by john_m_nash » November 18th, 2010, 5:04 pm
Scanner report (finally)
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8E80E000 C:\Windows\system32\DRIVERS\atikmdag.sys 7540736 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x85C00000 C:\Windows\system32\ntoskrnl.exe 3846144 bytes (Microsoft Corporation, NT Kernel & System)
0x85C00000 PnpManager 3846144 bytes
0x85C00000 RAW 3846144 bytes
0x85C00000 WMIxWDM 3846144 bytes
0x814E0000 Win32k 2109440 bytes
0x814E0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x92E21000 C:\Windows\system32\drivers\RTKVHDA.sys 1638400 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x939DE000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101117.019\NAVEX15.SYS 1368064 bytes (Symantec Corporation, AV Engine)
0x9380D000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
0x89C08000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x89911000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x89A82000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x864D7000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x8327A000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8300B000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x9AA1F000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0x8EF3F000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x89E8C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x92C02000 C:\Windows\system32\DRIVERS\athr.sys 528384 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x9A9A0000 C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0x865B7000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x898A0000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8640D000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x830BB000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9A90E000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x9A8B3000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101116.002\IDSvix86.sys 372736 bytes (Symantec Corporation, IDS Core Driver)
0x89B87000 C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0x93936000 C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0x89801000 C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS 352256 bytes (Symantec Corporation, Symantec Data Store)
0x8322C000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x866E9000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x89FB0000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x86640000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x86496000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x92CB6000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x89E27000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9A86D000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x89A47000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x831B3000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x89D18000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x92DDB000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x85FAB000 ACPI_HAL 208896 bytes
0x85FAB000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x867AB000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9A804000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x92C87000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x86748000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x92FB1000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89867000 C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS 184320 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x89A1C000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x89F45000 C:\Windows\system32\DRIVERS\SynTP.sys 176128 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x92D91000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9AB37000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x83399000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x83204000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x89D82000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x86697000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x89F8B000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x93B2C000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x92D24000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x89DBA000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x83173000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x93B91000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9398D000 C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0x83194000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8678D000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9A96C000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x83128000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x89B6C000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9AB04000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x83145000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x89E74000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x831EC000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9A989000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x92D02000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8336E000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x9A836000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x93BE4000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8315E000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x92D6A000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x89D5E000 C:\Windows\system32\DRIVERS\sbp2port.sys 86016 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0x833C1000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x833D6000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x93B51000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101117.019\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x92D56000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x92FDE000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x89F19000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x9AB6B000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9A85A000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x833EB000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x89DA9000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x92E10000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8647D000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x89857000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x939B5000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9AB27000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x86775000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x89F7B000 C:\Windows\system32\DRIVERS\Rtnicxp.sys 65536 bytes (Realtek Semiconductor Corporation , Realtek 10/100 NDIS 5.1 Driver )
0x92D7F000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x89E18000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x9AAF5000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x89D73000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x866BE000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x92D47000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x89E65000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x866DA000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x81720000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x9A84C000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x93BCD000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8673A000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x89F2C000 C:\Windows\system32\DRIVERS\qkbfiltr.sys 57344 bytes (TOSHIBA, TOSHIBA HotKey Keyboard Filter Driver)
0x9AACB000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x93929000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x92DCE000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x86633000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x89894000 C:\Windows\System32\Drivers\PxHelp20.sys 49152 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x83362000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x93B85000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8EFDE000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x9AAD8000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x89F3A000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x89F70000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x93BC2000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x92D19000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x92CF7000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x89E04000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x866D0000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x9AAEB000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8E800000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 40960 bytes (GEAR Software Inc., CD DVD Filter)
0x92DC4000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9AB61000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x9A8A9000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x83358000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x939D4000 C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x8EFEA000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x92DBB000 C:\Windows\system32\drivers\BoiHwSetup.sys 36864 bytes (Quanta Computer Corp, Toshiba HwSetup Driver)
0x89DDB000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x93B65000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x939AC000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x83000000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x93BDB000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x81700000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x89E0F000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x86686000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x86785000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8648E000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x9AAE3000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x939CC000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8668F000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x93BB2000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x93BBA000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x89D56000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x93B75000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x939C5000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x86406000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x93B6E000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x86733000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x89D51000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x92C83000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8EFF4000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver For x86.)
