API tools faq
paste
Guest User

Untitled

a guest
Dec 13th, 2019
370
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 42.88 KB | None | 0 0
raw download clone embed print report
  1. ========================== AUTO DUMP ANALYZER ==========================
  2. Auto Dump Analyzer
  3. Version: 0.9
  4. Time to analyze file(s): 00 hours and 01 minutes and 02 seconds
  5.  
  6. ================================= CPU ==================================
  7. COUNT: 8
  8. MHZ: 4200
  9. VENDOR: GenuineIntel
  10. FAMILY: 6
  11. MODEL: 9e
  12. STEPPING: 9
  13.  
  14. ================================== OS ==================================
  15. Product: WinNt, suite: TerminalServer SingleUserTS
  16. Built by: 17763.1.amd64fre.rs5_release.180914-1434
  17. BUILD_VERSION: 10.0.17763.864 (WinBuild.160101.0800)
  18. BUILD: 17763
  19. SERVICEPACK: 864
  20. PLATFORM_TYPE: x64
  21. NAME: Windows 10
  22. EDITION: Windows 10 WinNt TerminalServer SingleUserTS
  23. BUILD_TIMESTAMP: unknown_date
  24. BUILDDATESTAMP: 160101.0800
  25. BUILDLAB: WinBuild
  26. BUILDOSVER: 10.0.17763.864
  27.  
  28. =============================== DEBUGGER ===============================
  29. Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
  30. Copyright (c) Microsoft Corporation. All rights reserved.
  31.  
  32. =============================== COMMENTS ===============================
  33. * Additional BIOS information (including RAM information) was unreadable
  34. from the first dump file. This can be caused by an outdated BIOS.
  35.  
  36. ========================================================================
  37. ==================== Dump File: 121319-9984-01.dmp =====================
  38. ========================================================================
  39. Mini Kernel Dump File: Only registers and stack trace are available
  40. Windows 10 Kernel Version 17763 MP (8 procs) Free x64
  41. Kernel base = 0xfffff800`15801000 PsLoadedModuleList = 0xfffff800`15c1a710
  42. Debug session time: Fri Dec 13 14:24:09.317 2019 (UTC - 5:00)
  43. System Uptime: 0 days 0:00:13.035
  44.  
  45. BugCheck 50, {ffff9584ecd9c220, 0, fffff80016915a28, 2}
  46. Could not read faulting driver name
  47. *** WARNING: Unable to verify timestamp for win32k.sys
  48. *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
  49. Probably caused by : memory_corruption
  50. Followup: memory_corruption
  51.  
  52. PAGE_FAULT_IN_NONPAGED_AREA (50)
  53. Invalid system memory was referenced. This cannot be protected by try-except.
  54. Typically the address is just plain bad or it is pointing at freed memory.
  55.  
  56. Arguments:
  57. Arg1: ffff9584ecd9c220, memory referenced.
  58. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
  59. Arg3: fffff80016915a28, If non-zero, the instruction address which referenced the bad memory
  60. address.
  61. Arg4: 0000000000000002, (reserved)
  62.  
  63. Debugging Details:
  64. Could not read faulting driver name
  65. DUMP_CLASS: 1
  66. DUMP_QUALIFIER: 400
  67. DUMP_TYPE: 2
  68. READ_ADDRESS: fffff80015d41390: Unable to get MiVisibleState
  69. ffff9584ecd9c220
  70. FAULTING_IP:
  71. CI!SymCryptFdefRawMulMulx+68
  72. fffff800`16915a28 c4e2fbf619 mulx rbx,rax,qword ptr [rcx]
  73. MM_INTERNAL_CODE: 2
  74. CUSTOMER_CRASH_COUNT: 1
  75. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  76. BUGCHECK_STR: AV
  77.  
  78. PROCESS_NAME: System
  79.  
  80. CURRENT_IRQL: 0
  81. TRAP_FRAME: ffffbb8b8f145590 -- (.trap 0xffffbb8b8f145590)
  82. NOTE: The trap frame does not contain all registers.
  83. Some register values may be zeroed or incorrect.
  84. rax=0000000000000000 rbx=0000000000000000 rcx=ffff9584ecd9c220
  85. rdx=5ef041530738a6a2 rsi=0000000000000000 rdi=0000000000000000
  86. rip=fffff80016915a28 rsp=ffffbb8b8f145728 rbp=0000000000000000
  87. r8=ffff9484ecd9c420 r9=0000000000000008 r10=0000000000000000
  88. r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  89. r14=0000000000000000 r15=0000000000000000
  90. iopl=0 nv up ei pl zr na po nc
  91. CI!SymCryptFdefRawMulMulx+0x68:
  92. fffff800`16915a28 c4e2fbf619 mulx rbx,rax,qword ptr [rcx] ds:ffff9584`ecd9c220=????????????????
  93. Resetting default scope
  94. LAST_CONTROL_TRANSFER: from fffff800159f8641 to fffff800159b79c0
  95. STACK_TEXT:
  96. ffffbb8b`8f1452a8 fffff800`159f8641 : 00000000`00000050 ffff9584`ecd9c220 00000000`00000000 ffffbb8b`8f145590 : nt!KeBugCheckEx
  97. ffffbb8b`8f1452b0 fffff800`15896b36 : ffffbb8b`8f145480 ffff8000`00000000 00000000`00000000 ffff9584`ecd9c220 : nt!MiSystemFault+0x193891
  98. ffffbb8b`8f1453f0 fffff800`159c54c9 : 00000800`00000000 ffffedf6`e5213b30 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x1a6
  99. ffffbb8b`8f145590 fffff800`16915a28 : 00000000`00000001 ffff9484`ecd9c620 ffff9484`ecd9c020 ffff9484`e28a90e0 : nt!KiPageFault+0x349
  100. ffffbb8b`8f145728 fffff800`16908a80 : ffff9584`ecd9c220 00000000`00000008 ffff9484`ecd9c420 00000000`00000008 : CI!SymCryptFdefRawMulMulx+0x68
  101. ffffbb8b`8f145770 fffff800`16909c7f : ffff9484`e28a90e0 00000000`00008840 00000000`00000200 fffff800`169088ec : CI!SymCryptFdefModMulMontgomeryMulx+0x30
