API tools faq
paste
Advertisement
Guest User

wincheck rc8.45 log

a guest
May 9th, 2013
629
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 55.51 KB | None | 0 0
raw download clone embed print report
  1. PID 0 Parent PID 0 [System Process]
  2. PID 4 Parent PID 0 System
  3. PID 264 Parent PID 4 kind {Session manager} C:\Windows\System32\smss.exe
  4. PID 360 Parent PID 352 kind {Client Server Runtime Process} C:\Windows\System32\csrss.exe
  5. PID 412 Parent PID 352 kind {Windows Start-Up Application} C:\Windows\System32\wininit.exe
  6. PID 424 Parent PID 404 kind {Client Server Runtime Process} C:\Windows\System32\csrss.exe
  7. PID 472 Parent PID 404 kind {WinLogon} C:\Windows\System32\winlogon.exe
  8. PID 500 Parent PID 412 kind {Services.exe} C:\Windows\System32\services.exe
  9. PID 508 Parent PID 412 kind {lsass} C:\Windows\System32\lsass.exe
  10. PID 516 Parent PID 412 kind {Local Session Manager Service} C:\Windows\System32\lsm.exe
  11. PID 636 Parent PID 500 kind {DCom Server} C:\Windows\System32\svchost.exe
  12. PID 700 Parent PID 500 kind {RPC Service} C:\Windows\System32\svchost.exe
  13. PID 748 Parent PID 500 kind {DHCP Client} C:\Windows\System32\svchost.exe
  14. PID 872 Parent PID 500 kind {Wired AutoConfig Service} C:\Windows\System32\svchost.exe
  15. PID 912 Parent PID 500 kind {Extensible Authentication Protocol Service} C:\Windows\System32\svchost.exe
  16. PID 968 Parent PID 748 audiodg.exe
  17. PID 1044 Parent PID 500 kind {WebClient} C:\Windows\System32\svchost.exe
  18. PID 1124 Parent PID 500 kind {DNS Client} C:\Windows\System32\svchost.exe
  19. PID 1300 Parent PID 500 kind {Print Spooler} C:\Windows\System32\spoolsv.exe
  20. PID 1348 Parent PID 500 kind {Host Process for Windows Tasks} C:\Windows\System32\taskhost.exe
  21. PID 1356 Parent PID 500 kind {Windows firewall} C:\Windows\System32\svchost.exe
  22. PID 1576 Parent PID 500 kind {VMWare service} C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
  23. PID 1668 Parent PID 500 service {VMUpgradeHelper} C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
  24. PID 1804 Parent PID 500 kind {Microsoft Software Protection Platform Service} C:\Windows\System32\sppsvc.exe
  25. PID 364 Parent PID 636 kind {wmiprvse} C:\Windows\System32\wbem\WmiPrvSE.exe
  26. PID 1188 Parent PID 872 kind {Desktop Window Manager} C:\Windows\System32\dwm.exe
  27. PID 1152 Parent PID 1112 kind {Explorer} C:\Windows\explorer.exe
  28. PID 2016 Parent PID 1152 C:\Program Files\VMware\VMware Tools\VMwareTray.exe
  29. PID 1228 Parent PID 1152 C:\Program Files\VMware\VMware Tools\VMwareUser.exe
  30. PID 324 Parent PID 500 kind {Windows Search Indexer} C:\Windows\System32\SearchIndexer.exe
  31. PID 1384 Parent PID 324 kind {Search Protocol Host} C:\Windows\System32\SearchProtocolHost.exe
  32. PID 1560 Parent PID 324 kind {Search Filter Host} C:\Windows\System32\SearchFilterHost.exe
  33. PID 2436 Parent PID 1152 kind {Cmd.exe} C:\Windows\System32\cmd.exe
  34. PID 2444 Parent PID 424 kind {Console Window Host} C:\Windows\System32\conhost.exe
  35. PID 2544 Parent PID 2436 C:\Users\Admin\Desktop\wincheck.exe
  36.  
  37. MyWindowsChecker: len 13, kernel name ntkrnlpa.exe
  38. Major 6 Minor 1 BuildNumber 7600 PlatformId 2 ServicePackMajor 0 ServicePackMinor 0 SuiteMask 256 ProductType 1 CSDVersion
  39. ProductType: 1
  40. HighestUserAddress: 7FFEFFFF
  41. UserProbeAddress: 7FFF0000
  42. SystemRangeStart: 80000000
  43. NtMajorVersion: 6
  44. NtMinorVersion: 1
  45. BuildNumber: 7600
  46. GlobalFlag: 0
  47. Processors: 1
  48. MmVerifierFlags 0
  49. MmSystemSize 2 Large
  50. DebuggerEnabled 0
  51. DebuggerNotPresent 1
  52. SafeBootMode 0
  53. NXSupportPolicy 2
  54. MmAvailablePages: 0002BD6A
  55. MmTotalCommittedPages: 00014C98
  56. MmTotalCommitLimit: 0007FF7E
  57. MmPeakCommitment: 000171AB
  58. CR0 80010031 PE ET NE WP PG
  59. CR4 000006F9 VME DE PSE PAE MCE PGE OSFXSR OSXMMEXCPT
  60. cpuid 0: 10677
  61. cpuid 1: 10800
  62. cpuid 2: 80082201 SSE3 SSSE3 CMPXCHG16B SSE4.1
  63. cpuid 3: FEBFBFF FPU VME DE PSE TSC MSR PAE MCE CX8 APIC SEP MTRR PGE MCA CMOV PAT PSE-36 CLFSH DS ACPI MMX FXSR SSE SSE2 SS
  64. WindowsType: Multiprocessor Free
  65. KDDB:
  66. ETHREAD.StartAddress 218
  67. PsLoadedModuleList: 82983810
  68. PsActiveProcessHead: 8297BE98
  69. PspCidTable: 8297BEB4
  70. MmLoadedUserImageList: 82983DF8
  71. KiProcessorBlock: 829A38C0 (1688C0)
  72. KernelVerifier: 0
  73. KeBugCheckCallbackList: 8299EB20 (163B20)
  74. MmNonPagedPoolStart: 8B501000
  75. MmNonPagedPoolEnd: 00000000
  76. MmPagedPoolStart: 00000000
  77. MmPagedPoolEnd: 00000000
  78. MmPageSize: 4096
  79. KeNumberNodes: 1
  80. KeLargestCacheLine: 40
  81. MmProductType: 0
  82. Decode system scheme - rotr sub
  83. Decode scheme - rotr sub
  84. Driver RPHook loaded from C:\Users\Admin\AppData\Local\Temp\drv2
  85. 8283B000:410000 flags 8004000 LoadCount 107 \SystemRoot\system32\ntkrnlpa.exe
  86. 82804000:37000 flags 8004000 LoadCount 86 \SystemRoot\system32\halmacpi.dll
  87. 80BA9000:8000 flags 8004000 LoadCount 3 \SystemRoot\system32\kdcom.dll
  88. 82E17000:78000 flags 9104000 LoadCount 1 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  89. 82E8F000:11000 flags D104000 LoadCount 3 \SystemRoot\system32\PSHED.dll
  90. 82EA0000:8000 flags D104000 LoadCount 1 \SystemRoot\system32\BOOTVID.dll
  91. 82EA8000:42000 flags 9104000 LoadCount 3 \SystemRoot\system32\CLFS.SYS
  92. 82EEA000:AB000 flags D104000 LoadCount 2 \SystemRoot\system32\CI.dll
  93. 83434000:71000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\Wdf01000.sys
  94. 834A5000:E000 flags D104000 LoadCount 10 \SystemRoot\system32\drivers\WDFLDR.SYS
  95. 834B3000:48000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ACPI.sys
  96. 834FB000:9000 flags D104000 LoadCount 22 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  97. 83504000:8000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\msisadrv.sys
  98. 8350C000:2A000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\pci.sys
  99. 83536000:B000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  100. 83541000:11000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\partmgr.sys
  101. 83552000:8000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\compbatt.sys
  102. 8355A000:B000 flags D104000 LoadCount 2 \SystemRoot\system32\DRIVERS\BATTC.SYS
  103. 83565000:10000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\volmgr.sys
  104. 83575000:4B000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\volmgrx.sys
  105. 835C0000:7000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\intelide.sys
  106. 835C7000:E000 flags D104000 LoadCount 1 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  107. 835D5000:16000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\mountmgr.sys
  108. 835EB000:9000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\atapi.sys
  109. 83400000:23000 flags D104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ataport.SYS
  110. 82F95000:18000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\lsi_sas.sys
  111. 82FAD000:47000 flags D104000 LoadCount 1 \SystemRoot\system32\DRIVERS\storport.sys
  112. 83423000:9000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\amdxata.sys
  113. 83613000:34000 flags 9104000 LoadCount 4 \SystemRoot\system32\drivers\fltmgr.sys
  114. 83647000:11000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\fileinfo.sys
  115. 83658000:12F000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Ntfs.sys
  116. 83787000:2B000 flags D104000 LoadCount 9 \SystemRoot\System32\Drivers\msrpc.sys
  117. 837B2000:13000 flags 9104000 LoadCount 16 \SystemRoot\System32\Drivers\ksecdd.sys
  118. 8DE2A000:5D000 flags 9104000 LoadCount 3 \SystemRoot\System32\Drivers\cng.sys
  119. 8DE87000:E000 flags 9104020 LoadCount 1 \SystemRoot\System32\drivers\pcw.sys
  120. 8DE95000:9000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Fs_Rec.sys
  121. 8DE9E000:B7000 flags 9104000 LoadCount 24 \SystemRoot\system32\drivers\ndis.sys