0x866CD000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x92D8F000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8E80A000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x04070000 Hidden Image-->CLI.Component.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 1060864 bytes
0x05C10000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 1060864 bytes
0x05760000 Hidden Image-->CLI.Aspect.DeviceTV2.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 1085440 bytes
0x05870000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 1101824 bytes
0x042D0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 167936 bytes
0x05200000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 176128 bytes
0x05BE0000 Hidden Image-->CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 192512 bytes
0x03D60000 Hidden Image-->CLI.Caste.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 233472 bytes
0x041A0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 233472 bytes
0x00B00000 Hidden Image-->LOG.Foundation.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x03DB0000 Hidden Image-->DEM.OS.I0602.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x03D20000 Hidden Image-->ATICCCom.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x03DC0000 Hidden Image-->DEM.Foundation.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x03DF0000 Hidden Image-->DEM.OS.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x04000000 Hidden Image-->DEM.Graphics.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x04170000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x056C0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x057D0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x057F0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x05820000 Hidden Image-->CLI.Aspect.DeviceProperty2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x05830000 Hidden Image-->CLI.Aspect.OverDrive2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x00AB0000 Hidden Image-->LOG.Foundation.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 28672 bytes
0x01D30000 Hidden Image-->ATICCCom.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 28672 bytes
0x04000000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 28672 bytes
0x05340000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 28672 bytes
0x05DA0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 28672 bytes
0x05DF0000 Hidden Image-->CLI.Aspect.DeviceProperty2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 28672 bytes
0x06010000 Hidden Image-->CLI.Aspect.OverDrive2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 28672 bytes
0x04090000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x881138A0 ] PID: 1440, 307200 bytes
0x05980000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 323584 bytes
0x059D0000 Hidden Image-->CLI.Aspect.DeviceDFP2.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 331776 bytes
0x05A30000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 356352 bytes
0x00AA0000 Hidden Image-->CLI.Implementation.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x01AA0000 Hidden Image-->CLI.Foundation.XManifestation.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x03D30000 Hidden Image-->AEM.Foundation.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x03DA0000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x041D0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x04360000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x04310000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x043A0000 Hidden Image-->CLI.Aspect.DeviceLCD2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x04380000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x04390000 Hidden Image-->CLI.Aspect.DeviceLCD2.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x043E0000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x05100000 Hidden Image-->APM.Foundation.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x05430000 Hidden Image-->CLI.Aspect.OverDrive2.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x05320000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x05450000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x05580000 Hidden Image-->CLI.Aspect.PowerPlay3.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x05910000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x004C0000 Hidden Image-->CLI.Implementation.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x00AC0000 Hidden Image-->CLI.Foundation.XManifestation.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x01860000 Hidden Image-->CLI.Component.Dashboard.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x01D50000 Hidden Image-->AEM.Foundation.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x01D60000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05390000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05FE0000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05E10000 Hidden Image-->CLI.Aspect.DeviceLCD2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05E00000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05FC0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05FD0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x06000000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05FF0000 Hidden Image-->CLI.Aspect.PowerPlay3.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05530000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 397312 bytes
0x055A0000 Hidden Image-->CLI.Aspect.DeviceLCD2.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 405504 bytes