  102. ffffbb8b`8f1457b0 fffff800`169019ea : ffff9484`e28a9560 00000000`00008c40 ffff9484`e28a9000 ffff9484`ecd9c020 : CI!SymCryptModExpSquareAndMultiply32+0x17f
  103. ffffbb8b`8f145810 fffff800`1690235f : ffff9484`e28a9560 00000000`00008c40 ffff9484`e28a9000 ffff9484`ecd9c020 : CI!SymCryptModExp+0x2e
  104. ffffbb8b`8f145860 fffff800`169024a7 : ffff9484`00000f1e 00000000`72634943 ffff9484`e972e2e0 ffff9484`ecd9c020 : CI!SymCryptRsaCoreEnc+0x113
  105. ffffbb8b`8f145990 fffff800`169a1198 : 00000000`00000000 ffffbb8b`8f145ad9 ffff9484`e28a9000 00000273`977b3c0d : CI!SymCryptRsaPkcs1Verify+0xef
  106. ffffbb8b`8f145a10 fffff800`16953694 : 00000000`00002400 ffffbb8b`8f145b60 ffff0457`00000004 fffff800`169abc68 : CI!HashpVerifyPkcs1Signature+0x21c
  107. ffffbb8b`8f145b20 fffff800`1695450b : 00000000`00000000 ffffbb8b`8f145fe0 00000000`00000000 00000000`00000001 : CI!MinCryptVerifySignedHash+0x19c
  108. ffffbb8b`8f145c70 fffff800`16951a77 : 00000273`977b416d ffffbb8b`00000002 ffff9484`e96a72d0 fffff800`169ac070 : CI!MinCryptVerifyCertificateWithPolicy2+0xabb
  109. ffffbb8b`8f145de0 fffff800`169528ae : ffffbb8b`8f1460c4 ffff9484`e96aec30 00000000`00000000 00000000`00000000 : CI!MinCrypK_VerifySignedDataKModeEx+0x20f
  110. ffffbb8b`8f145ee0 fffff800`16952ae9 : 00000000`c0000225 00000000`c0000225 ffffbb8b`0000000f 00000273`977b24dc : CI!I_MinCryptVerifyRFC3161TimeStamp+0x76
  111. ffffbb8b`8f146070 fffff800`16951d7b : 00000000`00000000 ffff9484`ec7be8e8 00000000`00000000 ffffbb8b`8f1461a0 : CI!I_MinCryptGetSigningTime+0x11d
  112. ffffbb8b`8f146110 fffff800`16939591 : 00000273`977b0000 ffff9484`ec7be890 00000000`00000000 00000000`00000000 : CI!MinCrypK_VerifySignedDataKModeEx+0x513
  113. ffffbb8b`8f146210 fffff800`1693b437 : 00000000`00000004 00000000`000043f0 00000000`000043f0 ffff9484`ec7be890 : CI!I_ParseCatalog+0x85
  114. ffffbb8b`8f1462a0 fffff800`16939344 : 00000000`00000000 00000000`00000108 00000000`000043f0 ffffbb8b`8f1464f0 : CI!I_ParseCatalogAndMapHashes+0x97
  115. ffffbb8b`8f146320 fffff800`1693a013 : ffff9484`00000004 ffff9484`ec7be890 ffff9484`ec7be890 ffffbb8b`8f1464f0 : CI!I_MapCatalog+0x3e4
  116. ffffbb8b`8f146400 fffff800`16939bc1 : 00000000`00000000 ffff9484`e8b56070 ffffbb8b`8f146561 00000000`00000100 : CI!I_ReloadCatalog+0x263
  117. ffffbb8b`8f146480 fffff800`169398ce : 00000000`00000001 00000000`00000000 ffff9484`00000001 00000000`00000000 : CI!I_ReloadCatalogDirectory+0x271
  118. ffffbb8b`8f1465b0 fffff800`16938368 : ffff9484`e256da80 ffff9484`00000001 ffffbb8b`8f146720 00000000`00000004 : CI!I_ReloadCatalogs+0x17a
  119. ffffbb8b`8f146620 fffff800`16938058 : ffffbb8b`8f1469b8 00000000`00000014 ffff9484`e8a9ca80 00000000`00000001 : CI!I_FindFileOrHeaderHashInCatalogs+0x234
  120. ffffbb8b`8f146780 fffff800`16943103 : ffffbb8b`8f146974 ffffbb8b`8f146980 ffffbb8b`8f146970 ffffbb8b`8f1469b0 : CI!MinCrypK_VerifyHashInCatalog+0x110
  121. ffffbb8b`8f146830 fffff800`1693edc7 : ffff9484`e256d620 00000000`00000000 ffff9484`00000001 ffffbb8b`0000002a : CI!CiVerifyFileHashInCatalogs+0x183
  122. ffffbb8b`8f146910 fffff800`169401e8 : ffffbb8b`8f146d10 ffffbb8b`8f146d10 ffffbb8b`00000000 ffffbb8b`8f146d10 : CI!CipFindFileHash+0x2d3
  123. ffffbb8b`8f146a50 fffff800`1693fbd2 : ffff9484`e256d620 ffffd98e`92d641f0 ffffd98e`8867f300 fffff800`72d20000 : CI!CipValidateFileHash+0x258
  124. ffffbb8b`8f146b30 fffff800`1693e0c8 : ffffbb8b`8f146f88 00000000`00000000 ffffd98e`92d641f0 00000000`00000000 : CI!CipValidateImageHash+0xe6
  125. ffffbb8b`8f146c60 fffff800`15eb7fb6 : ffffbb8b`8f146eb0 fffff800`72d20000 00000000`0000000f fffff800`72d20000 : CI!CiValidateImageHeader+0x688
  126. ffffbb8b`8f146df0 fffff800`15eb7af7 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00076000 : nt!SeValidateImageHeader+0xd6
  127. ffffbb8b`8f146ea0 fffff800`15e46666 : 00000000`00000000 fffff800`15e0a78b 00000000`00000000 00000000`00000000 : nt!MiValidateSectionCreate+0x413
  128. ffffbb8b`8f147090 fffff800`15d97474 : ffffd98e`92d641f0 ffffbb8b`8f1471f0 00000000`00000001 ffffbb8b`8f1473d0 : nt!MiValidateSectionSigningPolicy+0xa6
  129. ffffbb8b`8f1470f0 fffff800`15e735ee : ffffd98e`92d641f0 ffffbb8b`8f1473d0 ffffbb8b`8f1473d0 00000000`00000002 : nt!MiCreateNewSection+0x4cc
  130. ffffbb8b`8f147260 fffff800`15e72b2e : ffffbb8b`8f147290 ffff9484`e8ab2920 ffffd98e`92d641f0 00000000`00000000 : nt!MiCreateImageOrDataSection+0x2fe
  131. ffffbb8b`8f147350 fffff800`1585d970 : ffffbb8b`8f147588 00000000`00000000 00000000`ffffffff ffffffff`800020a4 : nt!MiCreateSection+0x10e
  132. ffffbb8b`8f1474d0 fffff800`15e11606 : 00000000`00000000 ffffbb8b`8f1475e9 ffffffff`800020a4 ffff9484`e200b800 : nt!MiCreateSystemSection+0xa0
  133. ffffbb8b`8f147570 fffff800`15e37a32 : fffff800`15c1a710 ffffffff`800020a4 fffff800`15c38f90 ffff9484`00000012 : nt!MiCreateSectionForDriver+0x10e
  134. ffffbb8b`8f147650 fffff800`15eb6ee7 : ffffbb8b`8f1478a8 ffffbb8b`8f1477a0 00000000`00000000 fffff800`00000000 : nt!MiObtainSectionForDriver+0xa6
  135. ffffbb8b`8f1476a0 fffff800`15eb2493 : ffffbb8b`8f1478a8 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmLoadSystemImageEx+0xfb
  136. ffffbb8b`8f147850 fffff800`15eb0a8a : ffffbb8b`8f46a970 00000000`00000000 00000000`00000000 ffffd98e`8867a890 : nt!IopLoadDriver+0x21b