  122. 8DF55000:3E000 flags D104000 LoadCount 23 \SystemRoot\system32\drivers\NETIO.SYS
  123. 8DF93000:25000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\ksecpkg.sys
  124. 8E03F000:149000 flags 9104020 LoadCount 1 \SystemRoot\System32\drivers\tcpip.sys
  125. 8E188000:31000 flags D104000 LoadCount 8 \SystemRoot\System32\drivers\fwpkclnt.sys
  126. 8E1B9000:9000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  127. 8E000000:3F000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\volsnap.sys
  128. 8E1C2000:8000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\spldr.sys
  129. 8E1CA000:2D000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\rdyboost.sys
  130. 8DFB8000:10000 flags 9104000 LoadCount 4 \SystemRoot\System32\Drivers\mup.sys
  131. 8E1F7000:8000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\hwpolicy.sys
  132. 8DFC8000:32000 flags 9104000 LoadCount 1 \SystemRoot\System32\DRIVERS\fvevol.sys
  133. 8DE00000:11000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\disk.sys
  134. 837C5000:25000 flags D104000 LoadCount 2 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  135. 8DE11000:10000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\agp440.sys
  136. 92435000:1F000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\cdrom.sys
  137. 92454000:7000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\Null.SYS
  138. 9245B000:7000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\Beep.SYS
  139. 92462000:8000 flags 49104000 LoadCount 1 \??\C:\Program Files\VMware\VMware Tools\vmrawdsk.sys
  140. 9246A000:C000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\vga.sys
  141. 92476000:21000 flags 4D104000 LoadCount 5 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  142. 92497000:D000 flags 4D104000 LoadCount 5 \SystemRoot\System32\drivers\watchdog.sys
  143. 924A4000:8000 flags 49104000 LoadCount 1 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  144. 924AC000:8000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\rdpencdd.sys
  145. 924B4000:8000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\rdprefmp.sys
  146. 924BC000:B000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\Msfs.SYS
  147. 924C7000:E000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\Npfs.SYS
  148. 924D5000:17000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\tdx.sys
  149. 924EC000:B000 flags 4D104000 LoadCount 7 \SystemRoot\system32\DRIVERS\TDI.SYS
  150. 924F7000:5A000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\afd.sys
  151. 92551000:32000 flags 49104000 LoadCount 1 \SystemRoot\System32\DRIVERS\netbt.sys
  152. 92583000:9000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\ws2ifsl.sys
  153. 9258C000:7000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\wfplwf.sys
  154. 92593000:1F000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\pacer.sys
  155. 925B2000:E000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\netbios.sys
  156. 925C0000:1E000 flags 49104000 LoadCount 1 \SystemRoot\System32\DRIVERS\vmhgfs.sys
  157. 925DE000:1A000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\serial.sys
  158. 92400000:9000 flags 49104000 LoadCount 1 \??\C:\Windows\system32\Drivers\vmdebug.sys
  159. 82E00000:13000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\wanarp.sys
  160. 92E2B000:10000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\termdd.sys
  161. 92E3B000:41000 flags 49104000 LoadCount 5 \SystemRoot\system32\DRIVERS\rdbss.sys
  162. 92E7C000:A000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\nsiproxy.sys
  163. 92E86000:A000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mssmbios.sys
  164. 92E90000:C000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\discache.sys
  165. 92E9C000:64000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\csc.sys
  166. 92F00000:18000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\dfsc.sys
  167. 92F18000:E000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\blbdrive.sys
  168. 92F26000:21000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\tunnel.sys
  169. 92F47000:18000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\i8042prt.sys
  170. 92F5F000:D000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\kbdclass.sys
  171. 92F6C000:2000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\vmmouse.sys
  172. 92F6E000:D000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mouclass.sys
  173. 92F7B000:18000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\parport.sys
  174. 92F93000:A000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\serenum.sys
  175. 92F9D000:B000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\fdc.sys
  176. 92FA8000:E000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\vmci.sys
  177. 92FB6000:17000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\vm3dmp.sys
  178. 9320A000:B7000 flags 49104000 LoadCount 2 \SystemRoot\System32\drivers\dxgkrnl.sys
  179. 932C1000:39000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\dxgmms1.sys
  180. 932FA000:B000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\usbuhci.sys
  181. 93305000:4B000 flags 4D104000 LoadCount 2 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  182. 93350000:1D000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\E1G60I32.sys
  183. 9336D000:5000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\vmaudio.sys
  184. 93372000:2F000 flags 4D104000 LoadCount 1 \SystemRoot\system32\drivers\portcls.sys
  185. 933A1000:19000 flags 4D104000 LoadCount 1 \SystemRoot\system32\drivers\drmk.sys
  186. 933BA000:34000 flags 4D104000 LoadCount 3 \SystemRoot\system32\drivers\ks.sys
  187. 933EE000:F000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\usbehci.sys
  188. 93200000:4000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\CmBatt.sys
  189. 92FCD000:12000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\intelppm.sys
  190. 92FDF000:D000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  191. 92FEC000:12000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  192. 92E00000:18000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  193. 92E18000:B000 flags 49104000 LoadCount 2 \SystemRoot\system32\DRIVERS\ndistapi.sys
  194. 9343C000:22000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ndiswan.sys
  195. 9345E000:18000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\raspppoe.sys
  196. 93476000:17000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\raspptp.sys
  197. 9348D000:17000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\rassstp.sys
  198. 934A4000:A000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\rdpbus.sys
  199. 934AE000:2000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\swenum.sys
  200. 934B0000:E000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\umbus.sys
  201. 934BE000:A000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\flpydisk.sys
  202. 934C8000:44000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\usbhub.sys
  203. 9350C000:11000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\NDProxy.SYS
  204. 9351D000:D000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\crashdmp.sys
  205. 9352A000:A000 flags 49104000 LoadCount 2 \SystemRoot\System32\Drivers\dump_diskdump.sys
  206. 93534000:18000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\dump_LSI_SAS.sys
  207. 9354C000:11000 flags 49104020 LoadCount 1 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  208. 97290000:24A000 flags 69104000 LoadCount 4 \SystemRoot\System32\win32k.sys
  209. 9355D000:A000 flags 4D104000 LoadCount 1 \SystemRoot\System32\drivers\Dxapi.sys
  210. 93567000:B000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\monitor.sys
  211. 974F0000:9000 flags 69104000 LoadCount 1 \SystemRoot\System32\TSDDD.dll
  212. 97520000:1E000 flags 69104000 LoadCount 1 \SystemRoot\System32\cdd.dll
  213. 93572000:17000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\usbccgp.sys
  214. 93589000:2000 flags 4D104000 LoadCount 2 \SystemRoot\system32\DRIVERS\USBD.SYS
