Tracking down an unknown driver

The always informative Mark Russinovich (you may have heard of him – he pretty much broke the Sony DRM malware story) has a brief but detailed article on how he tracked down an unknown driver on his system and why he noticed it in the first place.

The other day I used Process Explorer to examine the drivers loaded on a home system to see if I’d picked up any Sony or Starforce-like digital rights management (DRM) device drivers. The DLL view of the System process, which reports the currently loaded drivers and kernel-mode modules (such as the Hardware Abstraction Layer – HAL), listed mostly Microsoft operating system drivers and drivers associated with the DVD burning software I have installed, but one entry, Asctrm.sys caught my attention because its company information is “Windows (R) 2000 DDK provider”

[tags]Driver tracking, DRM[/tags]