932008) PostBlockList: 0xFF12E564:FF12E564 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x510C00B0 C:\WINNT\System32\dsound.dll Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7B5C000 Stack Limit: 0xF7B59000 Kernel Stack: 0xF7B5B930(2ff3000 NA NA ) Resident: 0 User stack base: 0x01740000(6b53000 ) User stack Limit: 0x0173F000 THREAD: 0xFF12A8A0 (0x49328a0) Cid: 130.18c CreateTime: 0x1c569dfcc7284e0 2005-06-05 15:03:57Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDB000(63ab000) ThreadsProcess: 0xFF1CB020 helix.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1EFBAA8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF12A8FC Contents: FF1A48BC:FF18181C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF12A90C(493290c) PostBlockList: 0xFF12AA64:FF12AA64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x510C00B0 C:\WINNT\System32\dsound.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7745000 Stack Limit: 0xF7741000 Kernel Stack: 0xF7744930(3b09000 3aea000 3ae9000 3b0b000 ) Resident: 1 User stack base: 0x01840000(4ba8000 ) User stack Limit: 0x0183F000 THREAD: 0xFF111020 (0x35d6020) Cid: 130.4ec CreateTime: 0x1c569dfcc7d3730 2005-06-05 15:03:57Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDA000(35ca000) ThreadsProcess: 0xFF1CB020 helix.exe Priority: 15 Base Priority: 15 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Non-Alertable WaitListHead: 0xFF11107C Contents: FCDFF8FC:FF24343C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1110D4(35d60d4) PostBlockList: 0xFF1111E4:FF1111E4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x004FF21D E:\helix.exe Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7771000 Stack Limit: 0xF776E000 Kernel Stack: 0xF7770CC4(35ec000 35eb000 35d7000 ) Resident: 1 User stack base: 0x01A40000(35e6000 ) User stack Limit: 0x01A3F000 THREAD: 0xFF111DA0 (0x35d6da0) Cid: 130.300 CreateTime: 0x1c569dfcc7d3730 2005-06-05 15:03:57Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD9000(35e7000) ThreadsProcess: 0xFF1CB020 helix.exe Priority: 10 Base Priority: 10 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(DelayExecution) UserMode Non-Alertable WaitListHead: 0xFF111DFC Contents: 8047F6F8:FCDFF8FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF111E54(35d6e54) PostBlockList: 0xFF111F64:FF111F64 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x004EB57F E:\helix.exe Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF776D000 Stack Limit: 0xF776A000 Kernel Stack: 0xF776CCC4(35e3000 35e5000 35e4000 ) Resident: 1 User stack base: 0x01B40000(35e8000 ) User stack Limit: 0x01B3F000 THREAD: 0xFF111B20 (0x35d6b20) Cid: 130.4f0 CreateTime: 0x1c569dfcc7ebe60 2005-06-05 15:03:57Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD8000(2f4c000) ThreadsProcess: 0xFF1CB020 helix.exe Priority: 10 Base Priority: 10 Priority decrement: 0 Win32Thread: 0xE2017008 Wait:(WrUserRequest) UserMode Non-Alertable WaitListHead: 0xFF111B7C Contents: FCA2B5BC:FF12E3FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF111B8C(35d6b8c) PostBlockList: 0xFF111CE4:FF111CE4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77575BB9 C:\WINNT\System32\WINMM.dll Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF7755000 Stack Limit: 0xF7752000 Kernel Stack: 0xF7754C20(35bb000 NA NA ) Resident: 0 User stack base: 0x01C40000(32e5000 65a5000 ) User stack Limit: 0x01C3E000 THREAD: 0xFF13A800 (0x38ad800) Cid: 130.464 CreateTime: 0x1c569e0a401ef10 2005-06-05 15:09:59Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFD6000(7912000) ThreadsProcess: 0xFF1CB020 helix.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Wait:(WrLpcReceive) UserMode Non-Alertable WaitListHead: 0xFF13A85C Contents: FF22807C:FF1EC8FC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF13A86C(38ad86c) PostBlockList: 0xFF13A9C4:FF13A9C4 Queue: 0x00000000 Start Address: 0x77E83775 C:\WINNT\system32\KERNEL32.DLL Win32 Start Address: 0x77D52BA1 C:\WINNT\system32\RPCRT4.DLL Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0xF7ED6000 Stack Limit: 0xF7ED3000 Kernel Stack: 0xF7ED5C48(5479000 NA NA ) Resident: 0 User stack base: 0x03EA0000(7a56000 ) User stack Limit: 0x03E9F000 + 2d8 cmd2k.exe Source: from_active_process_list Eprocess Block: 0xFF1906A0 (0x3a07684) CreateTime: 0x1c569dfffd74140 2005-06-05 15:05:24Z SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x647d000 Process Environment Block: 0x7FFDF000 (3042000) Loader module block: 0x00131E90 (304200c) Command Line: "E:\Shells\cmd2k.exe" /D /T:80 /F:ON /K cmdenv.bat Section: 0xE2114590 (0x6b26590) Section Base Address: 0x4AD00000 (37bc000) SectionBasedAddress: 0x09814420 ) SizeOfSegment: 0x48000 SectionFileName: \Shells\cmd2k.exe 0xe2095b28 (0x2f1b28) Handle Table: 0xFF146668 (0x2ee3668) Count: 22 TableCode: 0xE1C52000 Process exiting: 0 VAD Root: 0xFF1DE1C8(1d941c8) Private: 85 Modified: 0 Locked: 0 AccessToken: 0xE2008030(6c5d030) SecurityDescriptor: 0xE12CA398(1941398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,37a28} ParentToken ID: {0,0} Modified ID: {0,1d985} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x4AD00000 0x4AD48000 (37bc000) cmd2k.exe E:\Shells\cmd2k.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002056C BaseDllName address: 0x00131F10 FullDllName physical address: 294656c BaseDllName physical address: 2970f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: 2970f80 BaseDllName physical address: 2970fa4 0x77E80000 0x77F35000 (58b4000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x001323F8 FullDllName physical address: 51d1420 BaseDllName physical address: 51d13f8 0x77E10000 0x77E74000 (5a02000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324F0 BaseDllName address: 0x001324D0 FullDllName physical address: 51d14f0 BaseDllName physical address: 51d14d0 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001325A8 BaseDllName address: 0x00132588 FullDllName physical address: 51d15a8 BaseDllName physical address: 51d1588 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132660 BaseDllName address: 0x00132638 FullDllName physical address: 51d1660 BaseDllName physical address: 51d1638 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132718 BaseDllName address: 0x001326F8 FullDllName physical address: 51d1718 BaseDllName physical address: 51d16f8 0x78000000 0x78046000 (59bc000) MSVCRT.dll C:\WINNT\system32\MSVCRT.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327D0 BaseDllName address: 0x001327B0 FullDllName physical address: 51d17d0 BaseDllName physical address: 51d17b0 Thread List Head: 0xFF1906F0 THREAD: 0xFF1DA020 (0x1f40020) Cid: 2d8.3cc CreateTime: 0x1c569dfffd8c870 2005-06-05 15:05:24Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(2a60000) ThreadsProcess: 0xFF1906A0 cmd2k.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1F2C868 Wait:(WrLpcReply) UserMode Non-Alertable WaitListHead: 0xFF1DA07C Contents: FF18C4FC:FF22ADFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1DA08C(1f4008c) PostBlockList: 0xFF1DA1E4:FF1DA1E4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x4AD1A420 E:\Shells\cmd2k.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF76D5000 Stack Limit: 0xF76D2000 Kernel Stack: 0xF76D4C18(2aa9000 NA NA ) Resident: 0 User stack base: 0x00130000(29ee000 66a4000 85d000 40d0000 21d1000 330f000 ) User stack Limit: 0x0012A000 + 41c cmd2k.exe Source: from_active_process_list Eprocess Block: 0xFF19C020 (0x381c004) CreateTime: 0x1c569e1d2355fd0 2005-06-05 15:18:26Z SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x642e000 Process Environment Block: 0x7FFDF000 (6681000) Loader module block: 0x00131E90 (668100c) Command Line: "E:\Shells\cmd2k.exe" /D /T:80 /F:ON /K cmdenv.bat Section: 0xE1FE4C10 (0x3ae5c10) Section Base Address: 0x4AD00000 (37bc000) SectionBasedAddress: 0x09814420 ) SizeOfSegment: 0x48000 SectionFileName: \Shells\cmd2k.exe 0xe2095b28 (0x2f1b28) Handle Table: 0xFF163008 (0x5047008) Count: 23 TableCode: 0xE1CAB000 Process exiting: 0 VAD Root: 0xFF280088(ae5088) Private: 74 Modified: 0 Locked: 0 AccessToken: 0xE1FF6CF0(3ca6cf0) SecurityDescriptor: 0xE12CA398(1941398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,3c529} ParentToken ID: {0,0} Modified ID: {0,1d985} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x4AD00000 0x4AD48000 (37bc000) cmd2k.exe E:\Shells\cmd2k.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002056C BaseDllName address: 0x00131F10 FullDllName physical address: 642556c BaseDllName physical address: a8ff10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F80 BaseDllName address: 0x00131FA4 FullDllName physical address: a8ff80 BaseDllName physical address: a8ffa4 0x77E80000 0x77F35000 (58b4000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132420 BaseDllName address: 0x001323F8 FullDllName physical address: 4a90420 BaseDllName physical address: 4a903f8 0x77E10000 0x77E74000 (5a02000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001324F0 BaseDllName address: 0x001324D0 FullDllName physical address: 4a904f0 BaseDllName physical address: 4a904d0 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001325A8 BaseDllName address: 0x00132588 FullDllName physical address: 4a905a8 BaseDllName physical address: 4a90588 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.dll C:\WINNT\system32\ADVAPI32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132660 BaseDllName address: 0x00132638 FullDllName physical address: 4a90660 BaseDllName physical address: 4a90638 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132718 BaseDllName address: 0x001326F8 FullDllName physical address: 4a90718 BaseDllName physical address: 4a906f8 0x78000000 0x78046000 (59bc000) MSVCRT.dll C:\WINNT\system32\MSVCRT.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001327D0 BaseDllName address: 0x001327B0 FullDllName physical address: 4a907d0 BaseDllName physical address: 4a907b0 Thread List Head: 0xFF19C070 THREAD: 0xFF1ED9E0 (0x48ca9e0) Cid: 41c.3a4 CreateTime: 0x1c569e1d2355fd0 2005-06-05 15:18:26Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(4907000) ThreadsProcess: 0xFF19C020 cmd2k.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE211FEA8 Wait:(UserRequest) UserMode Non-Alertable WaitListHead: 0xFF1EDA3C Contents: FF26F07C:FCA2D07C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1EDA4C(48caa4c) PostBlockList: 0xFF1EDBA4:FF1EDBA4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x4AD1A420 E:\Shells\cmd2k.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF76E5000 Stack Limit: 0xF76E1000 Kernel Stack: 0xF76E4CA0(4386000 NA NA NA ) Resident: 0 User stack base: 0x00130000(6b8d000 4974000 a42000 ) User stack Limit: 0x0012D000 + 4a4 dd.exe Source: from_active_process_list Eprocess Block: 0xFF151B40 (0x1e44b24) CreateTime: 0x1c569e1d9a9f100 2005-06-05 15:18:39Z SecurityDescriptor: 0xE136E6B8(272b6b8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f0fff;;;BA)(A;;0x1f0fff;;;SY) Session: 0x0 DirectoryTableBase: 0x287a000 Process Environment Block: 0x7FFDF000 (4dc4000) Loader module block: 0x00131E90 (4dc400c) Command Line: ..\Acquisition\FAU\dd.exe if=\\.