Same as last time, waited over an hour for it to build the file directories before canceling.
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>SSDT State
==============================================
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x86741020 [340] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x864F0BD0 [440] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x877BD918 [516] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x855B3448 [524] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x877CEA10 [568] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x877ECD40 [608] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x877EB530 [616] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x877ED080 [624] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x8783B660 [756] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x878916C8 [836] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x878BC2D0 [884] C:\Windows\System32\atiesrxx.exe (AMD, AMD External Events Service Module)
0x878C3838 [956] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x878DCB18 [1012] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x879521C0 [1056] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x879A73E8 [1204] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x879A5D40 [1316] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x879BF8F0 [1372] C:\Windows\System32\atieclxx.exe (AMD, AMD External Events Client Module)
0xBA5FA030 [1492] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
0x875D0030 [1500] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x875DF030 [1528] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x879F28B0 [1616] C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET, ESET Service)
0x875CF8F0 [1708] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87556968 [1772] C:\Windows\System32\sppsvc.exe (Microsoft Corporation, Microsoft Software Protection Platform Service)
0x87879D40 [2068] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86484D40 [2272] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87C19418 [2284] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x87C1E830 [2308] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x87BA79D0 [2316] C:\Windows\System32\taskhost.exe (Microsoft Corporation, Host Process for Windows Tasks)
0x86373590 [2668] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA, VIA HD Audio CPL)
0x867F0C30 [2680] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET, ESET GUI)
0x87CFE6C8 [2704] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation, GrooveMonitor Utility)
0x87D1A030 [2720] C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation, XBoxStat.exe)
0x87CBA9B8 [2796] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation, Windows Live Device Manager Executable)
0x85C3E360 [2808] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated, AAM Updates Notifier Application)
0x878ED7C8 [2836] C:\Windows\iPScan.exe ( iPassion Technology Inc., iPScan)
0x87B12B60 [2872] C:\Program Files\RocketDock\RocketDock.exe
0x877E9030 [2900] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd, DAEMON Tools Lite)
0x87F0BD40 [2956] C:\Windows\System32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x87DC49A8 [2976] C:\Program Files\PowerMenu\PowerMenu.exe (Thong Nguyen, PowerMenu)
0xBA4FE030 [3056] C:\Windows\System32\SearchProtocolHost.exe (Microsoft Corporation, Microsoft Windows Search Protocol Host)
0x87D59D40 [3224] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0xB4DD3A68 [3384] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0xBA576030 [3436] C:\Windows\System32\SearchFilterHost.exe (Microsoft Corporation, Microsoft Windows Search Filter Host)
0x869D1D40 [3676] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xB4DD4030 [3704] C:\Users\Nathan\Downloads\RkU3.8.388.590\MustBeRandomlyNamed\U57ar.exe (UG North, RKULE, SR2 Normandy)
0x876CF730 [3800] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x87B9CAB8 [3968] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x85504510 [4] System
==============================================
>Drivers
==============================================
0x91032000 C:\Windows\system32\DRIVERS\atikmdag.sys 5328896 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82A04000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82A04000 PnpManager 4259840 bytes
0x82A04000 RAW 4259840 bytes
0x82A04000 WMIxWDM 4259840 bytes
0x98500000 Win32k 2400256 bytes
0x98500000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8BC31000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8B8A0000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x83607000 PCI_PNP5019 995328 bytes
0x83607000 C:\Windows\System32\Drivers\spms.sys 995328 bytes
0x83607000 sptd 995328 bytes
0x968D7000 C:\Windows\system32\drivers\viahduaa.sys 905216 bytes (VIA Technologies, Inc., VIA High Definition Audio Function Driver)
0x81EC9000 C:\Windows\system32\DRIVERS\eamon.sys 835584 bytes (ESET, Amon monitor)
0x91547000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8BA74000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x83473000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9EA0F000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x99831000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8351E000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9EB7E000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
0x908AF000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8BA00000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8BF71000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9EB2D000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x9EADE000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x987B0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9181F000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8359D000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x83729000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9680A000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83431000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x9084E000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x99999000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
0x8BDB4000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8BB2B000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x81E11000 C:\Windows\System32\Drivers\iP293x.sys 245760 bytes (iPassion Technology Inc., iPassion Serial Bus Camera Driver)
0x99904000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x918AE000 C:\Windows\System32\Drivers\aa48ry8n.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x9096C000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82E14000 ACPI_HAL 225280 bytes
0x82E14000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8B85B000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x909C9000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8BBA6000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8BFCB000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8BD7A000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9688F000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8BC00000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8B9CF000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x9996F000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x83784000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x96869000 C:\Windows\system32\drivers\AtiHdmi.sys 155648 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0x83703000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8BE3B000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8BB69000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x909A5000 C:\Windows\system32\DRIVERS\Rtlh86.sys 147456 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x8B82F000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x81FAF000 C:\Windows\system32\DRIVERS\epfw.sys 143360 bytes (ESET, ESET Personal Firewall driver)