  215. 9358B000:B000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\hidusb.sys
  216. 93596000:13000 flags 4D104000 LoadCount 1 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  217. 935A9000:7000 flags 4D104000 LoadCount 2 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  218. 935B0000:B000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mouhid.sys
  219. 935BB000:1B000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\luafv.sys
  220. 935D6000:10000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\lltdio.sys
  221. 935E6000:13000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\rspndr.sys
  222. 9300E000:85000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\HTTP.sys
  223. 93093000:19000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\bowser.sys
  224. 930AC000:12000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\mpsdrv.sys
  225. 930BE000:23000 flags 49104000 LoadCount 3 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  226. 930E1000:3B000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  227. 9311C000:1B000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  228. 93137000:7000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\parvdm.sys
  229. 9313E000:2000 flags 49104000 LoadCount 1 \??\C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys
  230. 93140000:97000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\peauth.sys
  231. 931D7000:A000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\secdrv.SYS
  232. 93400000:21000 flags 49104000 LoadCount 3 \SystemRoot\System32\DRIVERS\srvnet.sys
  233. 931E1000:D000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\tcpipreg.sys
  234. 95A0E000:4F000 flags 49104000 LoadCount 1 \SystemRoot\System32\DRIVERS\srv2.sys
  235. 95A5D000:51000 flags 49104000 LoadCount 1 \SystemRoot\System32\DRIVERS\srv.sys
  236. 95AAE000:6A000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\spsys.sys
  237. 95B18000:10000 flags 49104000 LoadCount 1 \??\C:\Users\Admin\AppData\Local\Temp\drv2
  238. 775A0000:13C000 flags 0 LoadCount 1 \Windows\System32\ntdll.dll
  239. 47950000:13000 flags 0 LoadCount 1 \Windows\System32\smss.exe
  240. 777E0000:50000 flags 0 LoadCount 1 \Windows\System32\apisetschema.dll
  241. 00AD0000:A6000 flags 0 LoadCount 1 \Windows\System32\autochk.exe
  242. 77720000:A1000 flags 0 LoadCount 1 \Windows\System32\rpcrt4.dll
  243. 77400000:19D000 flags 0 LoadCount 1 \Windows\System32\setupapi.dll
  244. 77360000:9D000 flags 0 LoadCount 1 \Windows\System32\usp10.dll
  245. 77200000:15C000 flags 0 LoadCount 1 \Windows\System32\ole32.dll
  246. 77120000:D4000 flags 0 LoadCount 1 \Windows\System32\kernel32.dll
  247. 77710000:6000 flags 0 LoadCount 1 \Windows\System32\nsi.dll
  248. 76F20000:1F9000 flags 0 LoadCount 1 \Windows\System32\iertutil.dll
  249. 77700000:A000 flags 0 LoadCount 1 \Windows\System32\lpk.dll
  250. 76E70000:AC000 flags 0 LoadCount 1 \Windows\System32\msvcrt.dll
  251. 76E20000:4E000 flags 0 LoadCount 1 \Windows\System32\gdi32.dll
  252. 76DD0000:45000 flags 0 LoadCount 1 \Windows\System32\Wldap32.dll
  253. 76D70000:52000 flags 0 LoadCount 1 \Windows\System32\difxapi.dll
  254. 76120000:C49000 flags 0 LoadCount 1 \Windows\System32\shell32.dll
  255. 75FE0000:135000 flags 0 LoadCount 1 \Windows\System32\urlmon.dll
  256. 75F40000:A0000 flags 0 LoadCount 1 \Windows\System32\advapi32.dll
  257. 75EB0000:8F000 flags 0 LoadCount 1 \Windows\System32\oleaut32.dll
  258. 776F0000:3000 flags 0 LoadCount 1 \Windows\System32\normaliz.dll
  259. 75E30000:7B000 flags 0 LoadCount 1 \Windows\System32\comdlg32.dll
  260. 75E10000:19000 flags 0 LoadCount 1 \Windows\System32\sechost.dll
  261. 75D10000:F4000 flags 0 LoadCount 1 \Windows\System32\wininet.dll
  262. 75CF0000:1F000 flags 0 LoadCount 1 \Windows\System32\imm32.dll
  263. 75CB0000:35000 flags 0 LoadCount 1 \Windows\System32\ws2_32.dll
  264. 75BE0000:CC000 flags 0 LoadCount 1 \Windows\System32\msctf.dll
  265. 75B80000:57000 flags 0 LoadCount 1 \Windows\System32\shlwapi.dll
  266. 75AF0000:83000 flags 0 LoadCount 1 \Windows\System32\clbcatq.dll
  267. 75AC0000:2A000 flags 0 LoadCount 1 \Windows\System32\imagehlp.dll
  268. 776E0000:5000 flags 0 LoadCount 1 \Windows\System32\psapi.dll
  269. 759F0000:C9000 flags 0 LoadCount 1 \Windows\System32\user32.dll
  270. 758D0000:11C000 flags 0 LoadCount 1 \Windows\System32\crypt32.dll
  271. 758B0000:12000 flags 0 LoadCount 1 \Windows\System32\devobj.dll
  272. 75880000:27000 flags 0 LoadCount 1 \Windows\System32\cfgmgr32.dll
  273. 757F0000:84000 flags 0 LoadCount 1 \Windows\System32\comctl32.dll
  274. 757C0000:2D000 flags 0 LoadCount 1 \Windows\System32\wintrust.dll
  275. 75770000:4A000 flags 0 LoadCount 1 \Windows\System32\KernelBase.dll
  276. 75760000:C000 flags 0 LoadCount 1 \Windows\System32\msasn1.dll
  277. Patched ZwYieldExecution + CA5
  278. Patched KiDispatchInterrupt + 5A2
  279. KernelSection .text rva 1000, size 11B901, 0x4C60 relocs has 0x15 patched bytes !
  280.  
  281. KPRCB worker routines:
  282.  
  283.  
  284. Boot environment:
  285. A1025C15 11E0173E ACF9D5AD 3533A862 1
  286.  
  287. ObTypeIndexTable: 8297D8C0
  288. [00] 00000000
  289. [01] BAD0B0B0
  290. [02] 8B5B38E8
  291. [03] 8B5B3820
  292. [04] 8B5B3758
  293. [05] 8B5B3528
  294. [06] 8B5B8F78
  295. [07] 8B5B8EB0
  296. [08] 8B5B8DE8
  297. [09] 8B5B8D20
  298. [0A] 8B5B8C58
  299. [0B] 8B5B88B0
  300. [0C] 8B629418
  301. [0D] 8B629350
  302. [0E] 8B62B418
  303. [0F] 8B62B350
  304. [10] 8B628470
  305. [11] 8B6283A8
  306. [12] 8B62C9B8
  307. [13] 8B62C8F0
  308. [14] 8B62C828
  309. [15] 8B62C760
  310. [16] 8B62C698
  311. [17] 8B62C5D0
  312. [18] 8B62C508
  313. [19] 8B62C440
  314. [1A] 8B62C378
  315. [1B] 8B62D040
  316. [1C] 8B62DF78
  317. [1D] 8B62DAB0
  318. [1E] 8B62D9E8
  319. [1F] 8B62D920
  320. [20] 8B62D858
  321. [21] 8B62D688
  322. [22] 8B62D2E8
  323. [23] 8B631B10
  324. [24] 8B62F4B8
  325. [25] 8B619A30
  326. [26] 8B646830
  327. [27] 8B646480
  328. [28] 8B6463B8
  329. [29] 8C062F08
  330. [2A] 8CA4A718
  331. [2B] 8C798DD0
  332.  
  333. ObTypes:
  334. ObType TpWorkerFactory (8B62C698):
  335. DumpProcedure: 00000000
  336. OpenProcedure: 00000000
  337. CloseProcedure: 82ABBEB2 \SystemRoot\system32\ntkrnlpa.exe
  338. DeleteProcedure: 828FC96B \SystemRoot\system32\ntkrnlpa.exe
  339. ParseProcedure: 00000000
  340. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  341. QueryNameProcedure: 00000000
  342. OkayToCloseProcedure: 00000000
  343. ObType Directory (8B5B3820):
  344. DumpProcedure: 00000000
  345. OpenProcedure: 00000000
  346. CloseProcedure: 82AB824A \SystemRoot\system32\ntkrnlpa.exe
  347. DeleteProcedure: 00000000
  348. ParseProcedure: 00000000
  349. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  350. QueryNameProcedure: 00000000
  351. OkayToCloseProcedure: 00000000
  352. ObType Mutant (8B62B418):
  353. DumpProcedure: 00000000
  354. OpenProcedure: 00000000
  355. CloseProcedure: 00000000
  356. DeleteProcedure: 828F5EC6 \SystemRoot\system32\ntkrnlpa.exe
  357. ParseProcedure: 00000000
  358. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  359. QueryNameProcedure: 00000000
  360. OkayToCloseProcedure: 00000000
  361. ObType Thread (8B5B8DE8):
  362. DumpProcedure: 00000000
  363. OpenProcedure: 82A9C891 \SystemRoot\system32\ntkrnlpa.exe
  364. CloseProcedure: 00000000
  365. DeleteProcedure: 82A83D8C \SystemRoot\system32\ntkrnlpa.exe
  366. ParseProcedure: 00000000
  367. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  368. QueryNameProcedure: 00000000
  369. OkayToCloseProcedure: 00000000
  370. ObType FilterCommunicationPort (8CA4A718):
  371. DumpProcedure: 00000000
  372. OpenProcedure: 00000000
  373. CloseProcedure: 8363051A \SystemRoot\system32\drivers\fltmgr.sys
  374. DeleteProcedure: 8362FFC8 \SystemRoot\system32\drivers\fltmgr.sys
  375. ParseProcedure: 00000000
  376. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  377. QueryNameProcedure: 00000000
  378. OkayToCloseProcedure: 00000000