\PhysicalMemory of=F:\intrusion2005\memory-image.dd conv=noerror --md5sum --verifymd5 --md5out=F:\intrusion2005\memory-image.dd.md5 --log=F:\intrusion2005\memory-audit.log Section: 0xE1EF3C70 (0x50edc70) Section Base Address: 0x00400000 (4c21000) SectionBasedAddress: 0x08E0A430 ) SizeOfSegment: 0xe000 SectionFileName: \Acquisition\FAU\dd.exe 0xe1d621e8 (0x75691e8) Handle Table: 0xFF133AE8 (0x6673ae8) Count: 27 TableCode: 0xE1CC5000 Process exiting: 0 VAD Root: 0xFF228388(4f13388) Private: 84 Modified: 7680 Locked: 0 AccessToken: 0xE1DBD6F0(756e6f0) SecurityDescriptor: 0xE12CA398(1941398) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) UserSid: S-1-5-21-791032918-1291200457-768897840-500 AuthenticationID: {0,cf26} Expiration: (never) Impersonation Level: SecurityAnonymous TokenType: TokenPrimary Source: User32 {0,cf19} TokenFlags: 0x9 Token ID: {0,3c979} ParentToken ID: {0,0} Modified ID: {0,1d985} SessionID: 0 TokenInUse: Yes Groups: 1 S-1-5-21-791032918-1291200457-768897840-513 Attributes: Mandatory Default Enabled 2 S-1-1-0 Attributes: Mandatory Default Enabled 3 S-1-5-32-544 Attributes: Mandatory Default Enabled Owner 4 S-1-5-32-545 Attributes: Mandatory Default Enabled 5 S-1-5-5-0-52683 Attributes: Mandatory Default Enabled LogonId 6 S-1-2-0 Attributes: Mandatory Default Enabled 7 S-1-5-4 Attributes: Mandatory Default Enabled 8 S-1-5-11 Attributes: Mandatory Default Enabled PrimaryGroup: S-1-5-21-791032918-1291200457-768897840-513 Privileges: 1 0x23 SeChangeNotifyPrivilege Default Enabled 2 0x8 SeSecurityPrivilege 3 0x17 SeBackupPrivilege 4 0x18 SeRestorePrivilege 5 0x12 SeSystemtimePrivilege 6 0x19 SeShutdownPrivilege 7 0x24 SeRemoteShutdownPrivilege 8 0x9 SeTakeOwnershipPrivilege 9 0x20 SeDebugPrivilege 10 0x22 SeSystemEnvironmentPrivilege 11 0x11 SeSystemProfilePrivilege 12 0x13 SeProfileSingleProcessPrivilege 13 0x14 SeIncreaseBasePriorityPrivilege 14 0x10 SeLoadDriverPrivilege Enabled 15 0x15 SeCreatePagefilePrivilege 16 0x5 SeIncreaseQuotaPrivilege 17 0x25 SeUndockPrivilege Enabled 0x00400000 0x0040E000 (4c21000) dd.exe E:\Acquisition\FAU\dd.exe Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x0002074C BaseDllName address: 0x00131F10 FullDllName physical address: 342874c BaseDllName physical address: 2d92f10 0x77F80000 0x77FFA000 (21d8000) ntdll.dll C:\WINNT\System32\ntdll.dll Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00131F78 BaseDllName address: 0x00131F9C FullDllName physical address: 2d92f78 BaseDllName physical address: 2d92f9c 0x10000000 0x10006000 (458f000) getopt.dll E:\Acquisition\FAU\getopt.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132410 BaseDllName address: 0x001323F0 FullDllName physical address: 4d13410 BaseDllName physical address: 4d133f0 0x77E80000 0x77F35000 (58b4000) KERNEL32.dll C:\WINNT\system32\KERNEL32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x001329C8 BaseDllName address: 0x001329A0 FullDllName physical address: 4d139c8 BaseDllName physical address: 4d139a0 0x7C000000 0x7C054000 (4d52000) MSVCR70.dll E:\Acquisition\FAU\MSVCR70.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132A80 BaseDllName address: 0x00132A60 FullDllName physical address: 4d13a80 BaseDllName physical address: 4d13a60 0x77820000 0x77827000 (59a7000) VERSION.dll C:\WINNT\system32\VERSION.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132B50 BaseDllName address: 0x00132B30 FullDllName physical address: 4d13b50 BaseDllName physical address: 4d13b30 0x759B0000 0x759B6000 (5898000) LZ32.DLL C:\WINNT\system32\LZ32.DLL Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132C08 BaseDllName address: 0x00132BE8 FullDllName physical address: 4d13c08 BaseDllName physical address: 4d13be8 0x77E10000 0x77E74000 (5a02000) USER32.dll C:\WINNT\system32\USER32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132CB8 BaseDllName address: 0x00132C98 FullDllName physical address: 4d13cb8 BaseDllName physical address: 4d13c98 0x77F40000 0x77F7C000 (5892000) GDI32.DLL C:\WINNT\system32\GDI32.DLL Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132D70 BaseDllName address: 0x00132D50 FullDllName physical address: 4d13d70 BaseDllName physical address: 4d13d50 0x77BE0000 0x77BEF000 (75fa000) Secur32.dll C:\WINNT\System32\Secur32.dll Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132E20 BaseDllName address: 0x00132E00 FullDllName physical address: 4d13e20 BaseDllName physical address: 4d13e00 0x77DB0000 0x77E0A000 (58b0000) ADVAPI32.DLL C:\WINNT\system32\ADVAPI32.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132EE0 BaseDllName address: 0x00132EB8 FullDllName physical address: 4d13ee0 BaseDllName physical address: 4d13eb8 0x77D40000 0x77DB0000 (591d000) RPCRT4.DLL C:\WINNT\system32\RPCRT4.DLL Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00132F98 BaseDllName address: 0x00132F78 FullDllName physical address: 4d13f98 BaseDllName physical address: 4d13f78 0x77A50000 0x77B45000 (58c9000) ole32.dll C:\WINNT\system32\ole32.dll Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 FullDllName virtual address: 0x00133050 BaseDllName address: 0x00133030 FullDllName physical address: 6598050 BaseDllName physical address: 6598030 0x00790000 0x00797000 (3754000) md5lib.dll E:\Acquisition\FAU\md5lib.dll Flags: 0x2c4004 LoadCount: 0x1 TlsIndex: 0 FullDllName virtual address: 0x00136468 BaseDllName address: 0x00136448 FullDllName physical address: 1c45468 BaseDllName physical address: 1c45448 Thread List Head: 0xFF151B90 THREAD: 0xFF22A020 (0x4f61020) Cid: 4a4.3ac CreateTime: 0x1c569e1d9a9f100 2005-06-05 15:18:39Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x7FFDE000(1c69000) ThreadsProcess: 0xFF151B40 dd.exe Priority: 8 Base Priority: 8 Priority decrement: 0 Win32Thread: 0xE1FF34A8 Running WaitListHead: 0xFF22A07C Contents: 8047F7C0:8047F7C0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF22A0D4(4f610d4) PostBlockList: 0xFF22A1E4:FF22A1E4 Queue: 0x00000000 Start Address: 0x77E99264 C:\WINNT\system32\KERNEL32.dll Win32 Start Address: 0x00406BDA E:\Acquisition\FAU\dd.exe Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0xF78E5000 Stack Limit: 0xF78E1000 Kernel Stack: 0xF78E4C2C(3774000 5293000 3212000 50f5000 ) Resident: 1 User stack base: 0x00130000(1bf0000 3e9a000 ) User stack Limit: 0x0012E000 Total processes(including idle process): 32 Orphaned threads: THREAD: 0xFCA2A0E0 (0x10470e0) Cid: f0.ec CreateTime: 0x1c569df92adcc40 2005-06-05 15:02:20Z ExitTime: 1c569df92adcc40 2005-06-05 15:02:23Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 16 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFCA2A13C Contents: FCA2E67C:FCDFEDFC Queue List: 0x00000000:00000000 WaitBlockList: 0xFCA2A14C(104714c) PostBlockList: 0xFCA2A2A4:FCA2A2A4 Queue: 0x00000000 Start Address: 0x77E99264 LPC Server thread working on message Id 0x21 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0x00000000 Stack Limit: 0xF060C000 Kernel Stack: 0xF060FC48() Resident: 1 Terminated: Yes THREAD: 0xFF281020 (0x9f9020) Cid: f0.160 CreateTime: 0x1c569df93cb8c50 2005-06-05 15:02:22Z ExitTime: 1c569df93cb8c50 2005-06-05 15:02:28Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFCA2A500 lsass.exe Priority: 16 Base Priority: 9 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF28107C Contents: FF24507C:FF2869DC Queue List: 0x00000000:00000000 WaitBlockList: 0xFF28108C(9f908c) PostBlockList: 0xFF2811E4:FF2811E4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x5091CBA9 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0x00000000 Stack Limit: 0xF066C000 Kernel Stack: 0xF066FC48() Resident: 1 Terminated: Yes THREAD: 0xFF25BA00 (0x194aa00) Cid: 1d8.1e0 CreateTime: 0x1c569df94e94c60 2005-06-05 15:02:24Z ExitTime: 1c569df94e94c60 2005-06-05 15:02:24Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF267D60 dfrws2005.exe Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF25BA5C Contents: FF25ADFC:8047F7C0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF25BA6C(194aa6c) PostBlockList: 0xFF25BBC4:FF25BBC4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x0040CBA8 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF80E4000 Kernel Stack: 0xF80E6C48() Resident: 1 Terminated: Yes THREAD: 0xFF138DA0 (0x1de6da0) Cid: 1ec.4a0 CreateTime: 0x1c569dfb504d1f0 2005-06-05 15:03:18Z ExitTime: 1c569dfb504d1f0 2005-06-05 15:03:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF277960 svchost.exe Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF138DFC Contents: FF24F07C:FF13717C Queue List: 0x00000000:00000000 WaitBlockList: 0xFF138E0C(1de6e0c) PostBlockList: 0xFF138F64:FF138F64 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x75675EC4 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0x00000000 Stack Limit: 0xF7988000 Kernel Stack: 0xF798CC48() Resident: 1 Terminated: Yes THREAD: 0xFF132020 (0x6678020) Cid: 1ec.4d0 CreateTime: 0x1c569dfb5e6f9b0 2005-06-05 15:03:20Z ExitTime: 1c569dfb5e6f9b0 2005-06-05 15:03:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF277960 svchost.exe Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF13207C Contents: FF1385BC:8047F7C0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF13208C(667808c) PostBlockList: 0xFF1321E4:FF1321E4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x7591871D Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF779A000 Kernel Stack: 0xF779CC48() Resident: 1 Terminated: Yes THREAD: 0xFF138560 (0x1de6560) Cid: 1ec.4ac CreateTime: 0x1c569dfb47fe0a0 2005-06-05 15:03:17Z ExitTime: 1c569dfb47fe0a0 2005-06-05 15:03:21Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF277960 svchost.exe Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF1385BC Contents: FCDFEDFC:FCD995FC Queue List: 0xFF13CEC0:FF13CEC0 WaitBlockList: 0xFF138614(1de6614) PostBlockList: 0xFF138724:FF138724 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x77DC5AB7 Service Descriptor Table: 0x8046B880 KeServiceDescriptorTableShadow Initial stack: 0x00000000 Stack Limit: 0xF77C1000 Kernel Stack: 0xF77C4C48() Resident: 1 Terminated: Yes THREAD: 0xFF253020 (0x651020) Cid: 224.2a4 CreateTime: 0x1c569e1a1ba56f0 2005-06-05 15:17:05Z ExitTime: 1c569e1a1ba56f0 2005-06-05 15:17:05Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF2461E0 UMGR32.EXE Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF25307C Contents: 8047F7C8:8047F7C8 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF25308C(65108c) PostBlockList: 0xFF2531E4:FF2531E4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x01163590 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF7B3D000 Kernel Stack: 0xF7B3FC48() Resident: 1 Terminated: Yes THREAD: 0xFF17A1E0 (0x43d41e0) Cid: 224.204 CreateTime: 0x1c569e1a31cda70 2005-06-05 15:17:07Z ExitTime: 1c569e1a31cda70 2005-06-05 15:17:07Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF2461E0 UMGR32.EXE Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF17A23C Contents: 8047F7D0:8047F7D0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF17A24C(43d424c) PostBlockList: 0xFF17A3A4:FF17A3A4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x01163590 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF7B3D000 Kernel Stack: 0xF7B3FC48() Resident: 1 Terminated: Yes THREAD: 0xFF19A020 (0x385c020) Cid: 224.1f0 CreateTime: 0x1c569e19fe0a2d0 2005-06-05 15:17:02Z ExitTime: 1c569e19fe0a2d0 2005-06-05 15:17:02Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF2461E0 UMGR32.EXE Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF19A07C Contents: 8047F800:8047F800 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF19A08C(385c08c) PostBlockList: 0xFF19A1E4:FF19A1E4 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x01163590 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF7B3D000 Kernel Stack: 0xF7B3FC48() Resident: 1 Terminated: Yes THREAD: 0xFF1DBDA0 (0x1daeda0) Cid: 2d0.10c CreateTime: 0x1c569df9adb4320 2005-06-05 15:02:34Z ExitTime: 1c569df9adb4320 2005-06-05 15:02:45Z SecurityDescriptor: 0xE1000518(159a518) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-18 D:(A;;0x1f03ff;;;SY)(A;;0x120048;;;BA) Teb: 0x00000000(0) ThreadsProcess: 0xFF1FD720 WinMgmt.exe Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF1DBDFC Contents: FF24343C:8047F7C0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1DBE0C(1daee0c) PostBlockList: 0xFF1DBF64:FF1DBF64 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x78002432 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF7D3C000 Kernel Stack: 0xF7D3EC48() Resident: 1 Terminated: Yes THREAD: 0xFF170840 (0x1a9d840) Cid: 3c8.414 CreateTime: 0x1c569dfac2183c0 2005-06-05 15:03:03Z ExitTime: 1c569dfac2183c0 2005-06-05 15:04:04Z SecurityDescriptor: 0xE13698F8(23a98f8) Revision: 1 Sbz1: 0 Control: DaclPresent SelfRelative O: S-1-5-32-544 G: S-1-5-21-791032918-1291200457-768897840-513 D:(A;;0x1f03ff;;;BA)(A;;0x1f03ff;;;SY) Teb: 0x00000000(0) ThreadsProcess: 0xFF192780 JogServ2.exe Priority: 16 Base Priority: 8 Priority