0x998E1000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9193D000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9EAB0000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x90939000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8BEF0000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8BE9A000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x91000000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8BE07000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x98790000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8BEC7000 C:\Windows\system32\DRIVERS\ehdrv.sys 118784 bytes (ESET, ESET Helper driver)
0x81EAE000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9993F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8B813000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x81F95000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x998B6000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x968BE000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x90913000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x91884000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x9191A000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9195F000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x91977000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9198E000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8BF4F000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x969BE000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x81E5B000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x835E8000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x969E2000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8B800000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x81FE2000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8BBE9000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x91908000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x9095A000 C:\Windows\system32\DRIVERS\amdk8.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x998CF000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8BBD8000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x81E9D000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8B88F000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x96858000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x837AE000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x83418000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x81FD2000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8BB8E000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x90830000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x837BF000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x9186A000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x91800000 C:\Windows\system32\DRIVERS\xusb21.sys 61440 bytes (Microsoft Corporation, Windows Common Controller)
0x9092B000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x99961000 C:\Windows\system32\DRIVERS\epfwwfp.sys 57344 bytes (ESET, ESET Personal Firewall driver)
0x8BE26000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8BF41000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x837D6000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8BA5D000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x90840000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x81E4D000 C:\Windows\System32\Drivers\STREAM.SYS 57344 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0x919D7000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8358F000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x918F0000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x81E7C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x919BB000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x919C8000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9EAD1000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8BF11000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x908A3000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x919E5000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x919A5000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0x8BEE4000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x81E89000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x918FD000 C:\Windows\system32\DRIVERS\Epfwndis.sys 45056 bytes (ESET, ESET Personal Firewall NDIS filter)
0x91879000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x969D7000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8340D000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0x81E71000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x919F1000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8BF36000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91932000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8BF66000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x83779000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x969B4000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x9684E000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0x90899000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9088F000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x919B1000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9EAA6000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x918A4000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x9101F000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8B852000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x837EB000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x81E94000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8BA6B000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9EBF4000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x98760000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8BDAB000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x918E7000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x836FA000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x9189C000 C:\Windows\system32\DRIVERS\ASACPI.sys 32768 bytes (-, ATK0110 ACPI Utility)
0x8BE60000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (ATI Technologies Inc., ATI PCIE Driver for ATI PCIE chipset)
0x83429000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8BB9E000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x83771000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8BF1E000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8BF26000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8BF2E000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8BDF3000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x837E4000 C:\Windows\system32\DRIVERS\amdide.sys 28672 bytes (Advanced Micro Devices, AMD PCI SATA/IDE Bus Driver)
0x8BEC0000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x969F5000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8BEB9000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9995A000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x837CF000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8BE00000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x9EBE8000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x8BDFB000 C:\Windows\system32\speedfan.sys 8192 bytes (Windows (R) 2000 DDK provider, SpeedFan Device Driver)
0x919D5000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x969D5000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8BC2D000 C:\Windows\system32\giveio.sys 4096 bytes
0x855441F8 unknown_irp_handler 3592 bytes
0x857881F8 unknown_irp_handler 3592 bytes