  137. ffffbb8b`8f147a30 fffff800`158ec20a : ffffd98e`00000000 ffffffff`80002028 ffffd98e`8a821040 ffffd98e`00000000 : nt!IopLoadUnloadDriver+0x4a
  138. ffffbb8b`8f147a70 fffff800`158599d5 : ffffd98e`8a821040 ffffd98e`8867f300 ffffd98e`8a821040 000024ed`b59bbfff : nt!ExpWorkerThread+0x16a
  139. ffffbb8b`8f147b10 fffff800`159bee3c : fffff800`146a0180 ffffd98e`8a821040 fffff800`15859980 00000000`00000000 : nt!PspSystemThreadStartup+0x55
  140. ffffbb8b`8f147b60 00000000`00000000 : ffffbb8b`8f148000 ffffbb8b`8f141000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x1c
  141. STACK_COMMAND: kb
  142. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  143. fffff80015822f5d - nt!MmBuildMdlForNonPagedPool+4d
  144. [ f6:ed ]
  145. fffff80015822fba-fffff80015822fbb 2 bytes - nt!MmBuildMdlForNonPagedPool+aa (+0x5d)
  146. [ 80 fa:00 be ]
  147. fffff8001583556c - nt!MiCountSharedPages+ac (+0x125b2)
  148. [ f6:ed ]
  149. fffff800158b3708 - nt!MmMapLockedPagesSpecifyCache+e8 (+0x7e19c)
  150. [ f6:ed ]
  151. fffff80015918801-fffff80015918802 2 bytes - nt!MiInitializeTransitionPfn+21 (+0x650f9)
  152. [ 80 fa:00 be ]
  153. fffff80015975222-fffff80015975223 2 bytes - nt!PpmResetPerformanceAccumulation+32 (+0x5ca21)
  154. [ 48 ff:4c 8b ]
  155. fffff80015975229-fffff8001597522c 4 bytes - nt!PpmResetPerformanceAccumulation+39 (+0x07)
  156. [ 0f 1f 44 00:e8 a2 c3 8f ]
  157. 13 errors : !nt (fffff80015822f5d-fffff8001597522c)
  158. MODULE_NAME: memory_corruption
  159.  
  160. IMAGE_NAME: memory_corruption
  161.  
  162. FOLLOWUP_NAME: memory_corruption
  163. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  164. MEMORY_CORRUPTOR: LARGE
  165. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
  166. BUCKET_ID: MEMORY_CORRUPTION_LARGE
  167. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
  168. TARGET_TIME: 2019-12-13T19:24:09.000Z
  169. SUITE_MASK: 272
  170. PRODUCT_TYPE: 1
  171. USER_LCID: 0
  172. FAILURE_ID_HASH_STRING: km:memory_corruption_large
  173. FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  174. Followup: memory_corruption
  175.  
  176. ========================================================================
  177. ===================== 3RD PARTY DRIVER QUICK LIST ======================
  178. ========================================================================
  179. Aug 02 2010 - AsUpIO.sys - ASUS Update Input Output driver http://www.asus.com/
  180. Oct 17 2011 - PxHlpa64.sys - Sonic CD/DVD driver
  181. May 30 2012 - FNETURPX.SYS - FNet User Proxy driver (FNet Co., Ltd.) http://www.gotofnet.com/
  182. Aug 22 2012 - AsIO.sys - ASUS Input Output driver http://www.asus.com/
  183. Sep 24 2015 - dtlitescsibus.sys - DAEMON Tools Lite Virtual SCSI Bus (Disc Soft Ltd)
  184. Dec 28 2015 - dtliteusbbus.sys - DAEMON Tools Lite Virtual USB Bus (Disc Soft Ltd)
  185. Jun 13 2016 - LGBusEnum.sys - Logitech GamePanel Virtual Bus Enumerator driver http://support.logitech.com/
  186. Jun 13 2016 - LGJoyXlCore.sys - Logitech Gaming Software driver http://support.logitech.com/
  187. Jul 15 2016 - FNETHYRAMAS.SYS - Hybr Ram (FNet Co., Ltd.) http://www.gotofnet.com/
  188. Sep 17 2016 - netfilter2.sys - NetFilter SDK TDI Hook driver (WPP) http://netfiltersdk.com/
  189. Sep 25 2017 - e1d65x64.sys - Intel(R) Gigabit Adapter NDIS 6.x driver https://downloadcenter.intel.com/
  190. Oct 03 2017 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
  191. Oct 12 2017 - iaStorA.sys - Intel SATA Storage Device RAID Controller
  192. Oct 17 2017 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
  193. Aug 16 2018 - nvvhci.sys - Nvidia Virtual USB Host Controller driver http://www.nvidia.com/
  194. Oct 08 2018 - SYMEVENT64x86.SYS - Symantec Event Library https://www.symantec.com/
  195. Mar 14 2019 - nvvad64v.sys - Nvidia Virtual Audio driver http://www.nvidia.com/
  196. Apr 11 2019 - CorsairVBusDriver.sys - Corsair Virtual Device driver (Corsair Utility Engine) http://www.corsair.com/
  197. Apr 11 2019 - CorsairVHidDriver.sys - Corsair Virtual Device driver (Corsair Utility Engine) http://www.corsair.com/
  198. Jun 11 2019 - symnets.sys - Network Security WFP driver https://www.symantec.com/
  199. Jun 21 2019 - nvhda64v.sys - Nvidia HDMI Audio Device http://www.nvidia.com/
  200. Jun 28 2019 - Ironx64.SYS - Symantec Iron driver http://www.symantec.com/
  201. Jul 10 2019 - IDSvia64.sys - Symantec Intrusion Detection IDS Core driver http://www.symantec.com/
  202. Aug 08 2019 - SYMEFASI64.SYS - Symantec Extended File Attributes (SI) https://www.symantec.com/
  203. Sep 11 2019 - eeCtrl64.sys - Symantec Eraser Control driver http://www.symantec.com/
  204. Sep 11 2019 - EraserUtilRebootDrv.sys - Symantec Eraser Utility Reboot driver http://www.symantec.com/
  205. Sep 24 2019 - CorsairGamingAudio64.sys - Corsair Gaming Audio 64-bit driver
  206. Sep 24 2019 - ccSetx64.sys - Common Client Settings driver (Symantec Security Technoligies) http://www.symantec.com/
  207. Sep 26 2019 - BHDrvx64.sys - Norton Security BASH driver http://www.symantec.com/
  208. Oct 09 2019 - SRTSPX64.SYS - Symantec Real Time Storage Protection (PEL) http://www.symantec.com/
  209. Dec 06 2019 - nvlddmkm.sys - Nvidia Graphics Card driver http://www.nvidia.com/
  210.  