  379. ObType TmTx (8B62D9E8):
  380. DumpProcedure: 00000000
  381. OpenProcedure: 00000000
  382. CloseProcedure: 82A0DBDF \SystemRoot\system32\ntkrnlpa.exe
  383. DeleteProcedure: 82A33FE2 \SystemRoot\system32\ntkrnlpa.exe
  384. ParseProcedure: 00000000
  385. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  386. QueryNameProcedure: 00000000
  387. OkayToCloseProcedure: 00000000
  388. ObType Controller (8B62C508):
  389. DumpProcedure: 00000000
  390. OpenProcedure: 00000000
  391. CloseProcedure: 00000000
  392. DeleteProcedure: 00000000
  393. ParseProcedure: 00000000
  394. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  395. QueryNameProcedure: 00000000
  396. OkayToCloseProcedure: 00000000
  397. ObType EtwRegistration (8B646480):
  398. DumpProcedure: 00000000
  399. OpenProcedure: 82ABBB73 \SystemRoot\system32\ntkrnlpa.exe
  400. CloseProcedure: 82A9CE84 \SystemRoot\system32\ntkrnlpa.exe
  401. DeleteProcedure: 82A9CD6F \SystemRoot\system32\ntkrnlpa.exe
  402. ParseProcedure: 00000000
  403. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  404. QueryNameProcedure: 00000000
  405. OkayToCloseProcedure: 00000000
  406. ObType Profile (8B62C9B8):
  407. DumpProcedure: 00000000
  408. OpenProcedure: 00000000
  409. CloseProcedure: 00000000
  410. DeleteProcedure: 82B447DA \SystemRoot\system32\ntkrnlpa.exe
  411. ParseProcedure: 00000000
  412. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  413. QueryNameProcedure: 00000000
  414. OkayToCloseProcedure: 00000000
  415. ObType Event (8B629418):
  416. DumpProcedure: 00000000
  417. OpenProcedure: 00000000
  418. CloseProcedure: 00000000
  419. DeleteProcedure: 00000000
  420. ParseProcedure: 00000000
  421. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  422. QueryNameProcedure: 00000000
  423. OkayToCloseProcedure: 00000000
  424. ObType Type (8B5B38E8):
  425. DumpProcedure: 00000000
  426. OpenProcedure: 00000000
  427. CloseProcedure: 00000000
  428. DeleteProcedure: 00000000
  429. ParseProcedure: 00000000
  430. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  431. QueryNameProcedure: 00000000
  432. OkayToCloseProcedure: 00000000
  433. ObType Section (8B62D688):
  434. DumpProcedure: 00000000
  435. OpenProcedure: 00000000
  436. CloseProcedure: 00000000
  437. DeleteProcedure: 82A6C340 \SystemRoot\system32\ntkrnlpa.exe
  438. ParseProcedure: 00000000
  439. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  440. QueryNameProcedure: 00000000
  441. OkayToCloseProcedure: 00000000
  442. ObType EventPair (8B629350):
  443. DumpProcedure: 00000000
  444. OpenProcedure: 00000000
  445. CloseProcedure: 00000000
  446. DeleteProcedure: 00000000
  447. ParseProcedure: 00000000
  448. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  449. QueryNameProcedure: 00000000
  450. OkayToCloseProcedure: 00000000
  451. ObType SymbolicLink (8B5B3758):
  452. DumpProcedure: 00000000
  453. OpenProcedure: 00000000
  454. CloseProcedure: 00000000
  455. DeleteProcedure: 82A423C8 \SystemRoot\system32\ntkrnlpa.exe
  456. ParseProcedure: 82A5C551 \SystemRoot\system32\ntkrnlpa.exe
  457. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  458. QueryNameProcedure: 00000000
  459. OkayToCloseProcedure: 00000000
  460. ObType Desktop (8B62C760):
  461. DumpProcedure: 00000000
  462. OpenProcedure: 82ABF15A \SystemRoot\system32\ntkrnlpa.exe
  463. CloseProcedure: 82AB8B38 \SystemRoot\system32\ntkrnlpa.exe
  464. DeleteProcedure: 829E16AF \SystemRoot\system32\ntkrnlpa.exe
  465. ParseProcedure: 00000000
  466. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  467. QueryNameProcedure: 00000000
  468. OkayToCloseProcedure: 82AB8AB9 \SystemRoot\system32\ntkrnlpa.exe
  469. ObType UserApcReserve (8B5B8D20):
  470. DumpProcedure: 00000000
  471. OpenProcedure: 00000000
  472. CloseProcedure: 00000000
  473. DeleteProcedure: 00000000
  474. ParseProcedure: 00000000
  475. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  476. QueryNameProcedure: 00000000
  477. OkayToCloseProcedure: 00000000
  478. ObType EtwConsumer (8B6463B8):
  479. DumpProcedure: 00000000
  480. OpenProcedure: 82ABBB73 \SystemRoot\system32\ntkrnlpa.exe
  481. CloseProcedure: 82AD3E76 \SystemRoot\system32\ntkrnlpa.exe
  482. DeleteProcedure: 82AD3DB1 \SystemRoot\system32\ntkrnlpa.exe
  483. ParseProcedure: 00000000
  484. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  485. QueryNameProcedure: 00000000
  486. OkayToCloseProcedure: 00000000
  487. ObType Timer (8B6283A8):
  488. DumpProcedure: 00000000
  489. OpenProcedure: 00000000
  490. CloseProcedure: 00000000
  491. DeleteProcedure: 82861F94 \SystemRoot\system32\ntkrnlpa.exe
  492. ParseProcedure: 00000000
  493. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  494. QueryNameProcedure: 00000000
  495. OkayToCloseProcedure: 00000000
  496. ObType File (8B62DF78):
  497. DumpProcedure: 00000000
  498. OpenProcedure: 00000000
  499. CloseProcedure: 82A96BAF \SystemRoot\system32\ntkrnlpa.exe
  500. DeleteProcedure: 82A7CCBB \SystemRoot\system32\ntkrnlpa.exe
  501. ParseProcedure: 82AC4FE0 \SystemRoot\system32\ntkrnlpa.exe
  502. SecurityProcedure: 82A9B41D \SystemRoot\system32\ntkrnlpa.exe
  503. QueryNameProcedure: 82AA8E11 \SystemRoot\system32\ntkrnlpa.exe
  504. OkayToCloseProcedure: 00000000
  505. ObType WindowStation (8B62C828):
  506. DumpProcedure: 00000000
  507. OpenProcedure: 82ABF15A \SystemRoot\system32\ntkrnlpa.exe
  508. CloseProcedure: 82AB8B38 \SystemRoot\system32\ntkrnlpa.exe
  509. DeleteProcedure: 829E16AF \SystemRoot\system32\ntkrnlpa.exe
  510. ParseProcedure: 82ABF1DE \SystemRoot\system32\ntkrnlpa.exe
  511. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  512. QueryNameProcedure: 00000000
  513. OkayToCloseProcedure: 82AB8AB9 \SystemRoot\system32\ntkrnlpa.exe
  514. ObType PcwObject (8C798DD0):
  515. DumpProcedure: 00000000
  516. OpenProcedure: 8DE8DC70 \SystemRoot\System32\drivers\pcw.sys
  517. CloseProcedure: 8DE8DC8A \SystemRoot\System32\drivers\pcw.sys
  518. DeleteProcedure: 8DE8DCAC \SystemRoot\System32\drivers\pcw.sys
  519. ParseProcedure: 00000000
  520. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  521. QueryNameProcedure: 00000000
  522. OkayToCloseProcedure: 00000000
  523. ObType TmEn (8B62D858):
  524. DumpProcedure: 00000000
  525. OpenProcedure: 00000000
  526. CloseProcedure: 82A0DAE2 \SystemRoot\system32\ntkrnlpa.exe
  527. DeleteProcedure: 82A0DB19 \SystemRoot\system32\ntkrnlpa.exe
  528. ParseProcedure: 00000000
  529. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  530. QueryNameProcedure: 00000000
  531. OkayToCloseProcedure: 00000000
  532. ObType Driver (8B62C378):
  533. DumpProcedure: 00000000
  534. OpenProcedure: 00000000
  535. CloseProcedure: 00000000
  536. DeleteProcedure: 82AF64DF \SystemRoot\system32\ntkrnlpa.exe
  537. ParseProcedure: 00000000
  538. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  539. QueryNameProcedure: 00000000
  540. OkayToCloseProcedure: 00000000
  541. ObType WmiGuid (8B646830):
  542. DumpProcedure: 00000000
  543. OpenProcedure: 00000000
  544. CloseProcedure: 00000000
  545. DeleteProcedure: 8285DCBB \SystemRoot\system32\ntkrnlpa.exe
  546. ParseProcedure: 00000000
  547. SecurityProcedure: 82A28EE8 \SystemRoot\system32\ntkrnlpa.exe
  548. QueryNameProcedure: 00000000
  549. OkayToCloseProcedure: 00000000
  550. ObType KeyedEvent (8B62C8F0):
  551. DumpProcedure: 00000000
  552. OpenProcedure: 00000000
  553. CloseProcedure: 00000000
  554. DeleteProcedure: 00000000
  555. ParseProcedure: 00000000
  556. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  557. QueryNameProcedure: 00000000
  558. OkayToCloseProcedure: 00000000
  559. ObType Device (8B62C440):
  560. DumpProcedure: 00000000
  561. OpenProcedure: 00000000
  562. CloseProcedure: 00000000
  563. DeleteProcedure: 829F4C64 \SystemRoot\system32\ntkrnlpa.exe
  564. ParseProcedure: 82A7A756 \SystemRoot\system32\ntkrnlpa.exe
  565. SecurityProcedure: 82A9B41D \SystemRoot\system32\ntkrnlpa.exe
  566. QueryNameProcedure: 00000000