0x858581F8 unknown_irp_handler 3592 bytes
0x855421F8 unknown_irp_handler 3592 bytes
0x855431F8 unknown_irp_handler 3592 bytes
0x867991F8 unknown_irp_handler 3592 bytes
0x864CB1F8 unknown_irp_handler 3592 bytes
0x855401F8 unknown_irp_handler 3592 bytes
0x8679D1F8 unknown_irp_handler 3592 bytes
0x876DB1F8 unknown_irp_handler 3592 bytes
0x867291F8 unknown_irp_handler 3592 bytes
0x868B3500 unknown_irp_handler 2816 bytes
0x86706500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
0x86665F53 Unknown page with executable code, 173 bytes
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
0x865BDE44 Unknown page with executable code, 444 bytes
0x865C5D66 Unknown page with executable code, 666 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
[1616]ekrn.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x76D83162-->00000000 [unknown_code_page]
[2384]lol.launcher.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[2384]lol.launcher.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[2384]lol.launcher.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0044528C-->00000000 [apphelp.dll]
[2384]lol.launcher.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[2384]lol.launcher.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[2652]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x771BF585-->00000000 [firefox.exe]
[2652]firefox.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x75673BED-->00000000 [unknown_code_page]
[2652]firefox.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x756747DF-->00000000 [unknown_code_page]
[2652]firefox.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x7567C4C8-->00000000 [unknown_code_page]
[2652]firefox.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x7567C29F-->00000000 [unknown_code_page]
[2652]firefox.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x756768A7-->00000000 [unknown_code_page]
[2920]LolClient.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[2920]LolClient.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[2920]LolClient.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00402004-->00000000 [apphelp.dll]
[2920]LolClient.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[2920]LolClient.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[956]svchost.exe-->kernel32.dll-->ActivateActCtx, Type: IAT modification 0x010010A0-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->CloseHandle, Type: IAT modification 0x0100105C-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->CreateActCtxW, Type: IAT modification 0x010010D0-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->DeactivateActCtx, Type: IAT modification 0x01001098-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->DelayLoadFailureHook, Type: IAT modification 0x01001060-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->ExitProcess, Type: IAT modification 0x010010DC-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->ExpandEnvironmentStringsW, Type: IAT modification 0x010010D4-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->FreeLibrary, Type: IAT modification 0x0100106C-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->GetCommandLineW, Type: IAT modification 0x010010D8-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->GetLastError, Type: IAT modification 0x01001068-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x01001084-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001064-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->GetProcessHeap, Type: IAT modification 0x010010EC-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->GetSystemTimeAsFileTime, Type: IAT modification 0x01001090-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->GetTickCount, Type: IAT modification 0x0100108C-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->HeapFree, Type: IAT modification 0x010010FC-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->HeapSetInformation, Type: IAT modification 0x010010B8-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->InterlockedCompareExchange, Type: IAT modification 0x01001070-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->InterlockedExchange, Type: IAT modification 0x01001078-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->LCMapStringW, Type: IAT modification 0x010010C4-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x01001074-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100109C-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->LocalAlloc, Type: IAT modification 0x01001058-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->LocalFree, Type: IAT modification 0x010010F8-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->lstrcmpiW, Type: IAT modification 0x010010BC-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->lstrcmpW, Type: IAT modification 0x010010A8-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->lstrlenW, Type: IAT modification 0x010010C0-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->QueryPerformanceCounter, Type: IAT modification 0x01001088-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->RegCloseKey, Type: IAT modification 0x010010B0-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->RegDisablePredefinedCacheEx, Type: IAT modification 0x010010E4-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->RegisterWaitForSingleObjectEx, Type: IAT modification 0x010010F4-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->RegOpenKeyExW, Type: IAT modification 0x010010B4-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->RegQueryValueExW, Type: IAT modification 0x010010C8-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->ReleaseActCtx, Type: IAT modification 0x010010CC-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->SetErrorMode, Type: IAT modification 0x010010F0-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->SetProcessAffinityUpdateMode, Type: IAT modification 0x010010E0-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x01001080-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x0100107C-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->UnhandledExceptionFilter, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: IAT modification 0x01001100-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->EtwEventEnabled, Type: IAT modification 0x01001138-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->EtwEventRegister, Type: IAT modification 0x0100113C-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->EtwEventWrite, Type: IAT modification 0x01001134-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: IAT modification 0x0100110C-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->RtlCopySid, Type: IAT modification 0x0100111C-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->RtlFreeHeap, Type: IAT modification 0x01001140-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->RtlImageNtHeader, Type: IAT modification 0x0100112C-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->RtlInitializeCriticalSection, Type: IAT modification 0x01001124-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->RtlInitializeSid, Type: IAT modification 0x01001118-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->RtlLengthRequiredSid, Type: IAT modification 0x01001110-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->RtlSetProcessIsCritical, Type: IAT modification 0x01001128-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->RtlSubAuthorityCountSid, Type: IAT modification 0x01001120-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->RtlSubAuthoritySid, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->RtlUnhandledExceptionFilter, Type: IAT modification 0x01001130-->00000000 [unknown_code_page]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)