  211. ========================================================================
  212. ========================== 3RD PARTY DRIVERS ===========================
  213. ========================================================================
  214. Image path: \SystemRoot\SysWow64\drivers\AsUpIO.sys
  215. Image name: AsUpIO.sys
  216. Search : https://www.google.com/search?q=AsUpIO.sys
  217. ADA Info : ASUS Update Input Output driver http://www.asus.com/
  218. Timestamp : Mon Aug 2 2010
  219.  
  220. Image path: \SystemRoot\System32\Drivers\PxHlpa64.sys
  221. Image name: PxHlpa64.sys
  222. Search : https://www.google.com/search?q=PxHlpa64.sys
  223. ADA Info : Sonic CD/DVD driver
  224. Timestamp : Mon Oct 17 2011
  225.  
  226. Image path: \SystemRoot\System32\drivers\FNETURPX.SYS
  227. Image name: FNETURPX.SYS
  228. Search : https://www.google.com/search?q=FNETURPX.SYS
  229. ADA Info : FNet User Proxy driver (FNet Co., Ltd.) http://www.gotofnet.com/
  230. Timestamp : Wed May 30 2012
  231.  
  232. Image path: \SystemRoot\SysWow64\drivers\AsIO.sys
  233. Image name: AsIO.sys
  234. Search : https://www.google.com/search?q=AsIO.sys
  235. ADA Info : ASUS Input Output driver http://www.asus.com/
  236. Timestamp : Wed Aug 22 2012
  237.  
  238. Image path: \SystemRoot\System32\drivers\dtlitescsibus.sys
  239. Image name: dtlitescsibus.sys
  240. Search : https://www.google.com/search?q=dtlitescsibus.sys
  241. ADA Info : DAEMON Tools Lite Virtual SCSI Bus (Disc Soft Ltd)
  242. Timestamp : Thu Sep 24 2015
  243.  
  244. Image path: \SystemRoot\System32\drivers\dtliteusbbus.sys
  245. Image name: dtliteusbbus.sys
  246. Search : https://www.google.com/search?q=dtliteusbbus.sys
  247. ADA Info : DAEMON Tools Lite Virtual USB Bus (Disc Soft Ltd)
  248. Timestamp : Mon Dec 28 2015
  249.  
  250. Image path: \SystemRoot\system32\drivers\LGBusEnum.sys
  251. Image name: LGBusEnum.sys
  252. Search : https://www.google.com/search?q=LGBusEnum.sys
  253. ADA Info : Logitech GamePanel Virtual Bus Enumerator driver http://support.logitech.com/
  254. Timestamp : Mon Jun 13 2016
  255.  
  256. Image path: \SystemRoot\system32\drivers\LGJoyXlCore.sys
  257. Image name: LGJoyXlCore.sys
  258. Search : https://www.google.com/search?q=LGJoyXlCore.sys
  259. ADA Info : Logitech Gaming Software driver http://support.logitech.com/
  260. Timestamp : Mon Jun 13 2016
  261.  
  262. Image path: \SystemRoot\System32\drivers\FNETHYRAMAS.SYS
  263. Image name: FNETHYRAMAS.SYS
  264. Search : https://www.google.com/search?q=FNETHYRAMAS.SYS
  265. ADA Info : Hybr Ram (FNet Co., Ltd.) http://www.gotofnet.com/
  266. Timestamp : Fri Jul 15 2016
  267.  
  268. Image path: \SystemRoot\system32\drivers\netfilter2.sys
  269. Image name: netfilter2.sys
  270. Search : https://www.google.com/search?q=netfilter2.sys
  271. ADA Info : NetFilter SDK TDI Hook driver (WPP) http://netfiltersdk.com/
  272. Timestamp : Sat Sep 17 2016
  273.  
  274. Image path: \SystemRoot\system32\DRIVERS\e1d65x64.sys
  275. Image name: e1d65x64.sys
  276. Search : https://www.google.com/search?q=e1d65x64.sys
  277. ADA Info : Intel(R) Gigabit Adapter NDIS 6.x driver https://downloadcenter.intel.com/
  278. Timestamp : Mon Sep 25 2017
  279.  
  280. Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
  281. Image name: TeeDriverW8x64.sys
  282. Search : https://www.google.com/search?q=TeeDriverW8x64.sys
  283. ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
  284. Timestamp : Tue Oct 3 2017
  285.  
  286. Image path: \SystemRoot\System32\drivers\iaStorA.sys
  287. Image name: iaStorA.sys
  288. Search : https://www.google.com/search?q=iaStorA.sys
  289. ADA Info : Intel SATA Storage Device RAID Controller
  290. Timestamp : Thu Oct 12 2017
  291.  
  292. Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
  293. Image name: RTKVHD64.sys
  294. Search : https://www.google.com/search?q=RTKVHD64.sys
  295. ADA Info : Realtek Audio System driver https://www.realtek.com/en/
  296. Timestamp : Tue Oct 17 2017
  297.  
  298. Image path: \SystemRoot\System32\drivers\nvvhci.sys
  299. Image name: nvvhci.sys
  300. Search : https://www.google.com/search?q=nvvhci.sys
  301. ADA Info : Nvidia Virtual USB Host Controller driver http://www.nvidia.com/
  302. Timestamp : Thu Aug 16 2018
  303.  
  304. Image path: \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
  305. Image name: SYMEVENT64x86.SYS
  306. Search : https://www.google.com/search?q=SYMEVENT64x86.SYS
  307. ADA Info : Symantec Event Library https://www.symantec.com/
  308. Timestamp : Mon Oct 8 2018
  309.  
  310. Image path: \SystemRoot\system32\drivers\nvvad64v.sys
  311. Image name: nvvad64v.sys
  312. Search : https://www.google.com/search?q=nvvad64v.sys
  313. ADA Info : Nvidia Virtual Audio driver http://www.nvidia.com/
  314. Timestamp : Thu Mar 14 2019
  315.  
  316. Image path: \SystemRoot\System32\drivers\CorsairVBusDriver.sys
  317. Image name: CorsairVBusDriver.sys
  318. Search : https://www.google.com/search?q=CorsairVBusDriver.sys
  319. ADA Info : Corsair Virtual Device driver (Corsair Utility Engine) http://www.corsair.com/
  320. Timestamp : Thu Apr 11 2019
  321.  
  322. Image path: \SystemRoot\System32\drivers\CorsairVHidDriver.sys
  323. Image name: CorsairVHidDriver.sys
  324. Search : https://www.google.com/search?q=CorsairVHidDriver.sys
  325. ADA Info : Corsair Virtual Device driver (Corsair Utility Engine) http://www.corsair.com/
  326. Timestamp : Thu Apr 11 2019
  327.  
  328. Image path: \SystemRoot\System32\drivers\NGCx64\1613090.03F\symnets.sys
  329. Image name: symnets.sys
  330. Search : https://www.google.com/search?q=symnets.sys
  331. ADA Info : Network Security WFP driver https://www.symantec.com/
  332. Timestamp : Tue Jun 11 2019
  333.  