decrement: 0 Win32Thread: 0x00000000 Terminated WaitListHead: 0xFF17089C Contents: 8047F7D0:8047F7D0 Queue List: 0x00000000:00000000 WaitBlockList: 0xFF1708F4(1a9d8f4) PostBlockList: 0xFF170A04:FF170A04 Queue: 0x00000000 Start Address: 0x77E83775 Win32 Start Address: 0x78002432 Service Descriptor Table: 0x8046B840 KeServiceDescriptorTable Initial stack: 0x00000000 Stack Limit: 0xF7AEC000 Kernel Stack: 0xF7AEEC48() Resident: 1 Terminated: Yes Orphaned thread count: 11 Total threads: 239 Loaded user modules: 1. <Paged: 0:6790f8><0x0009C450(4b3e450)>: BaseAddress: 0x76FB0000 (1) EntryPoint: 0x76FB5E9A Size: 991232 Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03b Wed Dec 01 07:37:31 1999 FullPath: <Paged: 0:679020> 2. <Paged: 0:7d31d0><0x000ACB68(32e1b68)>: BaseAddress: 0x76C00000 (1) EntryPoint: 0x76C01378 Size: 475136 Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3947eb48 Wed Jun 14 20:30:00 2000 FullPath: C:\WINNT\system32\WININET.DLL 3. ACTILOG.dll<0x00132838(3cba838)>: BaseAddress: 0x10000000 (3d98000) EntryPoint: 0x10004695 Size: 53248 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39de044a Fri Oct 06 16:56:42 2000 FullPath: C:\Program Files\McAfee\McAfee VirusScan\ACTILOG.dll 4. ACTIVEDS.DLL<0x000A06E8(aec6e8)>: BaseAddress: 0x773B0000 (bd8000) EntryPoint: 0x773B126F Size: 188416 Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\ACTIVEDS.DLL 5. ADSLDPC.DLL<0x000A07A0(aec7a0)>: BaseAddress: 0x77380000 (b99000) EntryPoint: 0x773812A8 Size: 139264 Flags: 0x84006 LoadCount: 0x6 TlsIndex: 0 Timestamp: 394193d4 Sat Jun 10 01:03:16 2000 FullPath: C:\WINNT\system32\ADSLDPC.DLL 6. ADVAPI32.DLL<0x00072600(75dc600)>: BaseAddress: 0x77DB0000 (58b0000) EntryPoint: 0x77DB7D63 Size: 368640 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 394193d2 Sat Jun 10 01:03:14 2000 FullPath: C:\WINNT\system32\ADVAPI32.DLL 7. alogserv.exe<0x00131EC0(3cd9ec0)>: BaseAddress: 0x00400000 (3c8d000) EntryPoint: 0x00402560 Size: 32768 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39de0450 Fri Oct 06 16:56:48 2000 FullPath: C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe 8. Apntex.exe<0x00131EC0(3fe8ec0)>: BaseAddress: 0x00400000 (3de2000) EntryPoint: 0x004014E0 Size: 32768 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39b2f28e Mon Sep 04 00:53:34 2000 FullPath: C:\Program Files\Apoint\Apntex.exe 9. Apoint.DLL<0x00143388(3bb6388)>: BaseAddress: 0x00EE0000 (3dff000) EntryPoint: 0x00EEB4C1 Size: 106496 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a10da1e Tue Nov 14 06:22:22 2000 FullPath: C:\Program Files\Apoint\Apoint.DLL 10. Apoint.DLL<0x0014F748(2f84748)>: BaseAddress: 0x01D80000 (3dff000) EntryPoint: 0x01D8B4C1 Size: 106496 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a10da1e Tue Nov 14 06:22:22 2000 FullPath: C:\Program Files\Apoint\Apoint.DLL 11. Apoint.DLL<0x001C6100(3157100)>: BaseAddress: 0x03C40000 (3dff000) EntryPoint: 0x03C4B4C1 Size: 106496 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a10da1e Tue Nov 14 06:22:22 2000 FullPath: C:\Program Files\Apoint\Apoint.DLL 12. Apoint.exe<0x00131EC0(37c5ec0)>: BaseAddress: 0x00400000 (371a000) EntryPoint: 0x004064A4 Size: 106496 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a10e12d Tue Nov 14 06:52:29 2000 FullPath: C:\Program Files\Apoint\Apoint.exe 13. ApRes.dll<0x0014BE08(1c48e08)>: BaseAddress: 0x01010000 (416b000) EntryPoint: 0x00000000 Size: 1310720 Flags: 0x204004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a67f2f0 Fri Jan 19 07:55:28 2001 FullPath: C:\Program Files\Apoint\ApRes.dll 14. ATL.DLL<0x000A3B58(3af7b58)>: BaseAddress: 0x773E0000 (341d000) EntryPoint: 0x773E2D3C Size: 73728 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\System32\ATL.DLL 15. Avconsol.exe<0x00131EC0(659aec0)>: BaseAddress: 0x00400000 (1b28000) EntryPoint: 0x00416CA4 Size: 180224 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 398a0037 Thu Aug 03 23:28:55 2000 FullPath: C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe 16. AVICAP32.dll<0x00148F10(54f5f10)>: BaseAddress: 0x74890000 (5752000) EntryPoint: 0x74891F13 Size: 73728 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38439965 Tue Nov 30 09:31:17 1999 FullPath: C:\WINNT\System32\AVICAP32.dll 17. AVIFIL32.DLL<0x000C16B0(35b76b0)>: BaseAddress: 0x74870000 (1) EntryPoint: 0x74874EB2 Size: 90112 Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38439965 Tue Nov 30 09:31:17 1999 FullPath: C:\WINNT\System32\AVIFIL32.DLL 18. AvSynch.dll<0x00138D30(7b6d30)>: BaseAddress: 0x11200000 (4ae5000) EntryPoint: 0x11202BB1 Size: 73728 Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 398a0041 Thu Aug 03 23:29:05 2000 FullPath: C:\Program Files\McAfee\McAfee VirusScan\AvSynch.dll 19. Avsynmgr.exe<0x00131EC0(28aec0)>: BaseAddress: 0x00400000 (3df000) EntryPoint: 0x00407070 Size: 163840 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 398a0058 Thu Aug 03 23:29:28 2000 FullPath: C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe 20. basesrv.dll<0x00162E38(6903e38)>: BaseAddress: 0x5FFA0000 (6950000) EntryPoint: 0x00000000 Size: 49152 Flags: 0x4004 LoadCount: 0x3 TlsIndex: 0 Timestamp: 38448c4e Wed Dec 01 02:47:42 1999 FullPath: C:\WINNT\system32\basesrv.dll 21. BATMETER.DLL<0x000BB1D8(34271d8)>: BaseAddress: 0x76740000 (1) EntryPoint: 0x767410B4 Size: 32768 Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 Timestamp: 38d8477c Wed Mar 22 04:09:32 2000 FullPath: C:\WINNT\System32\BATMETER.DLL 22. browselc.dll<0x000E4D60(3c65d60)>: BaseAddress: 0x76EE0000 (1) EntryPoint: 0x00000000 Size: 45056 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38e3fd11 Fri Mar 31 01:19:13 2000 FullPath: C:\WINNT\System32\browselc.dll 23. browser.dll<0x000D9BC8(455bbc8)>: BaseAddress: 0x768F0000 (52fc000) EntryPoint: 0x00000000 Size: 61440 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03e Wed Dec 01 07:37:34 1999 FullPath: C:\WINNT\system32\browser.dll 24. browseui.dll<0x0008D2D8(30492d8)>: BaseAddress: 0x76E10000 (1) EntryPoint: 0x76E1E4A3 Size: 815104 Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 Timestamp: 3947eb48 Wed Jun 14 20:30:00 2000 FullPath: C:\WINNT\System32\browseui.dll 25. BSACPICM.DLL<0x00171310(4080310)>: BaseAddress: 0x01AD0000 (2b4e000) EntryPoint: 0x01AD3200 Size: 126976 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a24c394 Wed Nov 29 08:51:32 2000 FullPath: C:\Program Files\PowerPanel\Program\BSACPICM.DLL 26. BSNTSBS.DLL<0x00185048(2fe3048)>: BaseAddress: 0x01C00000 (30e6000) EntryPoint: 0x01C03AB4 Size: 147456 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a24c248 Wed Nov 29 08:46:00 2000 FullPath: C:\Program Files\PowerPanel\Program\BSNTSBS.DLL 27. CFGMGR32.DLL<0x000AB568(da4568)>: BaseAddress: 0x770B0000 (2917000) EntryPoint: 0x00000000 Size: 28672 Flags: 0x4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03b Wed Dec 01 07:37:31 1999 FullPath: C:\WINNT\system32\CFGMGR32.DLL 28. CLBCATQ.DLL<0x012FA670(25cd670)>: BaseAddress: 0x691D0000 (1) EntryPoint: 0x6923E9A0 Size: 544768 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3918811e Tue May 09 21:20:30 2000 FullPath: C:\WINNT\System32\CLBCATQ.DLL 29. Clipboard.lmd<0x00196CC8(3c71cc8)>: BaseAddress: 0x01FB0000 (3c44000) EntryPoint: 0x01FB7BD6 Size: 184320 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3fe06efb Wed Dec 17 14:58:03 2003 FullPath: E:\AutoPlay\Plugins\Clipboard\Clipboard.lmd 30. CLUSAPI.DLL<0x000A66A0(3de56a0)>: BaseAddress: 0x73930000 (589d000) EntryPoint: 0x00000000 Size: 65536 Flags: 0x4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 39518ec2 Thu Jun 22 03:57:54 2000 FullPath: C:\WINNT\System32\CLUSAPI.DLL 31. cmd2k.exe<0x00131EC0(2970ec0)>: BaseAddress: 0x4AD00000 (37bc000) EntryPoint: 0x4AD1A420 Size: 294912 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39aa202b Mon Aug 28 08:17:47 2000 FullPath: E:\Shells\cmd2k.exe 32. cnbjmon.dll<0x00082E70(1dfe70)>: BaseAddress: 0x733E0000 (3313000) EntryPoint: 0x733E1480 Size: 57344 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3843997b Tue Nov 30 09:31:39 1999 FullPath: C:\WINNT\system32\cnbjmon.dll 33. ComboBox.apo<0x001B7D00(5397d00)>: BaseAddress: 0x033E0000 (1fd0000) EntryPoint: 0x033F527E Size: 360448 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 4146177b Mon Sep 13 21:56:11 2004 FullPath: E:\AutoPlay\Plugins\ComboBox\ComboBox.apo 34. COMCTL32.DLL<0x0007C7D0(79627d0)>: BaseAddress: 0x77B50000 (1) EntryPoint: 0x77B68BCC Size: 561152 Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 Timestamp: 3947eb46 Wed Jun 14 20:29:58 2000 FullPath: C:\WINNT\system32\COMCTL32.DLL 35. comdlg32.dll<0x00137EB0(125eb0)>: BaseAddress: 0x76B30000 (5921000) EntryPoint: 0x76B31CE2 Size: 253952 Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 Timestamp: 3947eb48 Wed Jun 14 20:30:00 2000 FullPath: C:\WINNT\system32\comdlg32.dll 36. comsvcs.dll<0x000A6350(3de5350)>: BaseAddress: 0x694F0000 (3e77000) EntryPoint: 0x695ADEF0 Size: 1310720 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 391880fe Tue May 09 21:19:58 2000 FullPath: C:\WINNT\System32\comsvcs.dll 37. CRYPT32.dll<0x000EB6F8(496a6f8)>: BaseAddress: 0x77440000 (7a94000) EntryPoint: 0x774425F7 Size: 491520 Flags: 0x84006 LoadCount: 0x3b TlsIndex: 0 Timestamp: 3919b95e Wed May 10 19:32:46 2000 FullPath: C:\WINNT\system32\CRYPT32.dll 38. CRYPTDLL.DLL<0x000C05E0(4d615e0)>: BaseAddress: 0x76670000 (790a000) EntryPoint: 0x76674054 Size: 57344 Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d040 Wed Dec 01 07:37:36 1999 FullPath: C:\WINNT\system32\CRYPTDLL.DLL 39. Crypto.lmd<0x00198048(762048)>: BaseAddress: 0x01FF0000 (9a1000) EntryPoint: 0x01FFC7DC Size: 278528 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 413e3527 Tue Sep 07 22:24:39 2004 FullPath: E:\AutoPlay\Plugins\Crypto\Crypto.lmd 40. cryptsvc.dll<0x000C2938(56ce938)>: BaseAddress: 0x768D0000 (569f000) EntryPoint: 0x768D1250 Size: 73728 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\cryptsvc.dll 41. cscdll.dll<0x00153228(5319228)>: BaseAddress: 0x770C0000 (1) EntryPoint: 0x770C6B31 Size: 143360 Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3924a0aa Fri May 19 02:02:18 2000 FullPath: C:\WINNT\system32\cscdll.dll 42. cscui.dll<0x012F7468(23d3468)>: BaseAddress: 0x77840000 (1) EntryPoint: 0x7784285F Size: 245760 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb47 Wed Jun 14 20:29:59 2000 FullPath: C:\WINNT\system32\cscui.dll 43. CSRSRV.dll<0x00162728(6903728)>: BaseAddress: 0x5FF90000 (68c4000) EntryPoint: 0x00000000 Size: 49152 Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 37f2d3d3 Thu Sep 30 03:06:59 1999 FullPath: C:\WINNT\system32\CSRSRV.dll 44. csrss.exe<0x00161EC0(6982ec0)>: BaseAddress: 0x5FFF0000 (68f7000) EntryPoint: 0x5FFF1130 Size: 16384 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 37f2d3d3 Thu Sep 30 03:06:59 1999 FullPath: \??