scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
IPC error: 2 Le fichier spécifié est introuvable.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:2d90dc3a
"s1"=dword:9aae197f
"s2"=dword:90ffb414
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg41]
"ujdew"=hex:20,02,00,00,36,65,36,22,da,38,f5,c5,12,21,8f,8c,91,b7,7e,79,16,..
"ljej40"=hex:81,29,19,fb,bd,7c,99,f8,5d,fb,69,0d,82,be,b3,2b,42,b5,48,1f,91,..
"ljej41"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej42"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej43"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej44"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg42]
"ujdew"=hex:20,02,00,00,36,65,36,22,9c,38,ab,86,12,21,8f,8c,76,b6,7e,79,16,..
"ljej40"=hex:ae,29,19,fb,bd,7c,99,f8,5d,fb,69,0d,82,be,b3,2b,42,b5,48,1f,ee,..
"ljej41"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej42"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej43"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej44"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg43]
"ujdew"=hex:20,02,00,00,cd,1c,0e,fa,65,b6,ca,2d,64,54,f3,db,f7,f4,b4,9f,5e,..
"ljej40"=hex:c9,4a,a8,71,ec,5f,79,6d,5a,8c,65,99,3b,d7,b4,a5,09,39,5c,0e,dd,..
"ljej41"=hex:6c,07,ad,71,da,0a,7c,6d,b2,d1,61,99,be,b1,b1,a5,17,56,59,0e,e8,..
"ljej42"=hex:a1,bb,a4,71,0b,a7,75,6d,99,8c,69,99,df,df,b9,a5,0f,28,51,0e,78,..
"ljej43"=hex:2c,61,bc,71,13,6d,6d,6d,46,b6,70,99,88,96,a0,a5,4f,70,48,0e,8b,..
"ljej44"=hex:61,4b,b3,71,68,58,62,6d,67,83,7f,99,40,c1,af,a5,b0,24,47,0e,a7,..
"ljej45"=hex:0d,c0,89,71,57,cd,58,6d,ec,15,45,99,90,77,95,a5,95,9e,7d,0e,df,..
"ljej46"=hex:08,9f,8f,71,12,84,5e,6d,6d,6e,43,99,df,3f,93,a5,9c,d6,7b,0e,14,..
"ljej47"=hex:ed,a8,85,71,30,b6,54,6d,42,7c,49,99,b6,21,99,a5,f6,c5,71,0e,22,..
"ljej48"=hex:34,f7,9b,71,b3,9c,4a,6d,3e,45,57,99,98,18,87,a5,d6,ec,6f,0e,4c,..
"ljej49"=hex:28,2d,91,71,95,32,40,6d,55,ff,5d,99,20,ae,8d,a5,2f,46,65,0e,62,..
"ljej410"=hex:7e,ae,96,71,16,b4,47,6d,39,7d,5a,99,7b,20,8a,a5,29,c4,62,0e,af,..
"ljej411"=hex:41,77,ec,71,c7,1d,3d,6d,52,c4,20,99,85,9a,f0,a5,7c,6a,18,0e,7b,..
"ljej412"=hex:cf,24,e1,71,37,2b,30,6d,68,f6,2d,99,f9,a8,fd,a5,5b,bc,15,0e,b2,..
"ljej413"=hex:60,34,e6,71,be,da,37,6d,cc,06,2a,99,3e,47,fa,a5,78,ac,12,0e,8d,..
"ljej414"=hex:f6,3a,fb,71,ec,29,2a,6d,9f,f7,37,99,2a,56,e7,a5,55,bf,0f,0e,f8,..
"ljej415"=hex:b7,0e,f0,71,0c,15,21,6d,9d,c3,3c,99,c9,83,ec,a5,28,63,04,0e,1e,..
"ljej416"=hex:58,b5,f4,71,02,5c,24,6d,f3,84,39,99,82,da,e9,a5,c0,2b,01,0e,8a,..
"ljej417"=hex:c7,d5,c9,71,84,fc,18,6d,5c,24,05,99,c7,7b,d5,a5,fa,88,3d,0e,ba,..
"ljej418"=hex:19,6e,ce,71,35,75,1f,6d,24,a3,02,99,66,e3,d2,a5,30,00,3a,0e,46,..