  567. OkayToCloseProcedure: 00000000
  568. ObType Token (8B5B3528):
  569. DumpProcedure: 00000000
  570. OpenProcedure: 00000000
  571. CloseProcedure: 00000000
  572. DeleteProcedure: 82AB6D66 \SystemRoot\system32\ntkrnlpa.exe
  573. ParseProcedure: 00000000
  574. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  575. QueryNameProcedure: 00000000
  576. OkayToCloseProcedure: 00000000
  577. ObType ALPC Port (8B62F4B8):
  578. DumpProcedure: 00000000
  579. OpenProcedure: 82ABBF87 \SystemRoot\system32\ntkrnlpa.exe
  580. CloseProcedure: 82AABE45 \SystemRoot\system32\ntkrnlpa.exe
  581. DeleteProcedure: 82AA6514 \SystemRoot\system32\ntkrnlpa.exe
  582. ParseProcedure: 00000000
  583. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  584. QueryNameProcedure: 00000000
  585. OkayToCloseProcedure: 00000000
  586. ObType DebugObject (8B5B88B0):
  587. DumpProcedure: 00000000
  588. OpenProcedure: 00000000
  589. CloseProcedure: 82AE9FA9 \SystemRoot\system32\ntkrnlpa.exe
  590. DeleteProcedure: 82AC1873 \SystemRoot\system32\ntkrnlpa.exe
  591. ParseProcedure: 00000000
  592. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  593. QueryNameProcedure: 00000000
  594. OkayToCloseProcedure: 00000000
  595. ObType IoCompletion (8B62D040):
  596. DumpProcedure: 00000000
  597. OpenProcedure: 00000000
  598. CloseProcedure: 82A9EF1A \SystemRoot\system32\ntkrnlpa.exe
  599. DeleteProcedure: 82A9F703 \SystemRoot\system32\ntkrnlpa.exe
  600. ParseProcedure: 00000000
  601. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  602. QueryNameProcedure: 00000000
  603. OkayToCloseProcedure: 00000000
  604. ObType Process (8B5B8EB0):
  605. DumpProcedure: 00000000
  606. OpenProcedure: 82ABA267 \SystemRoot\system32\ntkrnlpa.exe
  607. CloseProcedure: 82AABECC \SystemRoot\system32\ntkrnlpa.exe
  608. DeleteProcedure: 82AAB10A \SystemRoot\system32\ntkrnlpa.exe
  609. ParseProcedure: 00000000
  610. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  611. QueryNameProcedure: 00000000
  612. OkayToCloseProcedure: 00000000
  613. ObType TmRm (8B62D920):
  614. DumpProcedure: 00000000
  615. OpenProcedure: 829D798B \SystemRoot\system32\ntkrnlpa.exe
  616. CloseProcedure: 82AC7D7A \SystemRoot\system32\ntkrnlpa.exe
  617. DeleteProcedure: 82AC7F8A \SystemRoot\system32\ntkrnlpa.exe
  618. ParseProcedure: 00000000
  619. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  620. QueryNameProcedure: 00000000
  621. OkayToCloseProcedure: 00000000
  622. ObType Adapter (8B62C5D0):
  623. DumpProcedure: 00000000
  624. OpenProcedure: 00000000
  625. CloseProcedure: 00000000
  626. DeleteProcedure: 00000000
  627. ParseProcedure: 00000000
  628. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  629. QueryNameProcedure: 00000000
  630. OkayToCloseProcedure: 00000000
  631. ObType PowerRequest (8B619A30):
  632. DumpProcedure: 00000000
  633. OpenProcedure: 00000000
  634. CloseProcedure: 82A1D35D \SystemRoot\system32\ntkrnlpa.exe
  635. DeleteProcedure: 00000000
  636. ParseProcedure: 00000000
  637. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  638. QueryNameProcedure: 00000000
  639. OkayToCloseProcedure: 00000000
  640. ObType Key (8B631B10):
  641. DumpProcedure: 00000000
  642. OpenProcedure: 00000000
  643. CloseProcedure: 82AA7C47 \SystemRoot\system32\ntkrnlpa.exe
  644. DeleteProcedure: 82A9800D \SystemRoot\system32\ntkrnlpa.exe
  645. ParseProcedure: 82A71552 \SystemRoot\system32\ntkrnlpa.exe
  646. SecurityProcedure: 82A47142 \SystemRoot\system32\ntkrnlpa.exe
  647. QueryNameProcedure: 82A02170 \SystemRoot\system32\ntkrnlpa.exe
  648. OkayToCloseProcedure: 00000000
  649. ObType Job (8B5B8F78):
  650. DumpProcedure: 00000000
  651. OpenProcedure: 00000000
  652. CloseProcedure: 82A2D801 \SystemRoot\system32\ntkrnlpa.exe
  653. DeleteProcedure: 82A30E96 \SystemRoot\system32\ntkrnlpa.exe
  654. ParseProcedure: 00000000
  655. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  656. QueryNameProcedure: 00000000
  657. OkayToCloseProcedure: 00000000
  658. ObType Session (8B62D2E8):
  659. DumpProcedure: 00000000
  660. OpenProcedure: 00000000
  661. CloseProcedure: 00000000
  662. DeleteProcedure: 82AC71BE \SystemRoot\system32\ntkrnlpa.exe
  663. ParseProcedure: 00000000
  664. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  665. QueryNameProcedure: 00000000
  666. OkayToCloseProcedure: 00000000
  667. ObType TmTm (8B62DAB0):
  668. DumpProcedure: 00000000
  669. OpenProcedure: 82A03C9F \SystemRoot\system32\ntkrnlpa.exe
  670. CloseProcedure: 82A03919 \SystemRoot\system32\ntkrnlpa.exe
  671. DeleteProcedure: 82AC9831 \SystemRoot\system32\ntkrnlpa.exe
  672. ParseProcedure: 00000000
  673. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  674. QueryNameProcedure: 00000000
  675. OkayToCloseProcedure: 00000000
  676. ObType IoCompletionReserve (8B5B8C58):
  677. DumpProcedure: 00000000
  678. OpenProcedure: 00000000
  679. CloseProcedure: 00000000
  680. DeleteProcedure: 00000000
  681. ParseProcedure: 00000000
  682. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  683. QueryNameProcedure: 00000000
  684. OkayToCloseProcedure: 00000000
  685. ObType Callback (8B62B350):
  686. DumpProcedure: 00000000
  687. OpenProcedure: 00000000
  688. CloseProcedure: 00000000
  689. DeleteProcedure: 82AC1873 \SystemRoot\system32\ntkrnlpa.exe
  690. ParseProcedure: 00000000
  691. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  692. QueryNameProcedure: 00000000
  693. OkayToCloseProcedure: 00000000
  694. ObType FilterConnectionPort (8C062F08):
  695. DumpProcedure: 00000000
  696. OpenProcedure: 00000000
  697. CloseProcedure: 8363054A \SystemRoot\system32\drivers\fltmgr.sys
  698. DeleteProcedure: 8362FFE2 \SystemRoot\system32\drivers\fltmgr.sys
  699. ParseProcedure: 00000000
  700. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  701. QueryNameProcedure: 00000000
  702. OkayToCloseProcedure: 00000000
  703. ObType Semaphore (8B628470):
  704. DumpProcedure: 00000000
  705. OpenProcedure: 00000000
  706. CloseProcedure: 00000000
  707. DeleteProcedure: 00000000
  708. ParseProcedure: 00000000
  709. SecurityProcedure: 82AAED13 \SystemRoot\system32\ntkrnlpa.exe
  710. QueryNameProcedure: 00000000
  711. OkayToCloseProcedure: 00000000
  712.  
  713. Callbacks:
  714. CB: AfdTdxCallback, total 0:
  715. CB: IoSessionNotifications, total 0:
  716. CB: ProcessorAdd, total 6:
  717. 834D5890 (\SystemRoot\system32\DRIVERS\ACPI.sys)
  718. 8DECB760 (\SystemRoot\system32\drivers\ndis.sys)
  719. 8E0D2999 (\SystemRoot\System32\drivers\tcpip.sys)
  720. 82B1145D (\SystemRoot\system32\ntkrnlpa.exe)
  721. 92F292C2 (\SystemRoot\system32\DRIVERS\tunnel.sys)
  722. 9301E2C1 (\SystemRoot\system32\drivers\HTTP.sys)
  723. CB: Phase1InitComplete, total 0:
  724. CB: SetSystemState, total 0:
  725. CB: NdisBindUnbind, total 0:
  726. CB: PowerState, total D:
  727. 829D15DA (\SystemRoot\system32\ntkrnlpa.exe)
  728. 829D15AD (\SystemRoot\system32\ntkrnlpa.exe)
  729. 8280FE70 (\SystemRoot\system32\halmacpi.dll)
  730. 834C62DE (\SystemRoot\system32\DRIVERS\ACPI.sys)
  731. 835158F6 (\SystemRoot\system32\DRIVERS\pci.sys)
  732. 8348469D (\SystemRoot\system32\drivers\Wdf01000.sys)
  733. 8348469D (\SystemRoot\system32\drivers\Wdf01000.sys)
  734. 92F7C39B (\SystemRoot\system32\DRIVERS\parport.sys)
  735. 93200BAA (\SystemRoot\system32\DRIVERS\CmBatt.sys)
  736. 8348469D (\SystemRoot\system32\drivers\Wdf01000.sys)
  737. 8348469D (\SystemRoot\system32\drivers\Wdf01000.sys)
  738. 8348469D (\SystemRoot\system32\drivers\Wdf01000.sys)
  739. 8348469D (\SystemRoot\system32\drivers\Wdf01000.sys)
  740. CB: LicensingData, total 0:
  741. CB: EnlightenmentState, total 1:
  742. 8292C09D (\SystemRoot\system32\ntkrnlpa.exe)
  743. CB: LLTDCallbackMapper0006000006000000, total 0:
  744. CB: LLTDCallbackRspndr0006000006000000, total 1:
  745. 935E7DE6 (\SystemRoot\system32\DRIVERS\rspndr.sys)
  746. CB: TcpConnectionCallbackTemp, total 0:
  747. CB: SetSystemTime, total 0:
  748. CB: TcpTimerStarvationCallbackTemp, total 0:
  749.  