\C:\WINNT\system32\csrss.exe 45. dd.exe<0x00131EC0(2d92ec0)>: BaseAddress: 0x00400000 (4c21000) EntryPoint: 0x00406BDA Size: 57344 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 4122aa24 Wed Aug 18 01:00:20 2004 FullPath: E:\Acquisition\FAU\dd.exe 46. DDCDRES.DLL<0x001378F0(f1a8f0)>: BaseAddress: 0x01780000 (656c000) EntryPoint: 0x01781180 Size: 434176 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a8198de Wed Feb 07 18:50:06 2001 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DDCDRES.DLL 47. dfrws2005.exe<0x00131EC0(31cec0)>: BaseAddress: 0x00400000 (145000) EntryPoint: 0x0040EAFC Size: 557056 Flags: 0x5000 LoadCount: 0xffff TlsIndex: -1 Timestamp: 2a425e19 Fri Jun 19 22:22:17 1992 FullPath: c:\winnt\system32\dfrws2005.exe 48. DGMP3RD.DLL<0x00166270(22b8270)>: BaseAddress: 0x01AC0000 (6b59000) EntryPoint: 0x01ACB977 Size: 139264 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39b8ddd2 Fri Sep 08 12:38:42 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DGMP3RD.DLL 49. DGMP3WT.DLL<0x00166690(22b8690)>: BaseAddress: 0x01F90000 (47f6000) EntryPoint: 0x01FC942C Size: 462848 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a4b4742 Thu Dec 28 13:59:30 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DGMP3WT.DLL 50. DGSSTRM.DLL<0x001338F0(3f138f0)>: BaseAddress: 0x00340000 (5a65000) EntryPoint: 0x00354E86 Size: 184320 Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39b8dddf Fri Sep 08 12:38:55 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DGSSTRM.DLL 51. DGWAVOT.DLL<0x00166358(22b8358)>: BaseAddress: 0x01C00000 (5591000) EntryPoint: 0x01C042EC Size: 77824 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39b8dde1 Fri Sep 08 12:38:57 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DGWAVOT.DLL 52. DGWAVRD.DLL<0x00166440(22b8440)>: BaseAddress: 0x01D30000 (40d2000) EntryPoint: 0x01D337BF Size: 77824 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39b8dde2 Fri Sep 08 12:38:58 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DGWAVRD.DLL 53. DGWAVWT.DLL<0x001665B0(22b85b0)>: BaseAddress: 0x01E60000 (409a000) EntryPoint: 0x01E6632C Size: 90112 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39b8dde3 Fri Sep 08 12:38:59 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DGWAVWT.DLL 54. dhcpcsvc.dll<0x00094BC0(bf3bc0)>: BaseAddress: 0x77360000 (b78000) EntryPoint: 0x77361270 Size: 102400 Flags: 0xc4004 LoadCount: 0x9 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\dhcpcsvc.dll 55. dmserver.dll<0x000AFBA8(f76ba8)>: BaseAddress: 0x768C0000 (18d0000) EntryPoint: 0x768C1854 Size: 24576 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb49 Wed Jun 14 20:30:01 2000 FullPath: C:\WINNT\system32\dmserver.dll 56. DNSAPI.DLL<0x000734F0(761e4f0)>: BaseAddress: 0x77980000 (1) EntryPoint: 0x77981E43 Size: 147456 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 394193d3 Sat Jun 10 01:03:15 2000 FullPath: C:\WINNT\system32\DNSAPI.DLL 57. dnsrslvr.dll<0x000A7970(d2b970)>: BaseAddress: 0x768A0000 (cac000) EntryPoint: 0x00000000 Size: 102400 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 394193d6 Sat Jun 10 01:03:18 2000 FullPath: C:\WINNT\system32\dnsrslvr.dll 58. docprop2.dll<0x000DE138(392d138)>: BaseAddress: 0x71F00000 (1) EntryPoint: 0x71F017E7 Size: 315392 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38439990 Tue Nov 30 09:32:00 1999 FullPath: C:\WINNT\System32\docprop2.dll 59. DragDrop.exe<0x00131EC0(39a3ec0)>: BaseAddress: 0x00400000 (3adb000) EntryPoint: 0x0044ACB1 Size: 692224 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a854244 Sat Feb 10 13:29:40 2001 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe 60. dsound.dll<0x0016EB78(3204b78)>: BaseAddress: 0x51080000 (320b000) EntryPoint: 0x510CB1D9 Size: 364544 Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3a024e6b Fri Nov 03 05:34:35 2000 FullPath: C:\WINNT\System32\dsound.dll 61. dssenh.dll<0x000A8148(4d47148)>: BaseAddress: 0x67400000 (1) EntryPoint: 0x67405829 Size: 159744 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38e25cb5 Wed Mar 29 19:42:45 2000 FullPath: C:\WINNT\system32\dssenh.dll 62. EngDM.DLL<0x00176DC8(5810dc8)>: BaseAddress: 0x01180000 (1a87000) EntryPoint: 0x00000000 Size: 24576 Flags: 0x204004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a246608 Wed Nov 29 02:12:24 2000 FullPath: C:\Program Files\PowerPanel\Program\EngDM.DLL 63. EngPM.dll<0x0016AE80(6bb4e80)>: BaseAddress: 0x01100000 (44b6000) EntryPoint: 0x00000000 Size: 327680 Flags: 0x204004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a246607 Wed Nov 29 02:12:23 2000 FullPath: C:\Program Files\PowerPanel\Program\EngPM.dll 64. es.dll<0x0007BDB8(1aecdb8)>: BaseAddress: 0x76290000 (1b59000) EntryPoint: 0x7629399C Size: 249856 Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 Timestamp: 3843994a Tue Nov 30 09:30:50 1999 FullPath: c:\winnt\system32\es.dll 65. ESENT.dll<0x000C1688(64f3688)>: BaseAddress: 0x70170000 (4622000) EntryPoint: 0x70171A1C Size: 1155072 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3919b975 Wed May 10 19:33:09 2000 FullPath: C:\WINNT\system32\ESENT.dll 66. eventlog.dll<0x00092680(98f680)>: BaseAddress: 0x76890000 (bd7000) EntryPoint: 0x00000000 Size: 57344 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\eventlog.dll 67. Explorer.Exe<0x00071EC0(2c56ec0)>: BaseAddress: 0x00400000 (565c000) EntryPoint: 0x004015A8 Size: 253952 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3947dd13 Wed Jun 14 19:29:23 2000 FullPath: C:\WINNT\Explorer.Exe 68. EzAuto.dll<0x000BE520(3503520)>: BaseAddress: 0x01D30000 (1) EntryPoint: 0x01D32758 Size: 49152 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39852221 Mon Jul 31 06:52:17 2000 FullPath: C:\Program Files\Apoint\EzAuto.dll 69. EzAuto.dll<0x0014BEA8(1c48ea8)>: BaseAddress: 0x01150000 (42f0000) EntryPoint: 0x01152758 Size: 49152 Flags: 0x284004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 39852221 Mon Jul 31 06:52:17 2000 FullPath: C:\Program Files\Apoint\EzAuto.dll 70. EzAuto.dll<0x0014F4B8(2f844b8)>: BaseAddress: 0x01C60000 (42f0000) EntryPoint: 0x01C62758 Size: 49152 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39852221 Mon Jul 31 06:52:17 2000 FullPath: C:\Program Files\Apoint\EzAuto.dll 71. EzAuto.dll<0x0019EC58(4328c58)>: BaseAddress: 0x023B0000 (42f0000) EntryPoint: 0x023B2758 Size: 49152 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39852221 Mon Jul 31 06:52:17 2000 FullPath: C:\Program Files\Apoint\EzAuto.dll 72. ezCDmker.dll<0x00133020(3f13020)>: BaseAddress: 0x00270000 (3f14000) EntryPoint: 0x00288AE8 Size: 753664 Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a80bf1e Wed Feb 07 03:21:02 2001 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\ezCDmker.dll 73. EzLaunch.DLL<0x0014BEF8(1c48ef8)>: BaseAddress: 0x01270000 (42bd000) EntryPoint: 0x01276B19 Size: 184320 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39fe1b43 Tue Oct 31 01:07:15 2000 FullPath: C:\Program Files\Apoint\EzLaunch.DLL 74. ezLICEN.dll<0x00133A90(3f13a90)>: BaseAddress: 0x00370000 (6afe000) EntryPoint: 0x00374BE2 Size: 167936 Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a777560 Wed Jan 31 02:16:00 2001 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\ezLICEN.dll 75. faxshell.dll<0x000ECDB0(43e2db0)>: BaseAddress: 0x70020000 (1) EntryPoint: 0x700214F0 Size: 20480 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 384399a5 Tue Nov 30 09:32:21 1999 FullPath: C:\WINNT\system32\faxshell.dll 76. GDI32.DLL<0x001631B0(691d1b0)>: BaseAddress: 0x77F40000 (5892000) EntryPoint: 0x00000000 Size: 245760 Flags: 0x4006 LoadCount: 0x4 TlsIndex: 0 Timestamp: 3947eb46 Wed Jun 14 20:29:58 2000 FullPath: C:\WINNT\system32\GDI32.DLL 77. getopt.dll<0x00132950(4d13950)>: BaseAddress: 0x10000000 (458f000) EntryPoint: 0x10001CEE Size: 24576 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 4122aa14 Wed Aug 18 01:00:04 2004 FullPath: E:\Acquisition\FAU\getopt.dll 78. gold.dll<0x00144560(66b2560)>: BaseAddress: 0x012E0000 (3a7000) EntryPoint: 0x012E10F9 Size: 552960 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 382245b0 Fri Nov 05 02:49:20 1999 FullPath: C:\Program Files\Common Files\Sony Shared\UILibrary\Tastes\gold.dll 79. gold.dll<0x00164BD0(5debd0)>: BaseAddress: 0x00F30000 (3a7000) EntryPoint: 0x00F310F9 Size: 552960 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 382245b0 Fri Nov 05 02:49:20 1999 FullPath: C:\Program Files\Common Files\Sony Shared\UILibrary\Tastes\gold.dll 80. GUIPlugInCJ.dll<0x00157DE8(33e1de8)>: BaseAddress: 0x019D0000 (4de8000) EntryPoint: 0x019D6169 Size: 245760 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a62be42 Mon Jan 15 09:09:22 2001 FullPath: C:\Program Files\Sony\Jog GUI PlugIn CJ\GUIPlugInCJ.dll 81. helix.exe<0x00131EC0(38a3ec0)>: BaseAddress: 0x00400000 (2eec000) EntryPoint: 0x006627E0 Size: 2535424 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 41b4a0ed Mon Dec 06 18:11:57 2004 FullPath: E:\helix.exe 82. HKRes.dll<0x00137E60(3aa4e60)>: BaseAddress: 0x00830000 (3f99000) EntryPoint: 0x00000000 Size: 376832 Flags: 0x204004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39d15cbe Wed Sep 27 02:34:38 2000 FullPath: C:\Program Files\Sony\HotKey Utility\HKRes.dll 83. HKserv.exe<0x00131EC0(38eeec0)>: BaseAddress: 0x00400000 (350a000) EntryPoint: 0x00406FD4 Size: 49152 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39f81157 Thu Oct 26 11:11:19 2000 FullPath: C:\Program Files\Sony\HotKey Utility\HKserv.exe 84. HKw2k.dll<0x00137CF8(3aa4cf8)>: BaseAddress: 0x10000000 (1f7e000) EntryPoint: 0x10001530 Size: 28672 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38a7b5b9 Mon Feb 14 07:58:49 2000 FullPath: C:\Program Files\Sony\HotKey Utility\HKw2k.dll 85. ICFGNT5.DLL<0x000ADB10(3377b10)>: BaseAddress: 0x6EA10000 (1) EntryPoint: 0x00000000 Size: 20480 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 384399b8 Tue Nov 30 09:32:40 1999 FullPath: C:\WINNT\System32\ICFGNT5.DLL 86. ICMP.DLL<0x000951A8(c361a8)>: BaseAddress: 0x77520000 (b2d000) EntryPoint: 0x775218B2 Size: 20480 Flags: 0x84006 LoadCount: 0xd TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\ICMP.DLL 87. IMAGEHLP.dll<0x000EE688(4d73688)>: BaseAddress: 0x77920000 (58e3000) EntryPoint: 0x7792127C Size: 139264 Flags: 0xc4006 LoadCount: 0x38 TlsIndex: 0 Timestamp: 384da964 Wed Dec 08 00:42:12 1999 FullPath: C:\WINNT\system32\IMAGEHLP.dll 88. imgutil.dll<0x000C2AB0(35b8ab0)>: BaseAddress: 0x6E490000 (1) EntryPoint: 0x6E4920B7 Size: 40960 Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 39386415 Sat Jun 03 01:49:09 2000 FullPath: C:\WINNT\System32\imgutil.dll 89. IMM32.DLL<0x000E0AA0(3a46aa0)>: BaseAddress: 0x75E60000 (1) EntryPoint: 0x75E61264 Size: 106496 Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3843994e Tue Nov 30 09:30:54 1999 FullPath: C:\WINNT\System32\IMM32.DLL 90. INETCFG.DLL<0x00099BF0(2d8dbf0)>: BaseAddress: 0x6E3D0000 (1) EntryPoint: 0x6E3DFD23 Size: 274432 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 384399be Tue Nov 30 09:32:46 1999 FullPath: C:\WINNT\System32\INETCFG.DLL 91. inetpp.dll<0x000885F0(7bc75f0)>: BaseAddress: 0x76B00000 (7e35000) EntryPoint: 0x76B017C2 Size: 77824 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb48 Wed Jun 14 20:30:00 2000 FullPath: C:\WINNT\system32\inetpp.dll 92. IPHLPAPI.DLL<0x000951F8(c361f8)>: BaseAddress: 0x77340000 (b70000) EntryPoint: 0x77342C35 Size: 77824 Flags: 0xc4006 LoadCount: 0x9 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\IPHLPAPI.DLL 93. JogDial.dll<0x00138010(3a36010)>: BaseAddress: 0x00890000 (414a000) EntryPoint: 0x0089633B Size: 57344 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a61e082 Sun Jan 14 17:23:14 2001 FullPath: C:\Program Files\Common Files\Sony Shared\Jog Dial Utility\JogDial.dll 94. JogLocale.dll<0x00144510(66b2510)>: BaseAddress: 0x01490000 (7caa000) EntryPoint: 0x014914D1 Size: 856064 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a3bd26f Sat Dec 16 20:37:03 2000 FullPath: C:\Program Files\Sony\Jog Dial Utility\JogLocale.dll 95. JogServ2.exe<0x00131EC0(39cfec0)>: BaseAddress: 0x00400000 (39d9000) EntryPoint: 0x0043F6C8 Size: 1380352 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a66bdf3 Thu Jan 18 09:57:07 2001 FullPath: C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe 96. jscript.dll<0x000BAD00(3424d00)>: BaseAddress: 0x75DE0000 (1) EntryPoint: 0x75E0575B Size: 487424 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38d84781 Wed Mar 22 04:09:37 2000 FullPath: C:\WINNT\System32\jscript.dll 97. kerberos.dll<0x0007A3D8(7ace3d8)>: BaseAddress: 0x45A00000 (1) EntryPoint: 0x45A13ED3 Size: 208896 Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3918f963 Wed May 10 05:53:39 2000 FullPath: C:\WINNT\system32\kerberos.dll 98. KERNEL32.DLL<0x00163140(691d140)>: BaseAddress: 0x77E80000 (58b4000) EntryPoint: 0x77E83709 Size: 741376 Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 Timestamp: 394193d2 Sat Jun 10 01:03:14 2000 FullPath: C:\WINNT\system32\KERNEL32.DLL 99. KsUser.dll<0x0016ED78(3204d78)>: BaseAddress: 0x5EF80000 (3038000) EntryPoint: 0x5EF81350 Size: 16384 