"ljej419"=hex:0e,dd,c2,71,0c,c4,13,6d,05,2c,0e,99,1e,72,de,a5,e0,90,36,0e,fe,..
"ljej420"=hex:7b,b9,c6,71,c2,a8,17,6d,5e,70,0a,99,8e,d7,db,a5,6a,3c,33,0e,42,..
"ljej421"=hex:80,71,db,71,63,61,0a,6d,c9,cf,17,99,11,9f,c7,a5,cc,75,2f,0e,0f,..
"ljej422"=hex:df,24,df,71,1c,2c,0e,6d,55,f4,13,99,a9,ab,c3,a5,10,b8,2b,0e,ce,..
"ljej423"=hex:55,da,d3,71,6f,ca,02,6d,36,16,1f,99,da,49,cf,a5,5b,9a,27,0e,95,..
"ljej424"=hex:13,e9,d7,71,bb,f8,06,6d,d4,27,1b,99,d5,78,cb,a5,46,8d,23,0e,e0,..
"ljej425"=hex:6d,e8,2b,71,6b,f8,fa,6d,15,20,e7,99,a7,67,37,a5,e5,8d,df,0e,6a,..
"ljej426"=hex:07,df,2f,71,8c,c6,fe,6d,0c,11,e3,99,af,76,33,a5,da,9c,db,0e,42,..
"ljej427"=hex:c5,3c,23,71,d2,24,f2,6d,2e,f3,ef,99,99,54,3f,a5,d8,be,d7,0e,50,..
"ljej428"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej429"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej430"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej431"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej432"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg44]
"ujdew"=hex:20,02,00,00,cd,1c,0e,fa,65,b6,ca,2d,64,54,f3,db,f7,f4,b4,9f,5e,..
"ljej40"=hex:2a,4b,a8,71,ec,5f,79,6d,5a,8c,65,99,3b,d7,b4,a5,09,39,5c,0e,87,..
"ljej41"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej42"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej43"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej44"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="C856BAC2A379AC798F73B73365A5C5DC2315FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA2D97226D213B5558EDD5E5BE2F6E667FB90758DA7BE69FE053E1A825BBDB034C942B2072D47AF07F21F2F63827A2BC73EB6344BCCDB877695EAB325B261213FC09588A4455237B0234CABB3486C66D20E72792686EBB4831A217FC8B94D2B2916D962B581EFFB340A0C4D7DE67DC66CBFE6791F762E589368813BD3644D8D5541CCA7A4C59938895E5944CF52729CC06CEA4F0AC0D27B2819DE8AFE279D2CBAFCDD24AD773AC53C9A62A48E0204DC116E8B760E8D014CD889C37256FA730DE3C5B4076382B3A4EDFE0AE66FF16021336686D12889D21B50DAEB5EBB5FF45BF0DEA9E32CD4D8F9520FE568FC22A52511B850A626665560CBF2C69CE1D33DE5954DC9B14161F18DB111C1E71795EBCAA50F119CADD88B341E7AFA5E535FDB9F185CD84CB01FBA4AE7119B8AEE543C9684D22343B5986AD5AC5E5FBB6C0C539FD49A4A735B0863C066DCA5598DE812B2D2B6168B88E15D26F3CE812EDDE59BA1B9D8C8C9F71B8F243088C73F4BE45E69C7AC2E4A49F6412B7FC3A1942D7F9D82CBAC30D711DA584E5EEB9A8DD8D9862EB26EE239699BE910F2F2B3B0316F3A47A0721486024EC8B81DA0ED793861E4147477DE7531981AA083DC60A998CCC4156447B8A8FEFEE104AB86449A3F16C455020983803CB90FCFFD40050963B882B8550D196E0DFC9574DFC0536C1B18674DE42562407A50F5B43EA2313FE6D0AF9EC86AE0F184DA4EF221B606D0488903FEB995C37E30327086374E2B9B4BBEFBDBA3C9722D152EE709EB137B0C9A15BE0E3366A26673B61326EFCF68560EA908A6E258E37FBF9130E8D04506C5B8E23A4294E6300B33B9EA9202F7180A7EBF6DD995087DACDA25EC64F3002B8A9D26040B392C4EE2AB9D73F31C5C1A3442B2B5F2DE10BD5C8E0B57758CBBA54B178F22770C8D94C4F24620927F550237D239E097F56A55195BE8183768B2655BC9D70EBD1128CF70701C575E8301995B7C0B610D25D42BD2106AD169E6630C74AA3BB4355BDBFD06DE0DF0E712405D495F679D3FCD5257DC543E186EFC91703205F876DB15CBD38A4F08BCE4A9387C8E718F71BB61A7A8EEA196F251B2C59B157854A853FBE1B8E8A4037CAF5C525C207AC72CB566DF1FA34629DDBBA4494E81F59414DEE048466D9775E64650BA16D297DB10047BC9717CE1B2C87E812B7A41C6877667A9F0CFC933DCA4C9C0E27561B998D323CDF589D96CF0188D0FBFC5FD047A00FACD8E5513573A5401F9027BE925CFA43020BA0485AEA52400259D0BCA9CC1D54ADB1A104337918755608DDBEEF3D51FED4AB4B229C619B812B09FD81A53B512"