  334. Image path: \SystemRoot\system32\drivers\nvhda64v.sys
  335. Image name: nvhda64v.sys
  336. Search : https://www.google.com/search?q=nvhda64v.sys
  337. ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
  338. Timestamp : Fri Jun 21 2019
  339.  
  340. Image path: \SystemRoot\System32\drivers\NGCx64\1613090.03F\Ironx64.SYS
  341. Image name: Ironx64.SYS
  342. Search : https://www.google.com/search?q=Ironx64.SYS
  343. ADA Info : Symantec Iron driver http://www.symantec.com/
  344. Timestamp : Fri Jun 28 2019
  345.  
  346. Image path: \??\C:\Program Files\Norton Security\NortonData\22.18.0.213\Definitions\IPSDefs\20191212.061\IDSvia64.sys
  347. Image name: IDSvia64.sys
  348. Search : https://www.google.com/search?q=IDSvia64.sys
  349. ADA Info : Symantec Intrusion Detection IDS Core driver http://www.symantec.com/
  350. Timestamp : Wed Jul 10 2019
  351.  
  352. Image path: \SystemRoot\System32\drivers\NGCx64\1613090.03F\SYMEFASI64.SYS
  353. Image name: SYMEFASI64.SYS
  354. Search : https://www.google.com/search?q=SYMEFASI64.SYS
  355. ADA Info : Symantec Extended File Attributes (SI) https://www.symantec.com/
  356. Timestamp : Thu Aug 8 2019
  357.  
  358. Image path: \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
  359. Image name: eeCtrl64.sys
  360. Search : https://www.google.com/search?q=eeCtrl64.sys
  361. ADA Info : Symantec Eraser Control driver http://www.symantec.com/
  362. Timestamp : Wed Sep 11 2019
  363.  
  364. Image path: \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
  365. Image name: EraserUtilRebootDrv.sys
  366. Search : https://www.google.com/search?q=EraserUtilRebootDrv.sys
  367. ADA Info : Symantec Eraser Utility Reboot driver http://www.symantec.com/
  368. Timestamp : Wed Sep 11 2019
  369.  
  370. Image path: \SystemRoot\system32\DRIVERS\CorsairGamingAudio64.sys
  371. Image name: CorsairGamingAudio64.sys
  372. Search : https://www.google.com/search?q=CorsairGamingAudio64.sys
  373. ADA Info : Corsair Gaming Audio 64-bit driver
  374. Timestamp : Tue Sep 24 2019
  375.  
  376. Image path: \SystemRoot\System32\drivers\NGCx64\1613090.03F\ccSetx64.sys
  377. Image name: ccSetx64.sys
  378. Search : https://www.google.com/search?q=ccSetx64.sys
  379. ADA Info : Common Client Settings driver (Symantec Security Technoligies) http://www.symantec.com/
  380. Timestamp : Tue Sep 24 2019
  381.  
  382. Image path: \??\C:\Program Files\Norton Security\NortonData\22.18.0.213\Definitions\BASHDefs\20191210.001\BHDrvx64.sys
  383. Image name: BHDrvx64.sys
  384. Search : https://www.google.com/search?q=BHDrvx64.sys
  385. ADA Info : Norton Security BASH driver http://www.symantec.com/
  386. Timestamp : Thu Sep 26 2019
  387.  
  388. Image path: \SystemRoot\System32\drivers\NGCx64\1613090.03F\SRTSPX64.SYS
  389. Image name: SRTSPX64.SYS
  390. Search : https://www.google.com/search?q=SRTSPX64.SYS
  391. ADA Info : Symantec Real Time Storage Protection (PEL) http://www.symantec.com/
  392. Timestamp : Wed Oct 9 2019
  393.  
  394. Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_77e6900053c33f6f\nvlddmkm.sys
  395. Image name: nvlddmkm.sys
  396. Search : https://www.google.com/search?q=nvlddmkm.sys
  397. ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
  398. Timestamp : Fri Dec 6 2019
  399.  
  400. If any of the above drivers are from Microsoft then please let me know.
  401. I will have them moved to the Microsoft list on the next update.
  402.  
  403. ========================================================================
  404. ========================== MICROSOFT DRIVERS ===========================
  405. ========================================================================
  406. ACPI.sys ACPI Driver for NT (Microsoft)
  407. acpiex.sys ACPIEx Driver (Microsoft)
  408. acpipagr.sys ACPI Processor Aggregator Device driver (Microsoft)
  409. afd.sys Ancillary Function Driver for WinSock (Microsoft)
  410. afunix.sys AF_UNIX Socket Provider driver (Microsoft)
  411. ahcache.sys Application Compatibility Cache (Microsoft)
  412. bam.sys BAM Kernal driver (Microsoft)
  413. BasicDisplay.sys Basic Display driver (Microsoft)
  414. BasicRender.sys Basic Render driver (Microsoft)
  415. Beep.SYS BEEP driver (Microsoft)
  416. BOOTVID.dll VGA Boot Driver (Microsoft)
  417. cdd.dll Canonical Display Driver (Microsoft)
  418. cdrom.sys SCSI CD-ROM Driver (Microsoft)
  419. CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
  420. CI.dll Code Integrity Module (Microsoft)
  421. CLASSPNP.SYS SCSI Class System Dll (Microsoft)
  422. CLFS.SYS Common Log File System Driver (Microsoft)
  423. clipsp.sys CLIP Service (Microsoft)
  424. cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
  425. cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
  426. CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
  427. crashdmp.sys Crash Dump driver (Microsoft)
  428. csc.sys Windows Client Side Caching driver (Microsoft)
  429. dfsc.sys DFS Namespace Client Driver (Microsoft)
  430. disk.sys PnP Disk Driver (Microsoft)
  431. drmk.sys Digital Rights Management (DRM) driver (Microsoft)
  432. dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  433. dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  434. dump_iaStorA.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  435. dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
  436. dxgmms2.sys DirectX Graphics MMS
  437. EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
  438. fastfat.SYS Fast FAT File System Driver (Microsoft)
  439. filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
  440. fileinfo.sys FileInfo Filter Driver (Microsoft)
  441. FLTMGR.SYS Filesystem Filter Manager (Microsoft)
  442. Fs_Rec.sys File System Recognizer Driver (Microsoft)
  443. fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
  444. fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
  445. gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
  446. hal.dll Hardware Abstraction Layer DLL (Microsoft)
  447. HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
  448. HIDCLASS.SYS Hid Class Library (Microsoft)
  449. HIDPARSE.SYS Hid Parsing Library (Microsoft)