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39f1678d Sat Oct 21 09:53:17 2000 FullPath: C:\WINNT\System32\KsUser.dll 100. LIBEAY32.dll<0x00133490(3fbd490)>: BaseAddress: 0x60F60000 (1) EntryPoint: 0x60FBEF26 Size: 602112 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3861b23c Thu Dec 23 05:25:16 1999 FullPath: C:\Program Files\Support.com\Client\bin\LIBEAY32.dll 101. LINKINFO.DLL<0x000E3860(3c2f860)>: BaseAddress: 0x76710000 (1) EntryPoint: 0x76711840 Size: 36864 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d040 Wed Dec 01 07:37:36 1999 FullPath: C:\WINNT\System32\LINKINFO.DLL 102. lmhsvc.dll<0x000A79C0(d2b9c0)>: BaseAddress: 0x76880000 (ced000) EntryPoint: 0x00000000 Size: 24576 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\lmhsvc.dll 103. localspl.dll<0x0007EA40(2ddea40)>: BaseAddress: 0x76AC0000 (2c05000) EntryPoint: 0x76AC15B0 Size: 262144 Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 Timestamp: 3947eb48 Wed Jun 14 20:30:00 2000 FullPath: C:\WINNT\system32\localspl.dll 104. LSASRV.dll<0x00072848(79b6848)>: BaseAddress: 0x50900000 (1) EntryPoint: 0x00000000 Size: 516096 Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39763f7d Wed Jul 19 23:53:33 2000 FullPath: C:\WINNT\system32\LSASRV.dll 105. lsass.exe<0x00071EC0(7915ec0)>: BaseAddress: 0x01000000 (1) EntryPoint: 0x01001258 Size: 40960 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39763f79 Wed Jul 19 23:53:29 2000 FullPath: C:\WINNT\system32\lsass.exe 106. LZ32.DLL<0x00130C90(63cc90)>: BaseAddress: 0x759B0000 (1) EntryPoint: 0x759B1A3F Size: 24576 Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38439952 Tue Nov 30 09:30:58 1999 FullPath: C:\WINNT\system32\LZ32.DLL 107. MCSCAN32.DLL<0x00136550(5dc550)>: BaseAddress: 0x00B40000 (4e8a000) EntryPoint: 0x00B6168C Size: 729088 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38d7c8b8 Tue Mar 21 19:08:40 2000 FullPath: C:\Program Files\Common Files\Network Associates\VirusScan Engine\4.0.xx\MCSCAN32.DLL 108. md5lib.dll<0x00136370(1c45370)>: BaseAddress: 0x00790000 (3754000) EntryPoint: 0x00792BBB Size: 28672 Flags: 0x2c4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 4122aa16 Wed Aug 18 01:00:06 2004 FullPath: E:\Acquisition\FAU\md5lib.dll 109. MFC42.DLL<0x00132F68(38eff68)>: BaseAddress: 0x6C370000 (39c8000) EntryPoint: 0x6C375D23 Size: 991232 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 384399dc Tue Nov 30 09:33:16 1999 FullPath: C:\WINNT\System32\MFC42.DLL 110. MFC42LOC.DLL<0x000A1910(575d910)>: BaseAddress: 0x5FD00000 (1) EntryPoint: 0x00000000 Size: 53248 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3588769f Thu Jun 18 02:08:31 1998 FullPath: C:\WINNT\System32\MFC42LOC.DLL 111. mlang.dll<0x000AF938(3168938)>: BaseAddress: 0x75D50000 (1) EntryPoint: 0x75D54868 Size: 532480 Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3947eb4b Wed Jun 14 20:30:03 2000 FullPath: C:\WINNT\System32\mlang.dll 112. mpr.dll<0x0008D9E8(8f99e8)>: BaseAddress: 0x75090000 (1) EntryPoint: 0x750915EB Size: 65536 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb72 Wed Jun 14 20:30:42 2000 FullPath: C:\WINNT\system32\mpr.dll 113. MPRAPI.DLL<0x000952A0(c362a0)>: BaseAddress: 0x77320000 (cbf000) EntryPoint: 0x77321290 Size: 94208 Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\MPRAPI.DLL 114. MSACM32.dll<0x01303F78(27eef78)>: BaseAddress: 0x77410000 (2d13000) EntryPoint: 0x7741DA10 Size: 77824 Flags: 0x84006 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\MSACM32.dll 115. msacm32.drv<0x013010F0(27b40f0)>: BaseAddress: 0x77400000 (2cff000) EntryPoint: 0x77402638 Size: 32768 Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\msacm32.drv 116. msadp32.acm<0x000F8D58(38e0d58)>: BaseAddress: 0x75D40000 (1) EntryPoint: 0x00000000 Size: 24576 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3843994f Tue Nov 30 09:30:55 1999 FullPath: C:\WINNT\System32\msadp32.acm 117. msafd.dll<0x000EA948(1c7c948)>: BaseAddress: 0x74FD0000 (ee7000) EntryPoint: 0x74FD13EC Size: 118784 Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3976325b Wed Jul 19 22:57:31 2000 FullPath: C:\WINNT\system32\msafd.dll 118. MSASN1.DLL<0x000EE5F0(4d735f0)>: BaseAddress: 0x77430000 (796c000) EntryPoint: 0x774333F0 Size: 65536 Flags: 0xc4006 LoadCount: 0x73 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\MSASN1.DLL 119. mscat32.dll<0x000F28C8(4e108c8)>: BaseAddress: 0x76A00000 (1) EntryPoint: 0x76A01380 Size: 20480 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03e Wed Dec 01 07:37:34 1999 FullPath: C:\WINNT\system32\mscat32.dll 120. MSDTCPRX.dll<0x000A63E8(3de53e8)>: BaseAddress: 0x00DE0000 (3fb7000) EntryPoint: 0x00E377A0 Size: 671744 Flags: 0x2c4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39188103 Tue May 09 21:20:03 2000 FullPath: C:\WINNT\System32\MSDTCPRX.dll 121. msfaxmon.dll<0x00083EB0(1921eb0)>: BaseAddress: 0x6B460000 (2ec7000) EntryPoint: 0x6B461530 Size: 28672 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 384399ea Tue Nov 30 09:33:30 1999 FullPath: C:\WINNT\system32\msfaxmon.dll 122. msgina.dll<0x0007C5A0(79625a0)>: BaseAddress: 0x67D80000 (1) EntryPoint: 0x67D82218 Size: 344064 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 394147f2 Fri Jun 09 19:39:30 2000 FullPath: C:\WINNT\system32\msgina.dll 123. msgsvc.dll<0x000E9778(1bff778)>: BaseAddress: 0x76870000 (1c19000) EntryPoint: 0x00000000 Size: 45056 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\msgsvc.dll 124. mshtml.dll<0x000A1F50(31edf50)>: BaseAddress: 0x75AF0000 (1) EntryPoint: 0x75AF1A53 Size: 2359296 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb4b Wed Jun 14 20:30:03 2000 FullPath: C:\WINNT\System32\mshtml.dll 125. mshtmled.dll<0x000F0208(d20208)>: BaseAddress: 0x6B3D0000 (1) EntryPoint: 0x6B3D1274 Size: 245760 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb74 Wed Jun 14 20:30:44 2000 FullPath: C:\WINNT\System32\mshtmled.dll 126. MSI.DLL<0x000BB0E8(34270e8)>: BaseAddress: 0x770F0000 (1) EntryPoint: 0x770F1000 Size: 1826816 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 393863f3 Sat Jun 03 01:48:35 2000 FullPath: C:\WINNT\System32\MSI.DLL 127. MSIDLE.DLL<0x0008A298(57b6298)>: BaseAddress: 0x76A40000 (1f9000) EntryPoint: 0x76A4127B Size: 24576 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03e Wed Dec 01 07:37:34 1999 FullPath: C:\WINNT\system32\MSIDLE.DLL 128. MSLS31.DLL<0x000C99A0(35a99a0)>: BaseAddress: 0x75AC0000 (1) EntryPoint: 0x00000000 Size: 163840 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38439951 Tue Nov 30 09:30:57 1999 FullPath: C:\WINNT\System32\MSLS31.DLL 129. msprivs.dll<0x0007A2E8(7ace2e8)>: BaseAddress: 0x765E0000 (1) EntryPoint: 0x00000000 Size: 53248 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d041 Wed Dec 01 07:37:37 1999 FullPath: C:\WINNT\system32\msprivs.dll 130. MSTask.exe<0x00071EC0(5522ec0)>: BaseAddress: 0x01000000 (64d7000) EntryPoint: 0x01002F10 Size: 122880 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 37f2c607 Thu Sep 30 02:08:07 1999 FullPath: C:\WINNT\system32\MSTask.exe 131. msv1_0.dll<0x01305E48(2847e48)>: BaseAddress: 0x4D100000 (7bbc000) EntryPoint: 0x00000000 Size: 106496 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 397605bb Wed Jul 19 19:47:07 2000 FullPath: C:\WINNT\system32\msv1_0.dll 132. MSVCR70.dll<0x00132AC8(4d13ac8)>: BaseAddress: 0x7C000000 (4d52000) EntryPoint: 0x7C001624 Size: 344064 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3c36e574 Sat Jan 05 11:37:24 2002 FullPath: E:\Acquisition\FAU\MSVCR70.dll 133. MSVCRT.DLL<0x00072468(75dc468)>: BaseAddress: 0x78000000 (59bc000) EntryPoint: 0x78001C48 Size: 286720 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 37f2c227 Thu Sep 30 01:51:35 1999 FullPath: C:\WINNT\system32\MSVCRT.DLL 134. MSVFW32.dll<0x00159050(57a2050)>: BaseAddress: 0x6A8F0000 (5723000) EntryPoint: 0x6A8F442A Size: 131072 Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 384399f2 Tue Nov 30 09:33:38 1999 FullPath: C:\WINNT\System32\MSVFW32.dll 135. mswsock.dll<0x000EA4B8(1c7c4b8)>: BaseAddress: 0x74FF0000 (e6b000) EntryPoint: 0x74FF122C Size: 73728 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3919b98e Wed May 10 19:33:34 2000 FullPath: C:\WINNT\system32\mswsock.dll 136. MTXCLU.DLL<0x000A64A0(3de54a0)>: BaseAddress: 0x6A7A0000 (4303000) EntryPoint: 0x6A7A11B8 Size: 61440 Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 Timestamp: 384399f3 Tue Nov 30 09:33:39 1999 FullPath: C:\WINNT\System32\MTXCLU.DLL 137. mydocs.dll<0x00093C88(3101c88)>: BaseAddress: 0x76DF0000 (1) EntryPoint: 0x76DF1A8C Size: 69632 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03c Wed Dec 01 07:37:32 1999 FullPath: C:\WINNT\System32\mydocs.dll 138. NAKRNL32.DLL<0x00138888(7b6888)>: BaseAddress: 0x10000000 (456a000) EntryPoint: 0x1000871E Size: 73728 Flags: 0x84004 LoadCount: 0x3 TlsIndex: 0 Timestamp: 38ab7c52 Thu Feb 17 04:42:58 2000 FullPath: C:\Program Files\Common Files\Network Associates\McPal\NAKRNL32.DLL 139. NAUTIL32.DLL<0x00138A40(7b6a40)>: BaseAddress: 0x00A00000 (4654000) EntryPoint: 0x00A19301 Size: 237568 Flags: 0x284004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 38ab7d08 Thu Feb 17 04:46:00 2000 FullPath: C:\Program Files\Common Files\Network Associates\McPal\NAUTIL32.DLL 140. NAUTIL32.DLL<0x00136770(7de770)>: BaseAddress: 0x00AF0000 (4654000) EntryPoint: 0x00B09301 Size: 237568 Flags: 0x284004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 38ab7d08 Thu Feb 17 04:46:00 2000 FullPath: C:\Program Files\Common Files\Network Associates\McPal\NAUTIL32.DLL 141. NAUTIL32.DLL<0x001360C0(5dc0c0)>: BaseAddress: 0x009E0000 (4654000) EntryPoint: 0x009F9301 Size: 237568 Flags: 0x284004 LoadCount: 0x3 TlsIndex: 0 Timestamp: 38ab7d08 Thu Feb 17 04:46:00 2000 FullPath: C:\Program Files\Common Files\Network Associates\McPal\NAUTIL32.DLL 142. nc.exe<0x00131EC0(2267ec0)>: BaseAddress: 0x00400000 (2957000) EntryPoint: 0x00404C00 Size: 77824 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 34ae8eb9 Sat Jan 03 19:17:13 1998 FullPath: c:\winnt\system32\nc.exe 143. NDDEAPI.DLL<0x00072C60(75dcc60)>: BaseAddress: 0x769A0000 (1) EntryPoint: 0x769A1084 Size: 28672 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3844d03e Wed Dec 01 07:37:34 1999 FullPath: C:\WINNT\system32\NDDEAPI.DLL 144. NETAPI32.dll<0x000730A0(761e0a0)>: BaseAddress: 0x75170000 (7646000) EntryPoint: 0x7517348C Size: 323584 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3947eb77 Wed Jun 14 20:30:47 2000 FullPath: C:\WINNT\system32\NETAPI32.dll 145. netcfgx.dll<0x000C2948(1bc8948)>: BaseAddress: 0x6A4B0000 (386f000) EntryPoint: 0x6A4E5640 Size: 561152 Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 Timestamp: 395d347d Fri Jun 30 23:59:57 2000 FullPath: c:\winnt\system32\netcfgx.dll 146. netlogon.dll<0x00084EB8(82beb8)>: BaseAddress: 0x76580000 (1) EntryPoint: 0x7658189D Size: 368640 Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 Timestamp: 3947eb4a Wed Jun 14 20:30:02 2000 FullPath: C:\WINNT\system32\netlogon.dll 147. netman.dll<0x000910D0(2a150d0)>: BaseAddress: 0x76270000 (37cf000) EntryPoint: 0x76274CF0 Size: 102400 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 394193d7 Sat Jun 10 01:03:19 2000 FullPath: c:\winnt\system32\netman.dll 148. NETRAP.DLL<0x00073158(761e158)>: BaseAddress: 0x751C0000 (1) EntryPoint: 0x00000000 Size: 24576 Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3843995b Tue Nov 30 09:31:07 1999 FullPath: C:\WINNT\system32\NETRAP.DLL 149. NETSHELL.dll<0x000985B8(33bd5b8)>: BaseAddress: 0x76F20000 (35a4000) EntryPoint: 0x76F24A22 Size: 479232 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 394193d5 Sat Jun 10 01:03:17 2000 FullPath: C:\WINNT\system32\NETSHELL.dll 150. NETUI0.DLL<0x000CE150(3769150)>: BaseAddress: 0x75210000 (1) EntryPoint: 0x75211323 Size: 86016 Flags: 0xc4006 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3843995b Tue Nov 30 09:31:07 1999 FullPath: C:\WINNT\System32\NETUI0.DLL 151. NETUI1.DLL<0x000CE1E8(37691e8)>: BaseAddress: 