0x00AC0000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x01C10000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x04320000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x04340000 Hidden Image-->CLI.Aspect.DeviceCRT2.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x043D0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x043F0000 Hidden Image-->CLI.Aspect.DeviceCV2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x05280000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x05590000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x055A0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x004E0000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 45056 bytes
0x01970000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 45056 bytes
0x05E30000 Hidden Image-->CLI.Aspect.DeviceCV2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 45056 bytes
0x05E20000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 45056 bytes
0x05E80000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 45056 bytes
0x05000000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 454656 bytes
0x05180000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 479232 bytes
0x054B0000 Hidden Image-->CLI.Aspect.DeviceCRT2.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 487424 bytes
0x05D20000 Hidden Image-->CLI.Aspect.OverDrive2.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 503808 bytes
0x00AF0000 Hidden Image-->LOG.Foundation.Service.dll [ EPROCESS 0x881138A0 ] PID: 1440, 53248 bytes
0x03DE0000 Hidden Image-->DEM.Graphics.I0601.dll [ EPROCESS 0x881138A0 ] PID: 1440, 53248 bytes
0x04200000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 53248 bytes
0x05270000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 53248 bytes
0x052B0000 Hidden Image-->CLI.Aspect.DeviceDFP2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 53248 bytes
0x052A0000 Hidden Image-->CLI.Aspect.DeviceDFP2.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 53248 bytes
0x00AA0000 Hidden Image-->LOG.Foundation.Service.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 53248 bytes
0x01850000 Hidden Image-->CLI.Component.Client.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 53248 bytes
0x05E90000 Hidden Image-->CLI.Aspect.DeviceDFP2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 53248 bytes
0x05A90000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 602112 bytes
0x03D50000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x041F0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x04020000 Hidden Image-->ATIDEMOS.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x041E0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x04330000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x04350000 Hidden Image-->CLI.Aspect.DeviceCRT2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x05440000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x05470000 Hidden Image-->CLI.Aspect.PowerPlay3.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x056B0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x01D40000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 61440 bytes
0x05070000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 61440 bytes
0x05DD0000 Hidden Image-->CLI.Aspect.DeviceCRT2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 61440 bytes
0x053A0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 61440 bytes
0x05FA0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 61440 bytes
0x056C0000 Hidden Image-->CLI.Aspect.DeviceCV2.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 626688 bytes
0x05B30000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 667648 bytes
0x041A0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x043B0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x05240000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x05200000 Hidden Image-->CLI.Aspect.DeviceCV2.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x05220000 Hidden Image-->CLI.Aspect.DeviceTV2.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x052C0000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x05860000 Hidden Image-->CLI.Aspect.DeviceTV2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x05880000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x05E60000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 69632 bytes
0x05E40000 Hidden Image-->CLI.Aspect.DeviceTV2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 69632 bytes
0x05610000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 708608 bytes
0x00AD0000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0x881138A0 ] PID: 1440, 77824 bytes
0x00A80000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 77824 bytes
0x03FE0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 77824 bytes
0x01BF0000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 94208 bytes
0x01D10000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 94208 bytes
0x04180000 Hidden Image-->CLI.Aspect.Welcome.Local.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 94208 bytes
0x04DD0000 Hidden Image-->TCrdMain.resources.dll [ EPROCESS 0x87BA7680 ] PID: 2720, 970752 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Users\Eray\AppData\Local\Temp\Low\~DF9C19.tmp::$DATA
!-->[Hidden] C:\Users\Eray\AppData\Local\Temp\Low\~DF9C50.tmp::$DATA
!-->[Hidden] C:\Users\Eray\AppData\Local\Temp\~DF2589.tmp::$DATA
!-->[Hidden] C:\Users\Eray\AppData\Local\Temp\~DF63E6.tmp::$DATA
!-->[Hidden] C:\Users\Eray\AppData\Local\Temp\~DFD91A.tmp::$DATA
!-->[Hidden] C:\Users\Eray\AppData\Local\Temp\~DFF4B8.tmp::$DATA
!-->[Hidden] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\00-00-00-00-00-00.xml
!-->[Hidden] C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{871ae3a1-587d-498e-95ee-a470ea7fff32}
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x0006948A, Type: Inline - RelativeJump 0x85C6948A-->85C69491 []
ntoskrnl.exe+0x0006D924, Type: Inline - RelativeJump 0x85C6D924-->85C6D92D []