"OODLED02.00.00.02WSSV"="F201E65B4996CCF2010E44AFA5CA6740795DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555FEBC9E127BECC74CFEBC9E127BECC74C6F8570FD8D0609E007D877F842FBE622F2CD90E9E92A35CE2F2B300D6E77560CF35684CBC007FCD67CF77C1AC5EC252A2134A7DC99E751AFBFEF5DE8A132A87EF12AC009E65E54F317DE079C4EC7B4142F7E173E928E6A78FCF4768119AAA558084382BC1003CD155B9E01DFDFA2F364A4ADF7E56CF5997B174D60492396C3D2ACE31D905EAA5EFDA34CC96893D67309E04AD5D054B7ADEA108F75D221722E8CA455565187D52ED31B82B45A1183F84F14DCB01D0AB32AE1BED70159087F45858DE4E77155C39BA1435D89039A0AFEEC4675FC0F600D445A4DC6443861C19C24D663018728F9B5D6708002500311B0F7CF262210C1AAE6B6BB7F756FC880FA31C42541CDEFC1C1C34C104D54AF82F26B5E86FC2AA938B1BADB293DA6F1C75C5BEC82C020B3A8B69F52B68EC79D8C58A674B0DB8E2824F50ED4EF37A4A169F0323E5989038EFEC206D3225E04DBA12C6EE743041062223ABD200375572FF71B2CF588189A2D5BC6F2F603C5090E77EA69E1E0ADA70FA9393A8F17FDCE8A4BF32329F4DFB0D39455CBB28E4578EA0947A2DF2F05F07C75E157C26248C0B30144D33F88C53457C938D35301CE9ABC13A50A34DAA9AB8984564E32A1C2853FF78E5E73AF25B6225BEC38FB154959641920730591AEBAAA9AEDBAA8944D1A575504CA57D94BED33EE21069F0F10C354DF8315CB851EA767BD311D44FDBC9FB9818E014C7DF9341C6D3CAE87B2F28D94F2528A566D721EDD3AE05B7826DA5AB627C7CD0C1167860483D48AD0C9348D409FC1D3C5841C6DBC1EEEBB0B58E435B3387FE321133E87242239536CA28B3D8578BAD49089FE894ABD806B97648BBAAAE63A586C049BFCCA8068279E8F223C2954DBD2013E738BDC2FF17C0E1EF21C28AC2DA4A06792505B1597887F64194E81CBF5FBB26A452DDFCED1DFADDC3630CD46C7A5C546A810CB1FAEDDFD7C8359F93E8E5D9AD7B44FD63B6071907D606D5132A51DB8ADD6EE259E4B715834E5E8114CDF6C7CD5F57653D616EBA0DDF2727BB41D3127AE0CC008D83DF1A4EDBD2C5C5ED6FEF1B6B04A7F4A1EEE1C61E300A857B369175C2B81245789724B8E79F3019C945169D0801616FED40195F29BF84BE526B45F51094D416767E70A01FBB93C76EF81A4FEF6CA68A5CD09F4F97669686FE3642BA9EF673919452DEFB29C975B1E7094B92196FA5931CFD3F36947FB1A49102DFA849E34F943C281639425CB418856711117D7DF63D7D591A1B2CF828C0C02282288463F077DB3069C9CD6B967F010636ACA275590940DD6E04FCDF18012"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
352 - explorer.exe
376 - avp.exe
432 - IAANTMon.exe
544 - LVComSer.exe
608 - nvsvc32.exe
692 - oodag.exe
752 - PnkBstrA.exe
1100 - csrss.exe
1124 - winlogon.exe
1172 - services.exe
1184 - lsass.exe
1340 - svchost.exe
1408 - svchost.exe
1452 - MsMpEng.exe
1492 - svchost.exe
1668 - firefox.exe
1824 - spoolsv.exe
1896 - LVPrcSrv.exe
2312 - MSASCui.exe
2448 - avp.exe
2468 - MemOptimizer.ex
2480 - SweetIM.exe
2504 - Core.exe
2572 - cmd.exe
2636 - TeaTimer.exe
2716 - DSLMON.exe
2964 - msnmsgr.exe
3312 - firefox.exe
3856 - alg.exe