0x751D0000 (1) EntryPoint: 0x751D15F4 Size: 229376 Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3843995b Tue Nov 30 09:31:07 1999 FullPath: C:\WINNT\System32\NETUI1.DLL 152. NTClient.dll<0x00138C68(7b6c68)>: BaseAddress: 0x11D00000 (4c37000) EntryPoint: 0x11D087C5 Size: 65536 Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 38bc1abe Tue Feb 29 19:15:10 2000 FullPath: C:\Program Files\McAfee\McAfee VirusScan\NTClient.dll 153. ntdll.dll<0x00161F30(4491f30)>: BaseAddress: 0x77F80000 (21d8000) EntryPoint: 0x00000000 Size: 499712 Flags: 0x4004 LoadCount: 0xffff TlsIndex: 0 Timestamp: 394193d2 Sat Jun 10 01:03:14 2000 FullPath: C:\WINNT\System32\ntdll.dll 154. NTDSAPI.DLL<0x000734B0(79694b0)>: BaseAddress: 0x77BF0000 (7a16000) EntryPoint: 0x77BF22CD Size: 69632 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3844d035 Wed Dec 01 07:37:25 1999 FullPath: C:\WINNT\system32\NTDSAPI.DLL 155. ntlanman.dll<0x000CDDB8(36b3db8)>: BaseAddress: 0x75160000 (1) EntryPoint: 0x75161358 Size: 49152 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3843995c Tue Nov 30 09:31:08 1999 FullPath: C:\WINNT\System32\ntlanman.dll 156. NTMARTA.DLL<0x000C5948(446e948)>: BaseAddress: 0x69BF0000 (67b9000) EntryPoint: 0x69C04B30 Size: 118784 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 384399fe Tue Nov 30 09:33:50 1999 FullPath: C:\WINNT\System32\NTMARTA.DLL 157. NTMSDBA.dll<0x000A5CB0(3de4cb0)>: BaseAddress: 0x76240000 (216f000) EntryPoint: 0x762460F8 Size: 180224 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 394193d7 Sat Jun 10 01:03:19 2000 FullPath: C:\WINNT\System32\NTMSDBA.dll 158. ntmssvc.dll<0x00081F38(4737f38)>: BaseAddress: 0x761D0000 (4a5d000) EntryPoint: 0x761D9AAC Size: 409600 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3843994a Tue Nov 30 09:30:50 1999 FullPath: c:\winnt\system32\ntmssvc.dll 159. ntshrui.dll<0x000D25A0(34345a0)>: BaseAddress: 0x76FA0000 (1) EntryPoint: 0x76FA1936 Size: 61440 Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 Timestamp: 3844d03b Wed Dec 01 07:37:31 1999 FullPath: C:\WINNT\System32\ntshrui.dll 160. OAKLEY.DLL<0x0009C550(4b3e550)>: BaseAddress: 0x76500000 (1) EntryPoint: 0x76503A84 Size: 487424 Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb4a Wed Jun 14 20:30:02 2000 FullPath: <Paged: 0:6790b0> 161. ole32.dll<0x000EE738(4d73738)>: BaseAddress: 0x77A50000 (58c9000) EntryPoint: 0x77A521CE Size: 1003520 Flags: 0x84006 LoadCount: 0x3d TlsIndex: 0 Timestamp: 39654811 Fri Jul 07 03:01:37 2000 FullPath: C:\WINNT\system32\ole32.dll 162. OLEAUT32.DLL<0x012F9A28(25cca28)>: BaseAddress: 0x779B0000 (58fa000) EntryPoint: 0x779BD03B Size: 610304 Flags: 0x84006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 391b7759 Fri May 12 03:15:37 2000 FullPath: C:\WINNT\system32\OLEAUT32.DLL 163. oledlg.dll<0x00133BB8(3f13bb8)>: BaseAddress: 0x752F0000 (598b000) EntryPoint: 0x752F1388 Size: 126976 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 384da96b Wed Dec 08 00:42:19 1999 FullPath: C:\WINNT\System32\oledlg.dll 164. OLEPRO32.DLL<0x00133D28(3f13d28)>: BaseAddress: 0x695E0000 (afe000) EntryPoint: 0x695F2AA0 Size: 167936 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 391b7794 Fri May 12 03:16:36 2000 FullPath: C:\WINNT\System32\OLEPRO32.DLL 165. PcfMgr.exe<0x00131EC0(5903ec0)>: BaseAddress: 0x00400000 (43ed000) EntryPoint: 0x00437C03 Size: 806912 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a24c45d Wed Nov 29 08:54:53 2000 FullPath: C:\Program Files\PowerPanel\Program\PcfMgr.exe 166. pjlmon.dll<0x0007FD68(2e80d68)>: BaseAddress: 0x76AB0000 (2fb8000) EntryPoint: 0x76AB1162 Size: 28672 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03e Wed Dec 01 07:37:34 1999 FullPath: C:\WINNT\system32\pjlmon.dll 167. PMDM.dll<0x00176D78(5810d78)>: BaseAddress: 0x01150000 (50a0000) EntryPoint: 0x01152E76 Size: 81920 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a246566 Wed Nov 29 02:09:42 2000 FullPath: C:\Program Files\PowerPanel\PROGRAM\PMDM.dll 168. pngfilt.dll<0x000D6B48(381eb48)>: BaseAddress: 0x69190000 (1) EntryPoint: 0x69194922 Size: 57344 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38439a0a Tue Nov 30 09:34:02 1999 FullPath: C:\WINNT\System32\pngfilt.dll 169. PnPEvent.dll<0x001335D8(3ae75d8)>: BaseAddress: 0x00250000 (3cac000) EntryPoint: 0x0025B92F Size: 94208 Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a1898cd Mon Nov 20 03:21:49 2000 FullPath: C:\Program Files\Sony\Jog Dial Utility\PnPEvent.dll 170. polagent.dll<0x00098F30(b8ef30)>: BaseAddress: 0x764E0000 (1) EntryPoint: 0x764E12B8 Size: 122880 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d041 Wed Dec 01 07:37:37 1999 FullPath: C:\WINNT\system32\polagent.dll 171. POWRPROF.DLL<0x000BCAA8(3426aa8)>: BaseAddress: 0x766F0000 (1) EntryPoint: 0x766F1B5C Size: 28672 Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 Timestamp: 3947eb49 Wed Jun 14 20:30:01 2000 FullPath: C:\WINNT\System32\POWRPROF.DLL 172. PRIMOSDK.dll<0x00132840(3724840)>: BaseAddress: 0x10000000 (3b89000) EntryPoint: 0x1000892E Size: 102400 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a7a30ac Fri Feb 02 03:59:40 2001 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\PRIMOSDK.dll 173. PROFMAP.DLL<0x00072FC8(75dcfc8)>: BaseAddress: 0x690F0000 (1) EntryPoint: 0x690F5D00 Size: 45056 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 38439a0a Tue Nov 30 09:34:02 1999 FullPath: C:\WINNT\system32\PROFMAP.DLL 174. psbase.dll<0x000C35D0(57785d0)>: BaseAddress: 0x76850000 (56c6000) EntryPoint: 0x768512D4 Size: 126976 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 394193d6 Sat Jun 10 01:03:18 2000 FullPath: C:\WINNT\system32\psbase.dll 175. PTLACPI.DLL<0x00176E18(5810e18)>: BaseAddress: 0x01190000 (7b64000) EntryPoint: 0x01195CB0 Size: 172032 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a24641a Wed Nov 29 02:04:10 2000 FullPath: C:\Program Files\PowerPanel\Program\PTLACPI.DLL 176. PX.dll<0x00132D58(3724d58)>: BaseAddress: 0x00230000 (3c84000) EntryPoint: 0x0024FA7B Size: 258048 Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a7a2bf5 Fri Feb 02 03:39:33 2001 FullPath: C:\WINNT\System32\PX.dll 177. PXMAS.DLL<0x00164FF0(4876ff0)>: BaseAddress: 0x01800000 (5f7000) EntryPoint: 0x0180EE58 Size: 118784 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a7a2c0c Fri Feb 02 03:39:56 2001 FullPath: C:\WINNT\System32\PXMAS.DLL 178. PXWAVE.DLL<0x001650A0(4d930a0)>: BaseAddress: 0x01930000 (4ddd000) EntryPoint: 0x0195FBF8 Size: 425984 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a7a2bfb Fri Feb 02 03:39:39 2001 FullPath: C:\WINNT\System32\PXWAVE.DLL 179. rasadhlp.dll<0x000E91D0(1bff1d0)>: BaseAddress: 0x777F0000 (381000) EntryPoint: 0x777F1380 Size: 20480 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d037 Wed Dec 01 07:37:27 1999 FullPath: C:\WINNT\system32\rasadhlp.dll 180. RASAPI32.DLL<0x000A09D8(aec9d8)>: BaseAddress: 0x774E0000 (b9d000) EntryPoint: 0x774E266A Size: 204800 Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\RASAPI32.DLL 181. RASDLG.dll<0x000C2A00(1bc8a00)>: BaseAddress: 0x75870000 (960000) EntryPoint: 0x7588FF81 Size: 536576 Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 Timestamp: 38498caf Sat Dec 04 21:50:39 1999 FullPath: c:\winnt\system32\RASDLG.dll 182. RASMAN.DLL<0x000A0A90(aeca90)>: BaseAddress: 0x774C0000 (c0e000) EntryPoint: 0x774C2168 Size: 69632 Flags: 0xc4006 LoadCount: 0x7 TlsIndex: 0 Timestamp: 3844d039 Wed Dec 01 07:37:29 1999 FullPath: C:\WINNT\system32\RASMAN.DLL 183. rasmans.dll<0x000C2740(1bc8740)>: BaseAddress: 0x75710000 (359b000) EntryPoint: 0x7571B7C8 Size: 167936 Flags: 0xc4004 LoadCount: 0x3 TlsIndex: 0 Timestamp: 38d84783 Wed Mar 22 04:09:39 2000 FullPath: c:\winnt\system32\rasmans.dll 184. regsvc.exe<0x00071EC0(57f7ec0)>: BaseAddress: 0x01000000 (524a000) EntryPoint: 0x01002E80 Size: 81920 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 38acaff3 Fri Feb 18 02:35:31 2000 FullPath: C:\WINNT\system32\regsvc.exe 185. ResDll.dll<0x00136D68(7ded68)>: BaseAddress: 0x11700000 (560e000) EntryPoint: 0x117010E9 Size: 331776 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38c5c7e7 Wed Mar 08 03:24:23 2000 FullPath: C:\Program Files\McAfee\McAfee VirusScan\ResDll.dll 186. RESUTILS.DLL<0x000A6738(3de5738)>: BaseAddress: 0x689D0000 (58d1000) EntryPoint: 0x689D2420 Size: 53248 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39518ef3 Thu Jun 22 03:58:43 2000 FullPath: C:\WINNT\System32\RESUTILS.DLL 187. rnr20.dll<0x000E8E40(4c4fe40)>: BaseAddress: 0x78280000 (361000) EntryPoint: 0x782811E9 Size: 49152 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb47 Wed Jun 14 20:29:59 2000 FullPath: C:\WINNT\System32\rnr20.dll 188. RPCRT4.DLL<0x000726B8(75dc6b8)>: BaseAddress: 0x77D40000 (591d000) EntryPoint: 0x77D43926 Size: 458752 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39654811 Fri Jul 07 03:01:37 2000 FullPath: C:\WINNT\system32\RPCRT4.DLL 189. rpcss.dll<0x00077400(ea0400)>: BaseAddress: 0x76190000 (e2d000) EntryPoint: 0x761914D4 Size: 245760 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb4a Wed Jun 14 20:30:02 2000 FullPath: c:\winnt\system32\rpcss.dll 190. rsabase.dll<0x0008BFF8(981ff8)>: BaseAddress: 0x00790000 (1) EntryPoint: 0x0079CBF5 Size: 143360 Flags: 0x2c4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 38e25c6d Wed Mar 29 19:41:33 2000 FullPath: C:\WINNT\system32\rsabase.dll 191. rsaenh.dll<0x000F2D28(4e10d28)>: BaseAddress: 0x7CA00000 (1) EntryPoint: 0x7CA0D4F4 Size: 143360 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38e25c83 Wed Mar 29 19:41:55 2000 FullPath: C:\WINNT\system32\rsaenh.dll 192. RTUTILS.DLL<0x000A08A0(aec8a0)>: BaseAddress: 0x77830000 (bb2000) EntryPoint: 0x77831D22 Size: 57344 Flags: 0xc4006 LoadCount: 0x9 TlsIndex: 0 Timestamp: 3844d037 Wed Dec 01 07:37:27 1999 FullPath: C:\WINNT\system32\RTUTILS.DLL 193. SAMLIB.DLL<0x00073210(761e210)>: BaseAddress: 0x75150000 (1) EntryPoint: 0x7515332C Size: 61440 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3843995c Tue Nov 30 09:31:08 1999 FullPath: C:\WINNT\system32\SAMLIB.DLL 194. SAMSRV.dll<0x00072E28(79b6e28)>: BaseAddress: 0x76450000 (1) EntryPoint: 0x00000000 Size: 372736 Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 39513380 Wed Jun 21 21:28:32 2000 FullPath: C:\WINNT\system32\SAMSRV.dll 195. scecli.dll<0x00096670(aac670)>: BaseAddress: 0x76430000 (1) EntryPoint: 0x764316BC Size: 114688 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d042 Wed Dec 01 07:37:38 1999 FullPath: C:\WINNT\system32\scecli.dll 196. SCESRV.DLL<0x000733F8(79693f8)>: BaseAddress: 0x76810000 (79a4000) EntryPoint: 0x76812A40 Size: 241664 Flags: 0x84006 LoadCount: 0xffff TlsIndex: -1 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\SCESRV.DLL 197. schannel.dll<0x00087B30(949b30)>: BaseAddress: 0x58800000 (1) EntryPoint: 0x588026E3 Size: 151552 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38d2cb8b Sat Mar 18 00:19:23 2000 FullPath: C:\WINNT\system32\schannel.dll 198. seclogon.dll<0x000CDC18(5fcc18)>: BaseAddress: 0x76800000 (657d000) EntryPoint: 0x00000000 Size: 28672 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\seclogon.dll 199. SeCommon.dll<0x00133210(3ae7210)>: BaseAddress: 0x00230000 (3b4b000) EntryPoint: 0x0023EE6C Size: 110592 Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a669908 Thu Jan 18 07:19:36 2001 FullPath: C:\Program Files\Sony\Jog Dial Utility\SeCommon.dll 200. SECUR32.DLL<0x00072F10(75dcf10)>: BaseAddress: 0x77BE0000 (75fa000) EntryPoint: 0x77BE1D94 Size: 61440 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3919b95d Wed May 10 19:32:45 2000 FullPath: C:\WINNT\system32\SECUR32.DLL 201. SeLocale.DLL<0x00137C60(3e65c60)>: BaseAddress: 0x00980000 (3ea6000) EntryPoint: 0x00981159 Size: 1642496 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a1898fa Mon Nov 20 03:22:34 2000 FullPath: C:\Program Files\Sony\Jog Dial Utility\SeLocale.DLL 202. sens.dll<0x00083CF8(7d51cf8)>: BaseAddress: 0x76180000 (68ea000) EntryPoint: 