  750. bugcheck callbacks - 4:
  751. 8DED4B96 (\SystemRoot\system32\drivers\ndis.sys)
  752. 8DED4B96 (\SystemRoot\system32\drivers\ndis.sys)
  753. 8DED4B96 (\SystemRoot\system32\drivers\ndis.sys)
  754. 82813908 (\SystemRoot\system32\halmacpi.dll)
  755.  
  756. bugcheck reason callbacks - 31:
  757. 8348972D (\SystemRoot\system32\drivers\Wdf01000.sys)
  758. 935B350E (\SystemRoot\system32\DRIVERS\mouhid.sys)
  759. 9359EA2C (\SystemRoot\system32\DRIVERS\HIDCLASS.SYS)
  760. 9358E85C (\SystemRoot\system32\DRIVERS\hidusb.sys)
  761. 8348972D (\SystemRoot\system32\drivers\Wdf01000.sys)
  762. 9351E1BE (\SystemRoot\System32\Drivers\crashdmp.sys)
  763. 934EE82A (\SystemRoot\system32\DRIVERS\usbhub.sys)
  764. 934EE7D5 (\SystemRoot\system32\DRIVERS\usbhub.sys)
  765. 8348972D (\SystemRoot\system32\drivers\Wdf01000.sys)
  766. 8348972D (\SystemRoot\system32\drivers\Wdf01000.sys)
  767. 8348972D (\SystemRoot\system32\drivers\Wdf01000.sys)
  768. 93326D79 (\SystemRoot\system32\DRIVERS\USBPORT.SYS)
  769. 93326E30 (\SystemRoot\system32\DRIVERS\USBPORT.SYS)
  770. 93326DD6 (\SystemRoot\system32\DRIVERS\USBPORT.SYS)
  771. 93219470 (\SystemRoot\System32\drivers\dxgkrnl.sys)
  772. 92F715F5 (\SystemRoot\system32\DRIVERS\mouclass.sys)
  773. 92F62861 (\SystemRoot\system32\DRIVERS\kbdclass.sys)
  774. 92F4F8D5 (\SystemRoot\system32\DRIVERS\i8042prt.sys)
  775. 92E87EEC (\SystemRoot\system32\DRIVERS\mssmbios.sys)
  776. 92E87EA4 (\SystemRoot\system32\DRIVERS\mssmbios.sys)
  777. 92E87E54 (\SystemRoot\system32\DRIVERS\mssmbios.sys)
  778. 92E87E0C (\SystemRoot\system32\DRIVERS\mssmbios.sys)
  779. 9247A392 (\SystemRoot\System32\drivers\VIDEOPRT.SYS)
  780. 8348972D (\SystemRoot\system32\drivers\Wdf01000.sys)
  781. 9243F88B (\SystemRoot\system32\DRIVERS\cdrom.sys)
  782. 837D64FF (\SystemRoot\system32\DRIVERS\CLASSPNP.SYS)
  783. 8348972D (\SystemRoot\system32\drivers\Wdf01000.sys)
  784. 8348972D (\SystemRoot\system32\drivers\Wdf01000.sys)
  785. 8348972D (\SystemRoot\system32\drivers\Wdf01000.sys)
  786. 8348922A (\SystemRoot\system32\drivers\Wdf01000.sys)
  787. 834022A6 (\SystemRoot\system32\DRIVERS\ataport.SYS)
  788.  
  789. NMI callbacks - 1:
  790.  
  791. Process notifiers:
  792. [0] 828F736C \SystemRoot\system32\ntkrnlpa.exe
  793. [1] 837BE9D8 \SystemRoot\System32\Drivers\ksecdd.sys
  794. [2] 8DE2ED96 \SystemRoot\System32\Drivers\cng.sys
  795. [3] 8E0CC733 \SystemRoot\System32\drivers\tcpip.sys
  796. [4] 82EF8DF0 \SystemRoot\system32\CI.dll
  797. [5] 924016AE \??\C:\Windows\system32\Drivers\vmdebug.sys
  798.  
  799. Image notifiers:
  800. [0] 82ABB833 \SystemRoot\system32\ntkrnlpa.exe
  801.  
  802. FS Change notifiers: 3 (actual 3)
  803. DriverObj 8B6A31B8 addr 8362CBDA \SystemRoot\system32\drivers\fltmgr.sys
  804. DriverObj 8BEC91B8 addr 8C477D40 UNKNOWN
  805. DriverObj 8B6A31B8 addr 8362CBDA \SystemRoot\system32\drivers\fltmgr.sys
  806.  
  807. LogonSessionTerminatedRoutines: 2
  808. [0] 930CD03E \SystemRoot\system32\DRIVERS\mrxsmb.sys
  809. [1] 935C99D9 \SystemRoot\system32\drivers\luafv.sys
  810.  
  811. Callouts (18):
  812. PspW32ProcessCallout: 9735E8DA \SystemRoot\System32\win32k.sys
  813. PspW32ThreadCallout: 9735EA6C \SystemRoot\System32\win32k.sys
  814. ExGlobalAtomTableCallout: 97305C24 \SystemRoot\System32\win32k.sys
  815. PopEventCallout: 9737D040 \SystemRoot\System32\win32k.sys
  816. PopStateCallout: 9737B90F \SystemRoot\System32\win32k.sys
  817. PopWin32InfoCallout: 972D9FAC \SystemRoot\System32\win32k.sys
  818. PspW32JobCallout: 972FC08F \SystemRoot\System32\win32k.sys
  819. KeGdiFlushUserBatch: 9733F9E4 \SystemRoot\System32\win32k.sys
  820. ExDesktopOpenProcedureCallout: 9735C108 \SystemRoot\System32\win32k.sys
  821. ExDesktopOkToCloseProcedureCallout: 973610F4 \SystemRoot\System32\win32k.sys
  822. ExDesktopCloseProcedureCallout: 97361083 \SystemRoot\System32\win32k.sys
  823. ExDesktopDeleteProcedureCallout: 972AD47B \SystemRoot\System32\win32k.sys
  824. ExWindowStationOkToCloseProcedureCallout: 9735EB9C \SystemRoot\System32\win32k.sys
  825. ExWindowStationCloseProcedureCallout: 9735EB25 \SystemRoot\System32\win32k.sys
  826. ExWindowStationDeleteProcedureCallout: 9737555F \SystemRoot\System32\win32k.sys
  827. ExWindowStationParseProcedureCallout: 97364DE8 \SystemRoot\System32\win32k.sys
  828. ExWindowStationOpenProcedureCallout: 97364EA4 \SystemRoot\System32\win32k.sys
  829. ExLicensingWin32Callout: 973F5837 \SystemRoot\System32\win32k.sys
  830. FltMgrCallbacks: 8361FB3C \SystemRoot\system32\drivers\fltmgr.sys
  831. FsRtlpMupCalls: 8DFBC068 \SystemRoot\System32\Drivers\mup.sys
  832.  
  833. DbgkLkmdCallback:
  834. DbgkLkmd[0] callback 9740A9F6 \SystemRoot\System32\win32k.sys
  835. ExpDisQueryAttributeInformation 92E91A72 \SystemRoot\System32\drivers\discache.sys
  836. ExpDisSetAttributeInformation 92E91EE2 \SystemRoot\System32\drivers\discache.sys
  837.  
  838. PriorityCallbacks:
  839. [0] 828660DE \SystemRoot\system32\ntkrnlpa.exe
  840.  