3928 - LVComSer.exe
Total number of processes = 31
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E2000 - \WINDOWS\system32\hal.dll
BA5A8000 - \WINDOWS\system32\KDCOM.DLL
BA4B8000 - \WINDOWS\system32\BOOTVID.dll
B9ED6000 - sptd.sys
BA5AA000 - \WINDOWS\System32\Drivers\WMILIB.SYS
B9EBE000 - \WINDOWS\System32\Drivers\SPTD2221.SYS
B9E97000 - Vax347b.sys
B9E68000 - ACPI.sys
B9E57000 - pci.sys
BA0A8000 - isapnp.sys
B9E45000 - sfsync04.sys
BA670000 - pciide.sys
BA328000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
BA0B8000 - MountMgr.sys
B9E26000 - ftdisk.sys
BA330000 - PartMgr.sys
BA0C8000 - sfsync02.sys
BA0D8000 - VolSnap.sys
B9E0E000 -
B9D39000 - iastor.sys
BA5AC000 - Vax347s.sys
B9D21000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
BA0E8000 - disk.sys
BA0F8000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
B9D01000 - fltMgr.sys
B9CEF000 - sr.sys
BA108000 - PxHelp20.sys
B9CD8000 - KSecDD.sys
B9C4B000 - Ntfs.sys
B9C1E000 - NDIS.sys
B9C0A000 - sfvfs02.sys
BA338000 - sfhlp02.sys
B9BF8000 - sfdrv01.sys
B9BDD000 - Mup.sys
BA5AE000 - mcctl.sys
BA340000 - \WINDOWS\system32\drivers\mcclib.sys
B99D3000 - LVMVDrv.sys
B99B7000 - kl1.sys
BA348000 - \WINDOWS\system32\drivers\TDI.SYS
BA258000 - \SystemRoot\system32\DRIVERS\intelppm.sys
B8F10000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
B8EFC000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
B8ED6000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
B8EAB000 - \SystemRoot\system32\DRIVERS\e1e5132.sys
B95F2000 - \SystemRoot\System32\DRIVERS\Bonifay.sys
BA3E0000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
B8E88000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
BA3E8000 - \SystemRoot\system32\DRIVERS\usbehci.sys
BA268000 - \SystemRoot\system32\DRIVERS\imapi.sys
BA3F0000 - \SystemRoot\system32\drivers\Afc.sys
BA278000 - \SystemRoot\system32\DRIVERS\cdrom.sys
BA288000 - \SystemRoot\system32\DRIVERS\redbook.sys
B8E65000 - \SystemRoot\system32\DRIVERS\ks.sys
BA3F8000 - \SystemRoot\system32\DRIVERS\klim5.sys
BA788000 - \SystemRoot\system32\DRIVERS\audstub.sys
BA2C8000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
B996A000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
B8ABA000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
BA2D8000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
BA2E8000 - \SystemRoot\system32\DRIVERS\raspptp.sys
B86EC000 - \SystemRoot\system32\DRIVERS\psched.sys
BA308000 - \SystemRoot\system32\DRIVERS\msgpc.sys
BA470000 - \SystemRoot\system32\DRIVERS\ptilink.sys
BA478000 - \SystemRoot\system32\DRIVERS\raspti.sys
BA138000 - \SystemRoot\system32\DRIVERS\termdd.sys
BA480000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
BA488000 - \SystemRoot\system32\DRIVERS\mouclass.sys
BA602000 - \SystemRoot\system32\DRIVERS\swenum.sys
B8435000 - \SystemRoot\system32\DRIVERS\update.sys
B9956000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
BA188000 - \SystemRoot\system32\DRIVERS\usbhub.sys
BA61A000 - \SystemRoot\system32\DRIVERS\USBD.SYS