  450. hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
  451. intelpep.sys Intel Power Engine Plugin (Microsoft)
  452. intelppm.sys Processor Device Driver (Microsoft)
  453. iorate.sys I/O rate control Filter (Microsoft)
  454. kbdclass.sys Keyboard Class Driver (Microsoft)
  455. kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
  456. kd.dll Local Kernal Debugger (Microsoft)
  457. kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
  458. ks.sys Kernal CSA Library (Microsoft)
  459. ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
  460. ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
  461. ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
  462. luafv.sys LUA File Virtualization Filter Driver (Microsoft)
  463. mcupdate_GenuineIntel.dll Intel Microcode Update Library (Microsoft)
  464. monitor.sys Monitor Driver (Microsoft)
  465. mouclass.sys Mouse Class Driver (Microsoft)
  466. mouhid.sys HID Mouse Filter Driver (Microsoft)
  467. mountmgr.sys Mount Point Manager (Microsoft)
  468. Msfs.SYS Mailslot driver (Microsoft)
  469. msisadrv.sys ISA Driver (Microsoft)
  470. msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
  471. mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
  472. mssmbios.sys System Management BIOS driver (Microsoft)
  473. mup.sys Multiple UNC Provider driver (Microsoft)
  474. ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
  475. NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
  476. netbios.sys NetBIOS Interface driver (Microsoft)
  477. netbt.sys MBT Transport driver (Microsoft)
  478. NETIO.SYS Network I/O Subsystem (Microsoft)
  479. Npfs.SYS NPFS driver (Microsoft)
  480. npsvctrig.sys Named pipe service triggers (Microsoft)
  481. nsiproxy.sys NSI Proxy driver (Microsoft)
  482. Ntfs.sys NT File System Driver (Microsoft)
  483. ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
  484. ntosext.sys NTOS Extension Host driver (Microsoft)
  485. Null.SYS NULL Driver (Microsoft)
  486. pacer.sys QoS Packet Scheduler (Microsoft)
  487. partmgr.sys Partition driver (Microsoft)
  488. pci.sys NT Plug and Play PCI Enumerator (Microsoft)
  489. pcw.sys Performance Counter Driver (Microsoft)
  490. pdc.sys Power Dependency Coordinator Driver (Microsoft)
  491. portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
  492. PSHED.dll Platform Specific Hardware Error driver (Microsoft)
  493. rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
  494. rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
  495. rdyboost.sys ReadyBoost Driver (Microsoft)
  496. serenum.sys Serial Port Enumerator (Microsoft)
  497. serial.sys Serial Device Driver
  498. SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
  499. SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
  500. spaceport.sys Storage Spaces driver (Microsoft)
  501. storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
  502. swenum.sys Plug and Play Software Device Enumerator (Microsoft)
  503. tbs.sys Export driver for kernel mode TPM API (Microsoft)
  504. tcpip.sys TCP/IP Protocol driver (Microsoft)
  505. TDI.SYS TDI Wrapper driver (Microsoft)
  506. tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
  507. tm.sys Kernel Transaction Manager driver (Microsoft)
  508. ucx01000.sys USB Controller Extension (Microsoft)
  509. UEFI.sys UEFI NT driver (Microsoft)
  510. umbus.sys User-Mode Bus Enumerator (Microsoft)
  511. usbaudio.sys USB Audio Class Driver (Microsoft)
  512. usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
  513. USBD.SYS Universal Serial Bus Driver (Microsoft)
  514. UsbHub3.sys USB3 HUB driver (Microsoft)
  515. USBXHCI.SYS USB XHCI driver (Microsoft)
  516. vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
  517. Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
  518. volmgr.sys Volume Manager Driver (Microsoft)
  519. volmgrx.sys Volume Manager Extension Driver (Microsoft)
  520. volsnap.sys Volume Shadow Copy driver (Microsoft)
  521. volume.sys Volume driver (Microsoft)
  522. vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
  523. watchdog.sys Watchdog driver (Microsoft)
  524. wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
  525. Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
  526. WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
  527. werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
  528. wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
  529. win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
  530. win32kbase.sys Base Win32k Kernel Driver (Microsoft)
  531. win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
  532. WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
  533. WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
  534. winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
  535. wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
  536. WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
  537. Wof.sys Windows Overlay Filter (Microsoft)
  538. WppRecorder.sys WPP Trace Recorder (Microsoft)
  539.  
  540. Unloaded modules:
  541. fffff800`2d5a0000 fffff800`2d5bc000 dam.sys
  542. fffff800`2af30000 fffff800`2af39000 MbamElam.sys
  543. fffff800`2af20000 fffff800`2af2b000 SymELAM.sys
  544. fffff800`2ccb0000 fffff800`2ccc0000 hwpolicy.sys
  545.  
  546. ========================================================================
  547. ============================== BIOS INFO ===============================
  548. ========================================================================
  549. sysinfo: could not find necessary interfaces.
  550. sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
  551.  
  552. ========================================================================
  553. ============================== IMAGE SCAN ==============================
  554. ========================================================================
  555. MZ at fffff800`15801000, prot 00000004, type 00020000 - size a6e000
  556. Name: ntoskrnl.exe
  557. MZ at fffff800`16270000, prot 00000040, type 01000000 - size 9d000
  558. Name: HAL.dll
  559. MZ at fffff800`16400000, prot 00000040, type 01000000 - size b000