  841. Pnp Notifiers: total 19, readed 19
  842. Pnp[0] CategoryHardwareProfileChange DEVINTERFACE_HID addr 829C84D0 \SystemRoot\system32\ntkrnlpa.exe
  843. Pnp[1] CategoryHardwareProfileChange DEVICE_THERMAL_ZONE addr 829C84D0 \SystemRoot\system32\ntkrnlpa.exe
  844. Pnp[2] CategoryHardwareProfileChange DEVINTERFACE_HID addr 9729B547 \SystemRoot\System32\win32k.sys
  845. Pnp[3] CategoryHardwareProfileChange DEVINTERFACE_MT_TRANSPORT addr 92FE793A \SystemRoot\system32\DRIVERS\CompositeBus.sys
  846. Pnp[4] CategoryHardwareProfileChange DEVICE_SYS_BUTTON addr 829C84D0 \SystemRoot\system32\ntkrnlpa.exe
  847. Pnp[5] CategoryHardwareProfileChange DEVICE_MEMORY addr 829C84D0 \SystemRoot\system32\ntkrnlpa.exe
  848. Pnp[6] CategoryHardwareProfileChange DEVINTERFACE_MT_COMPOSITE addr 92FE793A \SystemRoot\system32\DRIVERS\CompositeBus.sys
  849. Pnp[7] CategoryHardwareProfileChange DEVINTERFACE_DISK addr 8B618180 UNKNOWN
  850. Pnp[8] CategoryHardwareProfileChange DEVINTERFACE_HIDDEN_VOLUME addr 8356D3E0 \SystemRoot\system32\DRIVERS\volmgr.sys
  851. Pnp[9] CategoryHardwareProfileChange DEVINTERFACE_MONITOR_DRIVER addr 932501AA \SystemRoot\System32\drivers\dxgkrnl.sys
  852. Pnp[10] CategoryHardwareProfileChange DEVINTERFACE_MOUSE addr 9729B547 \SystemRoot\System32\win32k.sys
  853. Pnp[11] CategoryHardwareProfileChange DEVINTERFACE_CDROM addr 9729BCCC \SystemRoot\System32\win32k.sys
  854. Pnp[12] CategoryHardwareProfileChange DEVINTERFACE_VOLUME addr 8356D3E0 \SystemRoot\system32\DRIVERS\volmgr.sys
  855. Pnp[13] CategoryHardwareProfileChange DEVINTERFACE_VOLUME addr 835E6216 \SystemRoot\System32\drivers\mountmgr.sys
  856. Pnp[14] CategoryHardwareProfileChange DEVINTERFACE_VOLUME addr 8E02FD42 \SystemRoot\system32\DRIVERS\volsnap.sys
  857. Pnp[15] CategoryHardwareProfileChange DEVINTERFACE_KEYBOARD addr 9729B547 \SystemRoot\System32\win32k.sys
  858. Pnp[16] CategoryHardwareProfileChange DEVCLASS_BATTERY addr 829C84D0 \SystemRoot\system32\ntkrnlpa.exe
  859. Pnp[17] CategoryHardwareProfileChange VOLMGR_VOLUME_MANAGER addr 83549D86 \SystemRoot\System32\drivers\partmgr.sys
  860. Pnp[18] CategoryHardwareProfileChange DEVCLASS_BATTERY addr 83553664 \SystemRoot\system32\DRIVERS\compbatt.sys
  861.  
  862. PlugPlayHandlerTable: 23 items
  863. PlugPlayHandlerTable[0] 82B00117 \SystemRoot\system32\ntkrnlpa.exe
  864. PlugPlayHandlerTable[1] 82B00094 \SystemRoot\system32\ntkrnlpa.exe
  865. PlugPlayHandlerTable[2] 82AFFF9D \SystemRoot\system32\ntkrnlpa.exe
  866. PlugPlayHandlerTable[3] 82ACD97B \SystemRoot\system32\ntkrnlpa.exe
  867. PlugPlayHandlerTable[4] 829EB833 \SystemRoot\system32\ntkrnlpa.exe
  868. PlugPlayHandlerTable[6] 829EF945 \SystemRoot\system32\ntkrnlpa.exe
  869. PlugPlayHandlerTable[7] 829F23EC \SystemRoot\system32\ntkrnlpa.exe
  870. PlugPlayHandlerTable[8] 82B001B9 \SystemRoot\system32\ntkrnlpa.exe
  871. PlugPlayHandlerTable[9] 82A2334A \SystemRoot\system32\ntkrnlpa.exe
  872. PlugPlayHandlerTable[10] 829F164F \SystemRoot\system32\ntkrnlpa.exe
  873. PlugPlayHandlerTable[11] 82B002E3 \SystemRoot\system32\ntkrnlpa.exe
  874. PlugPlayHandlerTable[12] 82A05A83 \SystemRoot\system32\ntkrnlpa.exe
  875. PlugPlayHandlerTable[13] 82A1795D \SystemRoot\system32\ntkrnlpa.exe
  876. PlugPlayHandlerTable[14] 82A16EDA \SystemRoot\system32\ntkrnlpa.exe
  877. PlugPlayHandlerTable[15] 829DB513 \SystemRoot\system32\ntkrnlpa.exe
  878. PlugPlayHandlerTable[16] 82B00532 \SystemRoot\system32\ntkrnlpa.exe
  879. PlugPlayHandlerTable[17] 82A17F2A \SystemRoot\system32\ntkrnlpa.exe
  880. PlugPlayHandlerTable[18] 82B00658 \SystemRoot\system32\ntkrnlpa.exe
  881. PlugPlayHandlerTable[19] 82AC9AA5 \SystemRoot\system32\ntkrnlpa.exe
  882. PlugPlayHandlerTable[20] 82AFFF12 \SystemRoot\system32\ntkrnlpa.exe
  883. PlugPlayHandlerTable[21] 82B00A1A \SystemRoot\system32\ntkrnlpa.exe
  884. PlugPlayHandlerTable[22] 829DB18F \SystemRoot\system32\ntkrnlpa.exe
  885.  
  886. InitIsWinPEMode: 0
  887. CiEnabled: 1
  888. CI Table:
  889. [0]: 82EF0D5E \SystemRoot\system32\CI.dll
  890. [1]: 82EEF926 \SystemRoot\system32\CI.dll
  891. [2]: 82EEF09A \SystemRoot\system32\CI.dll
  892.  
  893. CrashdmpCallTable (82971D94): 8 items:
  894. [0] CrashdmpInitialize: 93524408 \SystemRoot\System32\Drivers\crashdmp.sys
  895. [1] CrashdmpLoadDumpStack: 93524006 \SystemRoot\System32\Drivers\crashdmp.sys
  896. [2] CrashdmpInitDumpStack: 9351E006 \SystemRoot\System32\Drivers\crashdmp.sys
  897. [3] CrashdmpFreeDumpStack: 935242FA \SystemRoot\System32\Drivers\crashdmp.sys
  898. [4] CrashdmpDisable: 9352436E \SystemRoot\System32\Drivers\crashdmp.sys
  899. [5] CrashdmpNotify: 9351E0BC \SystemRoot\System32\Drivers\crashdmp.sys
  900. [6] CrashdmpWrite: 9351E108 \SystemRoot\System32\Drivers\crashdmp.sys
  901. [7] CrashdmpUpdatePhysicalRange: 9351E180 \SystemRoot\System32\Drivers\crashdmp.sys
  902.  
  903. CI.dll data:
  904. g_CiOptions: 4
  905. g_CiSystemProcess: 8B5B8958
  906. Driver C:\Windows\system32\drivers\Wdf01000.sys!.text has 185C patched bytes !
  907. Driver C:\Windows\system32\drivers\Wdf01000.sys!PAGEWdfV has 13E patched bytes !
  908. Driver C:\Windows\system32\drivers\Wdf01000.sys!PAGE has 144 patched bytes !
  909. Driver C:\Windows\system32\drivers\ACPI.sys!.text has AD patched bytes !
  910. Patched DeRegisterOpRegionHandler + BB7E
  911. Driver C:\Windows\system32\drivers\ACPI.sys!PAGE has 189D patched bytes !
  912. Driver C:\Windows\system32\drivers\pci.sys!.text has 1926 patched bytes !
  913. Driver C:\Windows\system32\drivers\pci.sys!PAGE has 1C patched bytes !
  914. Driver C:\Windows\system32\drivers\pci.sys!PAGEKD has 96 patched bytes !
  915.  