BA198000 - \SystemRoot\System32\Drivers\NDProxy.SYS
B4D00000 - \SystemRoot\system32\drivers\sthda.sys
B4CDE000 - \SystemRoot\system32\drivers\portcls.sys
BA238000 - \SystemRoot\system32\drivers\drmk.sys
BA632000 - \SystemRoot\System32\Drivers\i2omgmt.SYS
BA634000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
BA6F6000 - \SystemRoot\System32\Drivers\Null.SYS
BA636000 - \SystemRoot\System32\Drivers\Beep.SYS
BA390000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
BA398000 - \SystemRoot\System32\drivers\vga.sys
BA63A000 - \SystemRoot\System32\Drivers\mnmdd.SYS
BA63C000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
BA3A0000 - \SystemRoot\System32\Drivers\Msfs.SYS
BA3A8000 - \SystemRoot\System32\Drivers\Npfs.SYS
B960A000 - \SystemRoot\system32\DRIVERS\rasacd.sys
B4044000 - \SystemRoot\system32\DRIVERS\ipsec.sys
B3FC4000 - \SystemRoot\system32\DRIVERS\tcpip.sys
B3FA3000 - \SystemRoot\system32\DRIVERS\ipnat.sys
B3F7B000 - \SystemRoot\system32\DRIVERS\netbt.sys
B929B000 - \SystemRoot\system32\DRIVERS\wanarp.sys
B3F59000 - \SystemRoot\System32\drivers\afd.sys
B928B000 - \SystemRoot\system32\DRIVERS\netbios.sys
B3F2E000 - \SystemRoot\system32\DRIVERS\rdbss.sys
B3EBF000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
B3E8B000 - \??\C:\WINDOWS\system32\drivers\klif.sys
BA118000 - \SystemRoot\System32\Drivers\Fips.SYS
B3C0C000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
B3C72000 - \SystemRoot\system32\drivers\LVUSBSta.sys
B2F51000 - \SystemRoot\system32\DRIVERS\LV302V32.SYS
BA64E000 - \SystemRoot\system32\DRIVERS\lv302af.sys
B3C62000 - \SystemRoot\system32\drivers\usbaudio.sys
B2D4F000 - \SystemRoot\system32\DRIVERS\LVcKap.sys
B1A23000 - \SystemRoot\system32\DRIVERS\adiusbaw.sys
B3D3A000 - \SystemRoot\system32\DRIVERS\hidusb.sys
B1CD3000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
B3D2A000 - \SystemRoot\system32\DRIVERS\mouhid.sys
B399A000 - \SystemRoot\system32\DRIVERS\kbdhid.sys
ACE06000 - \SystemRoot\System32\Drivers\Cdfs.SYS
ABBA6000 - \SystemRoot\System32\Drivers\Udfs.SYS
ABAD1000 - \SystemRoot\System32\Drivers\dump_iastor.sys
BF800000 - \SystemRoot\System32\win32k.sys
ACB58000 - \SystemRoot\System32\drivers\Dxapi.sys
ACD13000 - \SystemRoot\System32\watchdog.sys
BF000000 - \SystemRoot\System32\drivers\dxg.sys
B077F000 - \SystemRoot\System32\drivers\dxgthk.sys
BF012000 - \SystemRoot\System32\nv4_disp.dll
B40EB000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
AAB1C000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
AAADF000 - \SystemRoot\system32\drivers\wdmaud.sys
B85E2000 - \SystemRoot\system32\drivers\sysaudio.sys
AC3AC000 - \SystemRoot\System32\DRIVERS\ipfltdrv.sys
AA88D000 - \SystemRoot\system32\DRIVERS\srv.sys
B92FB000 - \SystemRoot\system32\DRIVERS\secdrv.sys
AA785000 - \??\C:\WINDOWS\system32\drivers\tmcomm.sys
B86CA000 - \SystemRoot\system32\drivers\LVPr2Mon.sys
A4B34000 - \SystemRoot\system32\drivers\kmixer.sys
BA7E8000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 130