  560. Name: KD.dll
  561. MZ at fffff800`16600000, prot 00000040, type 01000000 - size 11000
  562. Name: WerLiveKernelApi.dll
  563. MZ at fffff800`1663e000, prot 00000040, type 01000000 - size 62000
  564. Name: msrpc.sys
  565. MZ at fffff800`166a1000, prot 00000040, type 01000000 - size 27000
  566. Name: ntostmhost.dll
  567. MZ at fffff800`166c9000, prot 00000040, type 01000000 - size 6a000
  568. Name: CLFS.SYS
  569. MZ at fffff800`16734000, prot 00000040, type 01000000 - size 18000
  570. Name: PSHED.dll
  571. MZ at fffff800`1674d000, prot 00000040, type 01000000 - size b000
  572. Name: BOOTVID.dll
  573. MZ at fffff800`16759000, prot 00000040, type 01000000 - size 10b000
  574. Name: clipsp.sys
  575. MZ at fffff800`168d6000, prot 00000040, type 01000000 - size e000
  576. Name: cmimcext.dll
  577. MZ at fffff800`168e5000, prot 00000040, type 01000000 - size c000
  578. Name: ntosext.dll
  579. MZ at fffff800`168f2000, prot 00000040, type 01000000 - size d4000
  580. Name: CI.dll
  581. MZ at fffff800`169c7000, prot 00000040, type 01000000 - size b8000
  582. Name: cng.sys
  583. MZ at fffff800`2ac00000, prot 00000040, type 01000000 - size 70000
  584. Name: FLTMGR.SYS
  585. MZ at fffff800`2ac80000, prot 00000040, type 01000000 - size d1000
  586. Name: Wdf01000.exe
  587. MZ at fffff800`2ad60000, prot 00000040, type 01000000 - size 13000
  588. Name: WDFLDR.SYS
  589. MZ at fffff800`2ad80000, prot 00000040, type 01000000 - size 10000
  590. Name: WppRecorder.sys
  591. MZ at fffff800`2ada0000, prot 00000040, type 01000000 - size f000
  592. Name: SleepStudyHelper.sys
  593. MZ at fffff800`2adb0000, prot 00000040, type 01000000 - size 24000
  594. Name: acpiex.exe
  595. MZ at fffff800`2ade0000, prot 00000040, type 01000000 - size 3f000
  596. Name: mssecflt.exe
  597. MZ at fffff800`2ae20000, prot 00000040, type 01000000 - size 1a000
  598. Name: SgrmAgent.exe
  599. MZ at fffff800`2ae40000, prot 00000040, type 01000000 - size c8000
  600. Name: ACPI.SYS
  601. MZ at fffff800`2af10000, prot 00000040, type 01000000 - size c000
  602. Name: WMILIB.SYS
  603. MZ at fffff800`2af40000, prot 00000040, type 01000000 - size 43000
  604. Name: intelpep.exe
  605. MZ at fffff800`2af90000, prot 00000040, type 01000000 - size 16000
  606. Name: WindowsTrustedRT.exe
  607. MZ at fffff800`2afb0000, prot 00000040, type 01000000 - size b000
  608. Name: WindowsTrustedRTProxy.exe
  609. MZ at fffff800`2afc0000, prot 00000040, type 01000000 - size 14000
  610. Name: pcw.exe
  611. MZ at fffff800`2b000000, prot 00000040, type 01000000 - size b000
  612. Name: msisadrv.exe
  613. MZ at fffff800`2b010000, prot 00000040, type 01000000 - size 6b000
  614. Name: pci.exe
  615. MZ at fffff800`2b080000, prot 00000040, type 01000000 - size 12000
  616. Name: vdrvroot.exe
  617. MZ at fffff800`2b0a0000, prot 00000040, type 01000000 - size 2e000
  618. Name: PDC.exe
  619. MZ at fffff800`2b0d0000, prot 00000040, type 01000000 - size 19000
  620. Name: CEA.sys
  621. MZ at fffff800`2b0f0000, prot 00000040, type 01000000 - size 2f000
  622. Name: partmgr.exe
  623. MZ at fffff800`2b120000, prot 00000040, type 01000000 - size a8000
  624. Name: spaceport.exe
  625. MZ at fffff800`2b1d0000, prot 00000040, type 01000000 - size 19000
  626. Name: volmgr.exe
  627. MZ at fffff800`2b1f0000, prot 00000040, type 01000000 - size 63000
  628. Name: volmgrx.exe
  629. MZ at fffff800`2b260000, prot 00000040, type 01000000 - size 1f000
  630. Name: mountmgr.exe
  631. MZ at fffff800`2b280000, prot 00000040, type 01000000 - size 1c000
  632. Name: EhStorClass.exe
  633. MZ at fffff800`2b2a0000, prot 00000040, type 01000000 - size 1a000
  634. Name: fileinfo.exe
  635. MZ at fffff800`2b2c0000, prot 00000040, type 01000000 - size 3e000
  636. Name: wof.exe
  637. MZ at fffff800`2b310000, prot 00000040, type 01000000 - size 4f000
  638. Name: rdyboost.exe
  639. MZ at fffff800`2b360000, prot 00000040, type 01000000 - size 25000
  640. Name: MUP.SYS
  641. MZ at fffff800`2b390000, prot 00000040, type 01000000 - size 1c000
  642. Name: disk.exe
  643. MZ at fffff800`2b3b0000, prot 00000040, type 01000000 - size 6f000
  644. Name: CLASSPNP.SYS
  645. MZ at fffff800`2b420000, prot 00000040, type 01000000 - size 1c000
  646. Name: CRASHDMP.SYS
  647. MZ at fffff800`2b440000, prot 00000040, type 01000000 - size 2e000
  648. Name: cdrom.exe
  649. MZ at fffff800`2b4b0000, prot 00000040, type 01000000 - size 15000
  650. Name: filecrypt.exe
  651. MZ at fffff800`2b4d0000, prot 00000040, type 01000000 - size e000
  652. Name: tbs.sys
  653. MZ at fffff800`2b560000, prot 00000040, type 01000000 - size 1f3000
  654. Name: mcupdate_GenuineIntel.exe
  655. MZ at fffff800`2b760000, prot 00000040, type 01000000 - size 2b000
  656. Name: ksecdd.sys
  657. MZ at fffff800`2b790000, prot 00000040, type 01000000 - size a000
  658. Name: null.exe
  659. MZ at fffff800`2b7a0000, prot 00000040, type 01000000 - size a000
  660. Name: beep.exe
  661. MZ at fffff800`2b800000, prot 00000040, type 01000000 - size 9b000
  662. Name: storport.sys
  663. MZ at fffff800`2c400000, prot 00000040, type 01000000 - size 153000
  664. Name: NDIS.SYS
  665. MZ at fffff800`2c560000, prot 00000040, type 01000000 - size 95000
  666. Name: NETIO.SYS
  667. MZ at fffff800`2c600000, prot 00000040, type 01000000 - size 32000
  668. Name: ksecpkg.exe
  669. MZ at fffff800`2c640000, prot 00000040, type 01000000 - size 2d9000
  670. Name: TCPIP.SYS
  671. MZ at fffff800`2c920000, prot 00000040, type 01000000 - size 78000
  672. Name: fwpkclnt.sys
  673. MZ at fffff800`2c9a0000, prot 00000040, type 01000000 - size 30000
  674. Name: wfplwfs.exe
  675. MZ at fffff800`2cbd0000, prot 00000040, type 01000000 - size c8000
  676. Name: fvevol.exe
  677. MZ at fffff800`2cca0000, prot 00000040, type 01000000 - size b000
  678. Name: volume.exe
  679. MZ at fffff800`2ccd0000, prot 00000040, type 01000000 - size 28d000
  680. Name: ntfs.exe
  681. MZ at fffff800`2cf60000, prot 00000040, type 01000000 - size d000
  682. Name: fs_rec.exe
  683. MZ at fffff800`2cf70000, prot 00000040, type 01000000 - size 6d000
  684. Name: volsnap.exe