0x7618401A Size: 49152 Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 Timestamp: 3843994b Tue Nov 30 09:30:51 1999 FullPath: c:\winnt\system32\sens.dll 203. sensapi.dll<0x000AD490(3377490)>: BaseAddress: 0x75AB0000 (1) EntryPoint: 0x75AB1641 Size: 20480 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38439951 Tue Nov 30 09:30:57 1999 FullPath: C:\WINNT\System32\sensapi.dll 204. services.exe<0x00071EC0(78b4ec0)>: BaseAddress: 0x01000000 (7963000) EntryPoint: 0x0100142C Size: 98304 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3814ad6e Mon Oct 25 19:20:14 1999 FullPath: C:\WINNT\system32\services.exe 205. SeTimer.dll<0x00132FC0(39d3fc0)>: BaseAddress: 0x10000000 (2d53000) EntryPoint: 0x100035C9 Size: 36864 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a1898b6 Mon Nov 20 03:21:26 2000 FullPath: C:\Program Files\Sony\Jog Dial Utility\SeTimer.dll 206. setupapi.dll<0x0007DCE0(7ce2ce0)>: BaseAddress: 0x77880000 (1) EntryPoint: 0x77882B18 Size: 577536 Flags: 0x84004 LoadCount: 0x3 TlsIndex: 0 Timestamp: 3947eb47 Wed Jun 14 20:29:59 2000 FullPath: C:\WINNT\system32\setupapi.dll 207. SFC.DLL<0x00072D98(75dcd98)>: BaseAddress: 0x76980000 (1) EntryPoint: 0x76986617 Size: 110592 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 395d23ae Fri Jun 30 22:48:14 2000 FullPath: C:\WINNT\system32\SFC.DLL 208. sfcfiles.dll<0x00162790(4472790)>: BaseAddress: 0x68010000 (5839000) EntryPoint: 0x68011080 Size: 1007616 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 384da999 Wed Dec 08 00:43:05 1999 FullPath: C:\WINNT\System32\sfcfiles.dll 209. shdoclc.dll<0x000D2680(3434680)>: BaseAddress: 0x76D90000 (1) EntryPoint: 0x00000000 Size: 339968 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38e3fd11 Fri Mar 31 01:19:13 2000 FullPath: C:\WINNT\System32\shdoclc.dll 210. SHDOCVW.DLL<0x000858A0(30078a0)>: BaseAddress: 0x76C80000 (1) EntryPoint: 0x76C866D0 Size: 1114112 Flags: 0xc4004 LoadCount: 0xc TlsIndex: 0 Timestamp: 3947eb48 Wed Jun 14 20:30:00 2000 FullPath: C:\WINNT\System32\SHDOCVW.DLL 211. SHELL32.DLL<0x0007C658(7962658)>: BaseAddress: 0x69800000 (1) EntryPoint: 0x69807DDC Size: 2367488 Flags: 0x84006 LoadCount: 0x4 TlsIndex: 0 Timestamp: 3947dfef Wed Jun 14 19:41:35 2000 FullPath: C:\WINNT\system32\SHELL32.DLL 212. SHLWAPI.DLL<0x0007C710(7962710)>: BaseAddress: 0x77C70000 (1) EntryPoint: 0x77C78190 Size: 303104 Flags: 0xc4006 LoadCount: 0x6 TlsIndex: 0 Timestamp: 3947eb46 Wed Jun 14 20:29:58 2000 FullPath: C:\WINNT\system32\SHLWAPI.DLL 213. smss.exe<0x00161EC0(4491ec0)>: BaseAddress: 0x48580000 (4483000) EntryPoint: 0x48589586 Size: 57344 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 38acc774 Fri Feb 18 04:15:48 2000 FullPath: \SystemRoot\System32\smss.exe 214. SnyUtils.dll<0x00146500(2faa500)>: BaseAddress: 0x00FF0000 (261000) EntryPoint: 0x00FF6589 Size: 57344 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a480170 Tue Dec 26 02:24:48 2000 FullPath: C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll 215. SnyUtils.dll<0x0014AAB0(7c70ab0)>: BaseAddress: 0x01670000 (261000) EntryPoint: 0x01676589 Size: 57344 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a480170 Tue Dec 26 02:24:48 2000 FullPath: C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll 216. SnyUtils.dll<0x00177FA0(51b1fa0)>: BaseAddress: 0x015D0000 (261000) EntryPoint: 0x015D6589 Size: 57344 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a480170 Tue Dec 26 02:24:48 2000 FullPath: C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll 217. SPOOLSS.DLL<0x0007ADB0(25adb0)>: BaseAddress: 0x76A90000 (2a7c000) EntryPoint: 0x76A922BC Size: 73728 Flags: 0xc4004 LoadCount: 0xc TlsIndex: 0 Timestamp: 3844d03e Wed Dec 01 07:37:34 1999 FullPath: C:\WINNT\system32\SPOOLSS.DLL 218. spoolsv.exe<0x00071EC0(310ec0)>: BaseAddress: 0x01000000 (39a000) EntryPoint: 0x01001124 Size: 53248 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3814ad79 Mon Oct 25 19:20:25 1999 FullPath: C:\WINNT\system32\spoolsv.exe 219. Srvsvc.dll<0x000BEBD8(298fbd8)>: BaseAddress: 0x767E0000 (4afe000) EntryPoint: 0x00000000 Size: 90112 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\Srvsvc.dll 220. SSLEAY32.dll<0x001333A0(3fbd3a0)>: BaseAddress: 0x60F30000 (1) EntryPoint: 0x60F48AF1 Size: 184320 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3861b23c Thu Dec 23 05:25:16 1999 FullPath: C:\Program Files\Support.com\Client\bin\SSLEAY32.dll 221. stobject.dll<0x000BB188(3427188)>: BaseAddress: 0x766D0000 (1) EntryPoint: 0x766D1300 Size: 98304 Flags: 0xc4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3947eb49 Wed Jun 14 20:30:01 2000 FullPath: C:\WINNT\System32\stobject.dll 222. svchost.exe<0x00071EC0(eb1ec0)>: BaseAddress: 0x01000000 (de7000) EntryPoint: 0x010010B8 Size: 20480 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3814ad86 Mon Oct 25 19:20:38 1999 FullPath: C:\WINNT\system32\svchost.exe 223. sxbios.dll<0x0013C9A0(43d59a0)>: BaseAddress: 0x01000000 (4724000) EntryPoint: 0x01002D87 Size: 122880 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 399bbff7 Thu Aug 17 10:35:35 2000 FullPath: C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll 224. sxbios.dll<0x0014B018(7b76018)>: BaseAddress: 0x01680000 (4724000) EntryPoint: 0x01682D87 Size: 122880 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 399bbff7 Thu Aug 17 10:35:35 2000 FullPath: C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll 225. sxbios.dll<0x001764B0(58104b0)>: BaseAddress: 0x015E0000 (4724000) EntryPoint: 0x015E2D87 Size: 122880 Flags: 0x284004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 399bbff7 Thu Aug 17 10:35:35 2000 FullPath: C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll 226. Syncutil.dll<0x00138E20(7b6e20)>: BaseAddress: 0x11A00000 (49bd000) EntryPoint: 0x11A2DF13 Size: 266240 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38c5c798 Wed Mar 08 03:23:04 2000 FullPath: C:\Program Files\McAfee\McAfee VirusScan\Syncutil.dll 227. TAPI32.DLL<0x000A0B48(aecb48)>: BaseAddress: 0x77530000 (bbc000) EntryPoint: 0x77532E60 Size: 139264 Flags: 0x84006 LoadCount: 0x7 TlsIndex: 0 Timestamp: 3844d038 Wed Dec 01 07:37:28 1999 FullPath: C:\WINNT\system32\TAPI32.DLL 228. tapisrv.dll<0x000BAF98(2102f98)>: BaseAddress: 0x66DF0000 (391a000) EntryPoint: 0x66E10E20 Size: 180224 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38439a28 Tue Nov 30 09:34:32 1999 FullPath: c:\winnt\system32\tapisrv.dll 229. tcpmon.dll<0x0007FE58(2e80e58)>: BaseAddress: 0x76A80000 (2ed6000) EntryPoint: 0x76A8119C Size: 53248 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb48 Wed Jun 14 20:30:00 2000 FullPath: C:\WINNT\system32\tcpmon.dll 230. tgcmd.exe<0x00131EC0(3ed6ec0)>: BaseAddress: 0x00400000 (1) EntryPoint: 0x0040FB59 Size: 675840 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3a6f2967 Wed Jan 24 19:13:43 2001 FullPath: <Paged: 0:6535a8> 231. TRANS.DLL<0x00165110(4d93110)>: BaseAddress: 0x01AB0000 (4bcd000) EntryPoint: 0x01AB1771 Size: 28672 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 399d2ab4 Fri Aug 18 12:23:16 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\TRANS.DLL 232. TRANSWIN.dll<0x00133758(3f13758)>: BaseAddress: 0x00330000 (5962000) EntryPoint: 0x00331C79 Size: 28672 Flags: 0x284006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 399d2ac0 Fri Aug 18 12:23:28 2000 FullPath: C:\Program Files\Drag'n Drop CD\BinFiles\TRANSWIN.dll 233. trkwks.dll<0x000C8F80(4bb3f80)>: BaseAddress: 0x767C0000 (4e4c000) EntryPoint: 0x767C4B9C Size: 102400 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\trkwks.dll 234. TXFAUX.DLL<0x0007BF58(1aecf58)>: BaseAddress: 0x76120000 (15bb000) EntryPoint: 0x761246CB Size: 360448 Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 Timestamp: 3843994b Tue Nov 30 09:30:51 1999 FullPath: c:\winnt\system32\TXFAUX.DLL 235. UILib.dll<0x001443F0(66b23f0)>: BaseAddress: 0x01140000 (4548000) EntryPoint: 0x0119777A Size: 1626112 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39acf4d1 Wed Aug 30 11:49:37 2000 FullPath: C:\PROGRA~1\COMMON~1\SONYSH~1\UILIBR~1\UILib.dll 236. UILib.dll<0x001624F0(1494f0)>: BaseAddress: 0x10000000 (4548000) EntryPoint: 0x1005777A Size: 1626112 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 39acf4d1 Wed Aug 30 11:49:37 2000 FullPath: C:\PROGRA~1\COMMON~1\SONYSH~1\UILIBR~1\UILib.dll 237. UMGR32.EXE<0x00131EC0(4cacec0)>: BaseAddress: 0x03140000 (4ac4000) EntryPoint: 0x03145232 Size: 155648 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 41a4d206 Wed Nov 24 18:25:10 2004 FullPath: C:\WINNT\System32\UMGR32.EXE 238. UMPNPMGR.DLL<0x00073288(7969288)>: BaseAddress: 0x767A0000 (78ea000) EntryPoint: 0x767A3C6C Size: 98304 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3844d03f Wed Dec 01 07:37:35 1999 FullPath: C:\WINNT\system32\UMPNPMGR.DLL 239. URLMON.DLL<0x000980E8(2dac0e8)>: BaseAddress: 0x1A400000 (1) EntryPoint: 0x1A401450 Size: 462848 Flags: 0x84004 LoadCount: 0x3 TlsIndex: 0 Timestamp: 39414999 Fri Jun 09 19:46:33 2000 FullPath: C:\WINNT\system32\URLMON.DLL 240. usbmon.dll<0x0007DAA8(2dddaa8)>: BaseAddress: 0x76A70000 (2f93000) EntryPoint: 0x76A710CC Size: 24576 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03e Wed Dec 01 07:37:34 1999 FullPath: C:\WINNT\system32\usbmon.dll 241. USER32.DLL<0x00163080(691d080)>: BaseAddress: 0x77E10000 (5a02000) EntryPoint: 0x77E249C5 Size: 409600 Flags: 0xc4006 LoadCount: 0x4 TlsIndex: 0 Timestamp: 394193d2 Sat Jun 10 01:03:14 2000 FullPath: C:\WINNT\system32\USER32.DLL 242. USERENV.DLL<0x00072BA8(75dcba8)>: BaseAddress: 0x77C10000 (1) EntryPoint: 0x77C16C8A Size: 380928 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 394193d3 Sat Jun 10 01:03:15 2000 FullPath: C:\WINNT\system32\USERENV.DLL 243. USP10.DLL<0x00104E38(518fe38)>: BaseAddress: 0x66650000 (1) EntryPoint: 0x6665DE8C Size: 344064 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38d84800 Wed Mar 22 04:11:44 2000 FullPath: C:\WINNT\System32\USP10.DLL 244. VERSION.dll<0x00130C40(63cc40)>: BaseAddress: 0x77820000 (1) EntryPoint: 0x77821114 Size: 28672 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d037 Wed Dec 01 07:37:27 1999 FullPath: C:\WINNT\system32\VERSION.dll 245. VsStat.exe<0x00131EC0(4f90ec0)>: BaseAddress: 0x00400000 (e51000) EntryPoint: 0x0040AC9F Size: 94208 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 398a0077 Thu Aug 03 23:29:59 2000 FullPath: C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe 246. VsUtil.dll<0x00137E00(125e00)>: BaseAddress: 0x11400000 (2810000) EntryPoint: 0x11413B10 Size: 307200 Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 38c5c736 Wed Mar 08 03:21:26 2000 FullPath: C:\Program Files\McAfee\McAfee VirusScan\VsUtil.dll 247. VXDIF.DLL<0x00136018(3913018)>: BaseAddress: 0x10000000 (39b5000) EntryPoint: 0x10001000 Size: 40960 Flags: 0x84004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3854970f Mon Dec 13 06:49:51 1999 FullPath: C:\WINNT\System32\VXDIF.DLL 248. Vxdif.dll<0x0014F948(2f84948)>: BaseAddress: 0x01DA0000 (39b5000) EntryPoint: 0x01DA1000 Size: 40960 Flags: 0x284006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3854970f Mon Dec 13 06:49:51 1999 FullPath: C:\WINNT\System32\Vxdif.dll 249. Vxdif.dll<0x001C62C0(31572c0)>: BaseAddress: 0x03C60000 (39b5000) EntryPoint: 0x03C61000 Size: 40960 Flags: 0x284006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3854970f Mon Dec 13 06:49:51 1999 FullPath: C:\WINNT\System32\Vxdif.dll 250. wbemcomn.dll<0x001327E8(41db7e8)>: BaseAddress: 0x65C20000 (1) EntryPoint: 0x65C8861C Size: 708608 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 38d84805 Wed Mar 22 04:11:49 2000 FullPath: C:\WINNT\System32\WBEM\wbemcomn.dll 251. wdmaud.drv<0x0007E060(8f2060)>: BaseAddress: 0x77560000 (1) EntryPoint: 0x7756378E Size: 36864 Flags: 0xc4004 LoadCount: 0x4 TlsIndex: 0 Timestamp: 3844d038 Wed Dec 01 07:37:28 1999 FullPath: C:\WINNT\system32\wdmaud.drv 252. webcheck.dll<0x000BB138(3427138)>: BaseAddress: 0x76680000 (1) EntryPoint: 0x76681384 Size: 266240 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb49 Wed Jun 14 20:30:01 2000 FullPath: C:\WINNT\System32\webcheck.dll 253. webvw.dll<0x000EBEB0(6aeaeb0)>: BaseAddress: 0x658F0000 (1) EntryPoint: 0x658F2374 Size: 1130496 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38470101 Thu Dec 02 23:30:09 1999 FullPath: C:\WINNT\System32\webvw.dll 254. win32spl.dll<0x0007E3E8(2dde3e8)>: BaseAddress: 0x76A50000 (7d8a000) EntryPoint: 0x76A512A4 Size: 126976 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb48 Wed Jun 14 20:30:00 2000 FullPath: C:\WINNT\system32\win32spl.dll 255. WinButton.apo<0x00181200(3630200)>: BaseAddress: 0x03450000 (1e41000) EntryPoint: 0x03461EEE Size: 319488 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 4147614e Tue Sep 14 21:23:26 2004 FullPath: E:\AutoPlay\Plugins\WinButton\WinButton.apo 256. winlogon.exe<0x00071EC0(75fbec0)>: BaseAddress: 0x01000000 (75bc000) EntryPoint: 0x01001674 Size: 184320 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3947e26f Wed Jun 14 19:52:15 2000 FullPath: \??