  916. Driver atapi DrvObj 8B65F1B8:
  917. DriverUnload patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 83415DE6
  918. AddDevice patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 83418750
  919. Handler MJ_CREATE patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 8341A8C4
  920. Handler MJ_CLOSE patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 8341A8C4
  921. Handler MJ_DEVICE_CONTROL patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 8340647C
  922. Handler MJ_INTERNAL_DEVICE_CONTROL patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 8340644E
  923. Handler MJ_POWER patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 834064AA
  924. Handler MJ_SYSTEM_CONTROL patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 83415DB2
  925. Handler MJ_PNP patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 83415D7E
  926. Patched FltGetRequestorProcessIdEx + 4CB
  927. Driver C:\Windows\system32\drivers\fltmgr.sys!.text has 8A patched bytes !
  928. Patched FltGetRequestorProcessIdEx + 7F90
  929. Patched FltAttachVolume
  930. Patched FltAttachVolumeAtAltitude
  931. Patched FltDetachVolume
  932. Patched FltGetTransactionContext
  933. Patched FltSetTransactionContext
  934. Patched FltNotifyFilterChangeDirectory + 1D0
  935. Driver C:\Windows\system32\drivers\fltmgr.sys!PAGE has 182A patched bytes !
  936. Patched FltNotifyFilterChangeDirectory + 4E4F
  937. Driver C:\Windows\system32\drivers\fltmgr.sys!PAGEVRF1 has 18B patched bytes !
  938. Driver C:\Windows\system32\drivers\Ntfs.sys!.text has 1995 patched bytes !
  939. Driver C:\Windows\system32\drivers\Ntfs.sys!PAGE has DE patched bytes !
  940. Patched NetDmaIsDmaCopyComplete + 119F
  941. Driver C:\Windows\system32\drivers\ndis.sys!.text has 40 patched bytes !
  942. Patched NetDmaIsDmaCopyComplete + 7DFD
  943. Patched NdisCloseAdapterEx
  944. Patched NdisIMNotifyPnPEvent + 3C08
  945. Driver C:\Windows\system32\drivers\ndis.sys!PAGE has 18AC patched bytes !
  946. Patched NdisMSynchronizeWithInterrupt + 1410
  947. Driver C:\Windows\system32\drivers\ndis.sys!PAGENDSM has 19 patched bytes !
  948. Patched NdisCompletePnPEvent + 650
  949. Driver C:\Windows\system32\drivers\ndis.sys!PAGENDSP has 81 patched bytes !
  950. Patched TrFilterDprIndicateReceiveComplete + 886
  951. Driver C:\Windows\system32\drivers\ndis.sys!PAGENDST has C9 patched bytes !
  952. Patched NdisMRegisterInterrupt + 864
  953. Driver C:\Windows\system32\drivers\ndis.sys!PAGENPNP has 103 patched bytes !
  954. Patched EthFilterDprIndicateReceive + D29
  955. Driver C:\Windows\system32\drivers\ndis.sys!PAGENDSE has 7B patched bytes !
  956. Patched NdisMCoSendComplete + 68
  957. Driver C:\Windows\system32\drivers\ndis.sys!PAGENDCO has 55 patched bytes !
  958. Driver C:\Windows\system32\drivers\volsnap.sys!.text has 1876 patched bytes !
  959. Driver C:\Windows\system32\drivers\volsnap.sys!PAGELK has B6 patched bytes !
  960.  
  961. Driver Disk DrvObj 8C432E40:
  962. DriverUnload patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 837E092B
  963. AddDevice patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 837DE603
  964. Handler MJ_CREATE patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 837C939F
  965. Handler MJ_CLOSE patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 837C939F
  966. Handler MJ_READ patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 837C939F
  967. Handler MJ_WRITE patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 837C939F
  968. Handler MJ_FLUSH_BUFFERS patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 837C939F
  969. Handler MJ_DEVICE_CONTROL patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 837C939F
  970. Handler MJ_INTERNAL_DEVICE_CONTROL patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 837C939F
  971. Handler MJ_SHUTDOWN patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 837C939F
  972. Handler MJ_POWER patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 837C939F
  973. Handler MJ_SYSTEM_CONTROL patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 837C939F
  974. Handler MJ_PNP patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 837C939F
  975. CLASS_DRIVER_EXTENSION: 8C432AB8
  976. Fdo.ClassError: 8DE01DCC \SystemRoot\system32\DRIVERS\disk.sys
  977. Fdo.ClassReadWriteVerification: 8DE015C2 \SystemRoot\system32\DRIVERS\disk.sys
  978. Fdo.ClassDeviceControl: 8DE01B5E \SystemRoot\system32\DRIVERS\disk.sys
  979. Fdo.ClassShutdownFlush: 8DE09212 \SystemRoot\system32\DRIVERS\disk.sys
  980. Fdo.ClassInitDevice: 8DE0B78E \SystemRoot\system32\DRIVERS\disk.sys
  981. Fdo.ClassStartDevice: 8DE0B0D2 \SystemRoot\system32\DRIVERS\disk.sys
  982. Fdo.ClassPowerDevice: 8DE031D8 \SystemRoot\system32\DRIVERS\disk.sys
  983. Fdo.ClassStopDevice: 8DE02FEE \SystemRoot\system32\DRIVERS\disk.sys
  984. Fdo.ClassRemoveDevice: 8DE0B6D8 \SystemRoot\system32\DRIVERS\disk.sys
  985. Fdo.ClassWmiInfo.ClassQueryWmiRegInfo: 8DE09A62 \SystemRoot\system32\DRIVERS\disk.sys
  986. Fdo.ClassWmiInfo.ClassQueryWmiDataBlock: 8DE09B02 \SystemRoot\system32\DRIVERS\disk.sys
  987. Fdo.ClassWmiInfo.ClassSetWmiDataBlock: 8DE09D82 \SystemRoot\system32\DRIVERS\disk.sys
  988. Fdo.ClassWmiInfo.ClassSetWmiDataItem: 8DE09EEA \SystemRoot\system32\DRIVERS\disk.sys
  989. Fdo.ClassWmiInfo.ClassExecuteWmiMethod: 8DE0A432 \SystemRoot\system32\DRIVERS\disk.sys
  990. Fdo.ClassWmiInfo.ClassWmiFunctionControl: 8DE0A2A8 \SystemRoot\system32\DRIVERS\disk.sys
  991. ClassAddDevice: 8DE0AEE6 \SystemRoot\system32\DRIVERS\disk.sys
  992. ClassUnload: 8DE06422 \SystemRoot\system32\DRIVERS\disk.sys
  993.  
  994. Driver usbehci DrvObj 8C81F460:
  995. DriverUnload patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 93326B31
  996. AddDevice patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 9331C7C0
  997. Handler MJ_CREATE patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 9330863B
  998. Handler MJ_CLOSE patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 9330863B
  999. Handler MJ_DEVICE_CONTROL patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 9330863B
  1000. Handler MJ_INTERNAL_DEVICE_CONTROL patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 9330863B
  1001. Handler MJ_POWER patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 9330863B
  1002. Handler MJ_SYSTEM_CONTROL patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 9330863B
  1003. Handler MJ_PNP patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 93314455
  1004.  
  1005. Shadow SDT: 97495000, limit 339
  1006.  
  1007. Driver MRxSmb DrvObj 8D4915C0:
  1008. FastIOHandler FastIoCheckIfPossible patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 92E63B44
  1009. FastIOHandler FastIoRead patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 92E63FE7
  1010. FastIOHandler FastIoWrite patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 92E6BCD5
  1011. FastIOHandler FastIoDeviceControl patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 92E45A98
  1012. FastIOHandler AcquireForModWrite patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 92E490C9
  1013. FastIOHandler ReleaseForModWrite patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 92E49193
  1014. FastIOHandler AcquireForCcFlush patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 92E41018
  1015. FastIOHandler ReleaseForCcFlush patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 92E41018
  1016. FS_FILTER_CALLBACKS PreAcquireForSectionSynchronization patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 92E640A0
  1017. FS_FILTER_CALLBACKS PreReleaseForSectionSynchronization patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 92E641AA
  1018. Driver C:\Windows\system32\drivers\peauth.sys!.text has 36 patched bytes !
  1019. Driver C:\Windows\system32\drivers\peauth.sys!PAGE has 65 patched bytes !
  1020. Driver C:\Windows\system32\drivers\spsys.sys!CODE_NP has 119 patched bytes !
  1021. Patched ?SPRevision@@3PADA + 4F90
  1022. Driver C:\Windows\system32\drivers\spsys.sys!PAGE has 319FD patched bytes !
  1023.  
  1024. KSecPkg tables:
  1025. gKsecExBuiltinPackages[0].tab 837BC288 (8DFA5140) patched by \SystemRoot\System32\Drivers\ksecdd.sys
  1026. gKsecpBCryptExtension: 8DE79180 \SystemRoot\System32\Drivers\cng.sys
  1027. gKsecpSslExtension: 8DE7920C \SystemRoot\System32\Drivers\cng.sys
  1028. Win32kCallout: 97293491 \SystemRoot\System32\win32k.sys
  1029. SessionStartCallout: 9324B17A \SystemRoot\System32\drivers\dxgkrnl.sys
  1030. RtlpStartThreadFunc: C:\Windows\system32\kernel32.dll (771C9DD5)
  1031. RtlpExitThreadFunc: C:\Windows\system32\kernel32.dll (771C9DC1)
  1032. RtlpUnhandledExceptionFilter: C:\Windows\system32\kernel32.dll (77182B35)
  1033. LdrpManifestProberRoutine: C:\Windows\system32\kernel32.dll (7717172A)
  1034. LdrpCreateActCtxLanguage: C:\Windows\system32\kernel32.dll (771B7074)
  1035. LdrpReleaseActCtx: C:\Windows\system32\kernel32.dll (771691BD)
  1036. UnhandledExceptionFilter: c:\Users\Admin\Desktop\wincheck.exe (01489EC4)
  1037. ConsoleCtrlHandler: C:\Windows\system32\kernel32.dll (771CD2E5)
  1038. Check took 2765 msecs
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!