  685. MZ at fffff800`2cfe0000, prot 00000040, type 01000000 - size 11000
  686. Name: iorate.exe
  687. MZ at fffff800`2d000000, prot 00000040, type 01000000 - size a6000
  688. Name: afd.exe
  689. MZ at fffff800`2d0b0000, prot 00000040, type 01000000 - size 1a000
  690. Name: vwififlt.SYS
  691. MZ at fffff800`2d0d0000, prot 00000040, type 01000000 - size 2b000
  692. Name: pacer.exe
  693. MZ at fffff800`2d100000, prot 00000040, type 01000000 - size 14000
  694. Name: netbios.exe
  695. MZ at fffff800`2d120000, prot 00000040, type 01000000 - size 7a000
  696. Name: rdbss.sys
  697. MZ at fffff800`2d1a0000, prot 00000040, type 01000000 - size 94000
  698. Name: csc.exe
  699. MZ at fffff800`2d2f0000, prot 00000040, type 01000000 - size 12000
  700. Name: nsiproxy.exe
  701. MZ at fffff800`2d310000, prot 00000040, type 01000000 - size d000
  702. Name: NpSvcTrig.exe
  703. MZ at fffff800`2d320000, prot 00000040, type 01000000 - size 10000
  704. Name: mssmbios.exe
  705. MZ at fffff800`2d4b0000, prot 00000040, type 01000000 - size a000
  706. Name: gpuenergydrv.exe
  707. MZ at fffff800`2d570000, prot 00000040, type 01000000 - size 2c000
  708. Name: dfsc.exe
  709. MZ at fffff800`2d5c0000, prot 00000040, type 01000000 - size 6b000
  710. Name: fastfat.exe
  711. MZ at fffff800`2d730000, prot 00000040, type 01000000 - size 33b000
  712. Name: dxgkrnl.sys
  713. MZ at fffff800`2da70000, prot 00000040, type 01000000 - size 16000
  714. Name: watchdog.sys
  715. MZ at fffff800`2da90000, prot 00000040, type 01000000 - size 16000
  716. Name: BasicDisplay.exe
  717. MZ at fffff800`2dab0000, prot 00000040, type 01000000 - size 11000
  718. Name: BasicRender.exe
  719. MZ at fffff800`2dad0000, prot 00000040, type 01000000 - size 1c000
  720. Name: npfs.exe
  721. MZ at fffff800`2daf0000, prot 00000040, type 01000000 - size 11000
  722. Name: msfs.exe
  723. MZ at fffff800`2db10000, prot 00000040, type 01000000 - size 27000
  724. Name: tdx.exe
  725. MZ at fffff800`2db40000, prot 00000040, type 01000000 - size 10000
  726. Name: TDI.SYS
  727. MZ at fffff800`2db80000, prot 00000040, type 01000000 - size 51000
  728. Name: netbt.exe
  729. MZ at fffff800`2dbe0000, prot 00000040, type 01000000 - size 13000
  730. Name: afunix.dll
  731. MZ at fffff800`2dc20000, prot 00000040, type 01000000 - size 4e000
  732. Name: ahcache.exe
  733. MZ at fffff800`2dc70000, prot 00000040, type 01000000 - size 84000
  734. Name: Vid.exe
  735. MZ at fffff800`2dd00000, prot 00000040, type 01000000 - size 1e000
  736. Name: winhvr.sys
  737. MZ at fffff800`2dd20000, prot 00000040, type 01000000 - size 11000
  738. Name: CompositeBus.exe
  739. MZ at fffff800`2dd40000, prot 00000040, type 01000000 - size d000
  740. Name: kdnic.sys
  741. MZ at fffff800`2dd50000, prot 00000040, type 01000000 - size 15000
  742. Name: UmBus.exe
  743. MZ at fffff800`2e5e0000, prot 00000040, type 01000000 - size 14000
  744. Name: bam.exe
  745. MZ at fffff800`2e620000, prot 00000040, type 01000000 - size 1d000
  746. Name: DUMPFVE.SYS
  747. MZ at fffff800`2e640000, prot 00000040, type 01000000 - size d7000
  748. Name: dxgmms2.sys
  749. MZ at fffff800`2e720000, prot 00000040, type 01000000 - size 18000
  750. Name: monitor.exe
  751. MZ at fffff800`2e740000, prot 00000004, type 00020000 - size 29000
  752. Name: luafv.exe
  753. MZ at fffff800`2e770000, prot 00000004, type 00020000 - size 2d000
  754. Name: wcifs.exe
  755. MZ at fffff800`2fe00000, prot 00000040, type 01000000 - size 78000
  756. Name: usbxhci.exe
  757. MZ at fffff800`2fe80000, prot 00000040, type 01000000 - size 3f000
  758. Name: ucx01000.exe
  759. MZ at fffff800`2ff00000, prot 00000040, type 01000000 - size 1c000
  760. Name: serial.exe
  761. MZ at fffff800`2ff20000, prot 00000040, type 01000000 - size f000
  762. Name: SerEnum.exe
  763. MZ at fffff800`2ffc0000, prot 00000040, type 01000000 - size c000
  764. Name: wmiacpi.exe
  765. MZ at fffff800`2ffd0000, prot 00000040, type 01000000 - size 3e000
  766. Name: intelppm.exe
  767. MZ at fffff800`30010000, prot 00000040, type 01000000 - size b000
  768. Name: acpipagr.exe
  769. MZ at fffff800`30020000, prot 00000040, type 01000000 - size e000
  770. Name: UEFI.SYS
  771. MZ at fffff800`30050000, prot 00000040, type 01000000 - size f000
  772. Name: ksthunk.exe
  773. MZ at fffff800`30090000, prot 00000040, type 01000000 - size d000
  774. Name: NdisVirtualBus.exe
  775. MZ at fffff800`300a0000, prot 00000040, type 01000000 - size c000
  776. Name: swenum.exe
  777. MZ at fffff800`300f0000, prot 00000040, type 01000000 - size e000
  778. Name: rdpbus.exe
  779. MZ at fffff800`30110000, prot 00000040, type 01000000 - size 3b000
  780. Name: HIDCLASS.SYS
  781. MZ at fffff800`30150000, prot 00000040, type 01000000 - size 13000
  782. Name: HIDPARSE.SYS
  783. MZ at fffff800`301b0000, prot 00000040, type 01000000 - size 93000
  784. Name: usbhub3.sys
  785. MZ at fffff800`30250000, prot 00000040, type 01000000 - size e000
  786. Name: USBD.SYS
  787. MZ at fffff800`30260000, prot 00000040, type 01000000 - size 11000
  788. Name: kbdhid.exe
  789. MZ at fffff800`30280000, prot 00000040, type 01000000 - size 13000
  790. Name: kbdclass.exe
  791. MZ at fffff800`308a0000, prot 00000040, type 01000000 - size 31000
  792. Name: usbccgp.exe
  793. MZ at fffff800`308e0000, prot 00000040, type 01000000 - size 12000
  794. Name: hidusb.exe
  795. MZ at fffff800`30900000, prot 00000040, type 01000000 - size f000
  796. Name: mouhid.exe
  797. MZ at fffff800`30910000, prot 00000040, type 01000000 - size 13000
  798. Name: mouclass.exe
  799. MZ at fffff800`30930000, prot 00000040, type 01000000 - size 35000
  800. Name: USBAudio.exe
  801. MZ at fffff800`30c00000, prot 00000040, type 01000000 - size f000
  802. Name: SYS.exe
  803. MZ at fffff800`32450000, prot 00000040, type 01000000 - size 1f000
  804. Name: hdaudbus.exe
  805. MZ at fffff800`32470000, prot 00000040, type 01000000 - size 65000
  806. Name: portcls.sys
  807. MZ at fffff800`32510000, prot 00000040, type 01000000 - size 75000
  808. Name: ks.sys
  809. MZ at fffff800`72d20000, prot 00000004, type 00020000
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!