\C:\WINNT\system32\winlogon.exe 257. WinMgmt.exe<0x00131EC0(ffcec0)>: BaseAddress: 0x00400000 (1) EntryPoint: 0x0041EFB6 Size: 196608 Flags: 0x5000 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3886529e Thu Jan 20 00:11:10 2000 FullPath: <Paged: 0:6c0584> 258. WINMM.dll<0x0007DBF0(7ce2bf0)>: BaseAddress: 0x77570000 (7cd4000) EntryPoint: 0x77574164 Size: 196608 Flags: 0xc4004 LoadCount: 0xa TlsIndex: 0 Timestamp: 3844d038 Wed Dec 01 07:37:28 1999 FullPath: C:\WINNT\system32\WINMM.dll 259. winrnr.dll<0x000E9140(1bff140)>: BaseAddress: 0x777E0000 (331000) EntryPoint: 0x777E10C5 Size: 32768 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d037 Wed Dec 01 07:37:27 1999 FullPath: C:\WINNT\System32\winrnr.dll 260. WINSCARD.DLL<0x012F5B20(1da8b20)>: BaseAddress: 0x76960000 (1) EntryPoint: 0x769611DD Size: 94208 Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d03e Wed Dec 01 07:37:34 1999 FullPath: C:\WINNT\system32\WINSCARD.DLL 261. WINSPOOL.DRV<0x012F5B70(1da8b70)>: BaseAddress: 0x77800000 (1) EntryPoint: 0x77801AFA Size: 118784 Flags: 0xc4006 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb47 Wed Jun 14 20:29:59 2000 FullPath: C:\WINNT\system32\WINSPOOL.DRV 262. winsrv.dll<0x00162FC8(6903fc8)>: BaseAddress: 0x5FFB0000 (691e000) EntryPoint: 0x00000000 Size: 262144 Flags: 0x4004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 39419421 Sat Jun 10 01:04:33 2000 FullPath: C:\WINNT\system32\winsrv.dll 263. WINSTA.DLL<0x000B15C0(d3d5c0)>: BaseAddress: 0x65780000 (d06000) EntryPoint: 0x65782411 Size: 49152 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38d84808 Wed Mar 22 04:11:52 2000 FullPath: C:\WINNT\system32\WINSTA.DLL 264. wintrust.dll<0x000EB640(496a640)>: BaseAddress: 0x76930000 (4a55000) EntryPoint: 0x76952F60 Size: 176128 Flags: 0xc4004 LoadCount: 0x38 TlsIndex: 0 Timestamp: 3844d03e Wed Dec 01 07:37:34 1999 FullPath: C:\WINNT\system32\wintrust.dll 265. wkssvc.dll<0x000C0630(4d61630)>: BaseAddress: 0x76770000 (5614000) EntryPoint: 0x00000000 Size: 106496 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb49 Wed Jun 14 20:30:01 2000 FullPath: C:\WINNT\system32\wkssvc.dll 266. WLDAP32.DLL<0x00073438(761e438)>: BaseAddress: 0x77950000 (1) EntryPoint: 0x7795194E Size: 167936 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3919b95d Wed May 10 19:32:45 2000 FullPath: C:\WINNT\system32\WLDAP32.DLL 267. WlNotify.dll<0x000F4280(54dc280)>: BaseAddress: 0x76920000 (1) EntryPoint: 0x76921FD2 Size: 61440 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3947eb49 Wed Jun 14 20:30:01 2000 FullPath: C:\WINNT\system32\WlNotify.dll 268. WMHook.dll<0x000EFF98(66caf98)>: BaseAddress: 0x10000000 (1) EntryPoint: 0x10001659 Size: 40960 Flags: 0x84004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: C:\Program Files\Sony\Jog Dial Utility\WMHook.dll 269. WMHook.dll<0x001457D8(3b997d8)>: BaseAddress: 0x013B0000 (40bd000) EntryPoint: 0x013B1659 Size: 40960 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: C:\Program Files\Sony\Jog Dial Utility\WMHook.dll 270. WMHook.dll<0x00146A80(2faaa80)>: BaseAddress: 0x00ED0000 (40bd000) EntryPoint: 0x00ED1659 Size: 40960 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: C:\Program Files\Sony\Jog Dial Utility\WMHook.dll 271. WMHook.dll<0x0014BC10(7b76c10)>: BaseAddress: 0x018B0000 (40bd000) EntryPoint: 0x018B1659 Size: 40960 Flags: 0x284004 LoadCount: 0x2 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: C:\Program Files\Sony\Jog Dial Utility\WMHook.dll 272. WMHook.dll<0x00165268(4d93268)>: BaseAddress: 0x02020000 (40bd000) EntryPoint: 0x02021659 Size: 40960 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: C:\Program Files\Sony\Jog Dial Utility\WMHook.dll 273. WMHook.dll<0x00134F28(3e32f28)>: BaseAddress: 0x00B40000 (40bd000) EntryPoint: 0x00B41659 Size: 40960 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: C:\Program Files\Sony\Jog Dial Utility\WMHook.dll 274. WMHook.dll<0x00134CE8(3f78ce8)>: BaseAddress: 0x009C0000 (40bd000) EntryPoint: 0x009C1659 Size: 40960 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: C:\Program Files\Sony\Jog Dial Utility\WMHook.dll 275. WMHook.dll<0x00176B20(5810b20)>: BaseAddress: 0x01860000 (40bd000) EntryPoint: 0x01861659 Size: 40960 Flags: 0x284004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3a2a17d9 Sun Dec 03 09:52:25 2000 FullPath: C:\Program Files\Sony\Jog Dial Utility\WMHook.dll 276. WMI.dll<0x00098B00(33bdb00)>: BaseAddress: 0x76110000 (352b000) EntryPoint: 0x00000000 Size: 16384 Flags: 0x4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 38448c09 Wed Dec 01 02:46:33 1999 FullPath: C:\WINNT\System32\WMI.dll 277. wmicore.dll<0x000D60B0(44ce0b0)>: BaseAddress: 0x76750000 (2291000) EntryPoint: 0x76751134 Size: 86016 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3844d040 Wed Dec 01 07:37:36 1999 FullPath: C:\WINNT\system32\wmicore.dll 278. WS2_32.DLL<0x000732C8(761e2c8)>: BaseAddress: 0x75030000 (1) EntryPoint: 0x7503134C Size: 81920 Flags: 0x84006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3919b9a8 Wed May 10 19:34:00 2000 FullPath: C:\WINNT\system32\WS2_32.DLL 279. WS2HELP.DLL<0x00073380(761e380)>: BaseAddress: 0x75020000 (1) EntryPoint: 0x750211AE Size: 32768 Flags: 0xc4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3843995d Tue Nov 30 09:31:09 1999 FullPath: C:\WINNT\system32\WS2HELP.DLL 280. wshtcpip.dll<0x000F0E40(1b1ce40)>: BaseAddress: 0x75010000 (f54000) EntryPoint: 0x750111A4 Size: 28672 Flags: 0xc4004 LoadCount: 0x1 TlsIndex: 0 Timestamp: 3843995d Tue Nov 30 09:31:09 1999 FullPath: C:\WINNT\System32\wshtcpip.dll 281. WSOCK32.DLL<0x000735A8(761e5a8)>: BaseAddress: 0x75050000 (1) EntryPoint: 0x00000000 Size: 32768 Flags: 0x4006 LoadCount: 0xffff TlsIndex: 0 Timestamp: 3947eb91 Wed Jun 14 20:31:13 2000 FullPath: C:\WINNT\system32\WSOCK32.DLL User modules loaded: 280 Tcpip IFList: 0xF83273E4(2b0c3e4) IPInterface: 0xF8325FE0 (2b0afe0) ArpEntry: 0xFCCC95E8 (12e65e8) NumGateways: 0 Gateways: GatewayMetrics: InterfaceMetric: 0 IFNumber: 0x1 Ttl: 0 State: 0 Speed: 0x989680 PhysicalAddressSize: 0x0 EnableSniffer: 0 IPInterface: 0xFCD8BD88 (13a8d88) ArpEntry: 0xFCC90E48 (12ade48) NumGateways: 0 Gateways: GatewayMetrics: InterfaceMetric: 1 IFNumber: 0x2 Ttl: 1 State: 0 Speed: 0x17d78400 PhysicalAddressSize: 0x6 PhysicalAddress: 0xFCC90EBC (12adebc) 08-00-46-02-22-f0 RegistryKey: Tcpip\Parameters\Interfaces\{E41F8207-9EAD-4C09-8BC4-06F8E425196E} Name: \DEVICE\TCPIP_{E41F8207-9EAD-4C09-8BC4-06F8E425196E} EnableSniffer: 0 IPInterface: 0xFCC86D88 (12a3d88) ArpEntry: 0xFCD6DE48 (138ae48) NumGateways: 0 Gateways: GatewayMetrics: InterfaceMetric: 1 IFNumber: 0x1000004 Ttl: 1 State: 0 Speed: 0x989680 PhysicalAddressSize: 0x6 PhysicalAddress: 0xFCD6DEBC (138aebc) 08-00-46-18-65-ad RegistryKey: Tcpip\Parameters\Interfaces\{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} Name: \DEVICE\TCPIP_{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} EnableSniffer: 0 Interface Count: 3 ArpInterfaceList: 0xF8326190(2b0b190) ArpInterface: 0xFCC90E48 (12ade48) NetTableEntry: 0xFCC8F1C8 (12ac1c8) PhysicalAddress: 08-00-46-02-22-f0 TickCount: 0x0 DeviceDescription: 1 RootDeviceName: \DEVICE\{E41F8207-9EAD-4C09-8BC4-06F8E425196E} ArpTable: 0xFCC910C8 (12ae0c8) Presumed ArpTable size: 0x26 (Warning: Verify table size manually.) ArpInterface: 0xFCD6DE48 (138ae48) NetTableEntry: 0xFCD680A8 (13850a8) PhysicalAddress: 08-00-46-18-65-ad TickCount: 0x0 DeviceDescription: 1 RootDeviceName: \DEVICE\{45DC6740-1C3D-4AAD-BC58-B497ECC02D3D} ArpTable: 0xFCD6DDA8 (138ada8) Presumed ArpTable size: 0x26 (Warning: Verify table size manually.) ArpCacheEntry: 0xFCA37968 (1054968) CreateTime: 0xcc0cf InetAddress: 192.168.0.5 PhysicalAddress: 00-00-e2-8a-c4-6b CacheLife: 0x34 Type: dynamic Arp Interface Count: 1 AddrObjTable: 0xF8321EC0 (2b26ec0) AddrObjTableSize: 18 Table: 0xF8321EC0 (2b26ec0) Address Object: 0xFF157268 (4054268) Local Address: 0x200a8c0:8a00 192.168.0.2:138 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} Address Object: 0xFF160E48 (708e48) Local Address: 0x200a8c0:8900 192.168.0.2:137 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} Address Object: 0xFF1D9928 (1ee9928) Local Address: 0x200a8c0:8b00 192.168.0.2:139 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF161A88:FCC5C808} Address Object: 0xFF1E4008 (4d3c008) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} Address Object: 0xFF2721C8 (e841c8) Local Address: 0x0:8700 0.0.0.0:135 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF27AE88:FF272868} Address Object: 0xFCC8DB68 (12aab68) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF20A808:FF1496A8} Address Object: 0xFCC8DE08 (12aae08) Local Address: 0x0:bd01 0.0.0.0:445 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} Address Object: 0xFF19B828 (384a828) Local Address: 0x200a8c0:f401 192.168.0.2:500 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} Address Object: 0xFF16D008 (ab9008) Local Address: 0x0:8102 0.0.0.0:641 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF250F08:FF24EC28} Address Object: 0xFF16D688 (ab9688) Local Address: 0x0:8d02 0.0.0.0:653 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFCC5C948:FF2518A8} Address Object: 0xFF136008 (3629008) Local Address: 0x0:304 0.0.0.0:1027 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} Address Object: 0xFF1E5968 (626968) Local Address: 0x0:204 0.0.0.0:1026 Protocol: 17 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {-:-} Address Object: 0xFF22DD28 (6ba7d28) Local Address: 0x0:104 0.0.0.0:1025 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF22D228:FF22EB68} Address Object: 0xFF2542E8 (29ac2e8) Local Address: 0x0:b80b 0.0.0.0:3000 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF2562A8:FF2562A8} Address Object: 0xFF22F888 (2c02888) Local Address: 0x0:9cad 0.0.0.0:44444 Protocol: 6 MCastIF: 0x0 Flags1: 0x88 Flags2: 0x4 AssociatedConnections: { -:-} {0xFF1593E8:FF235568} Address Object Count: 15 NumTcbTablePartitions: 0xF8320868(2b25868) Value: 4 PerPartitionSize: 0xF832086C(2b2586c) Value: 128 TcbTable: 0xF8321B6C (2b26b6c) Value: 0xFCD7D040 (139a040) SynAttackProtect: 0xF8321CF0 Value: False MaxHashTableSize: 0xF8320864(2b25864) Value: 512 TWTcbTable: 0xF8321C20 (2b26c20) Value: 0xFCC9A6C0 (12b76c0) TWTCB: 0xFF1A2CC8 (364ecc8) Connection: 0x200a8c0:604-->0x500a8c0:8504 192.168.0.2:1030-->192.168.0.5:1157 SomeSequenceNumber1: 0x718b796b SomeSequenceNumber2: 0x718b796b TWTCB: 0xFF192B28 (3992b28) Connection: 0x200a8c0:9cad-->0x500a8c0:8104 192.168.0.2:44444-->192.168.0.5:1153 SomeSequenceNumber1: 0x70b75eaf SomeSequenceNumber2: 0x70b75eaf TWTCB: 0xFF1A36E8 (362e6e8) Connection: 0x200a8c0:404-->0x500a8c0:8304 192.168.0.2:1028-->192.168.0.5:1155 SomeSequenceNumber1: 0x71756a79 SomeSequenceNumber2: 0x71756a79 TWTCB: 0xFF2007E8 (4dd87e8) Connection: 0x200a8c0:504-->0x500a8c0:8404 192.168.0.2:1029-->192.168.0.5:1156 SomeSequenceNumber1: 0x71814e57 SomeSequenceNumber2: 0x71814e57