Jump to content

malware issue...


Recommended Posts

hi,

i've been dealing with some strange issues on my desktop recently. I have read through the posting guidelines and attached the two required logs. The scan ran by maleware bytes came up with some interesting results so i decided to follow up with the dds scan. After running the malewarebytes scan my computer will not shut down unless i power it off, but there are other issues involving speed and security that i assume i can contribute to malware. I am running vista sp2 on a dell dimension if it helps at all. thank you so much for your help

attach.txt

dds.txt

Link to post
Share on other sites

sorry, here are the logs. what's weird is that the first couple times that i ran malwarebytes there were something like 35 items, but this one didnt have any. Also, those last time that i used it I wasn't able to properly shutdown the computer as it would just say shutting down for hours on end until i had to power it down using the power button. Anyways, here are the logs and thanks for your help

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16455

Run by Catherine at 23:42:55 on 2012-12-18

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1224 [GMT -5:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\SLsvc.exe

C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe

C:\Windows\system32\DllHost.exe

C:\Windows\System32\alg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k SDRSVC

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

mWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\6.4.0.9\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\6.4.0.9\ips\ipsbho.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\6.4.0.9\coieplg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\6.4.0.9\coieplg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{558F724F-1BA3-462A-AE45-6C4F05BD3B1D} : DHCPNameServer = 192.168.1.1

Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604000.009\symds.sys [2012-10-12 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604000.009\symefa.sys [2012-10-12 924320]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]

R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\0604000.009\ccsetx86.sys [2012-10-12 132768]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\ipsdefs\20121215.001\IDSvix86.sys [2012-12-18 386720]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604000.009\ironx86.sys [2012-10-12 149624]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0604000.009\symtdiv.sys [2012-10-12 345208]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-17 21504]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-17 399432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-17 676936]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\6.4.0.9\ccsvchst.exe [2012-10-12 138272]

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-12 106656]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-17 22856]

S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-7-9 80824]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-7-30 181344]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2012-7-8 770008]

S4 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]

.

=============== Created Last 30 ================

.

2012-12-17 17:43:55 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-17 17:43:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-16 22:01:08 -------- d-----w- c:\users\catherine\appdata\roaming\Malwarebytes

2012-12-16 22:00:08 -------- d-----w- c:\programdata\Malwarebytes

2012-12-14 20:36:40 34944 ----a-w- c:\windows\system32\drivers\winusb.sys

2012-12-14 20:06:20 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-14 20:01:22 2048 ----a-w- c:\windows\system32\tzres.dll

.

==================== Find3M ====================

.

2012-10-12 14:29:30 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-09-25 16:19:41 75776 ----a-w- c:\windows\system32\synceng.dll

.

============= FINISH: 23:43:46.75 ===============

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.17.08

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Catherine :: CATHY-PC [administrator]

Protection: Enabled

12/18/2012 11:26:38 PM

mbam-log-2012-12-18 (23-26-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 259122

Time elapsed: 13 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Staff

Hello,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.

-screen317

Link to post
Share on other sites

Good morning, i fell asleep waiting for combofix to run last night but was able to retrieve the log this morning. It seems to have run through fine(took a while), but i noticed that there was an internet explorer icon on my desktop this morning that wasn't there before combofix ran last night. I just though I should note that to you. Here are the logs, and thank you again for all your help.

ComboFix 12-12-17.02 - Catherine 12/19/2012 1:00.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1074 [GMT -5:00]

Running from: c:\users\Catherine\Desktop\ComboFix.exe

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\SPL150B.tmp

c:\programdata\SPL1ECC.tmp

c:\programdata\SPL20D3.tmp

c:\programdata\SPL2605.tmp

c:\programdata\SPL3A6.tmp

c:\programdata\SPL5733.tmp

c:\programdata\SPL5864.tmp

c:\programdata\SPL6A46.tmp

c:\programdata\SPL71B7.tmp

c:\programdata\SPL7290.tmp

c:\programdata\SPL7E81.tmp

c:\programdata\SPL8249.tmp

c:\programdata\SPL831F.tmp

c:\programdata\SPL9548.tmp

c:\programdata\SPL9DE3.tmp

c:\programdata\SPLB29C.tmp

c:\programdata\SPLC255.tmp

c:\programdata\SPLD116.tmp

c:\programdata\SPLD613.tmp

c:\users\Cathy\GoToAssistDownloadHelper.exe

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\muzapp.exe

c:\windows\system32\tmpD0A6.tmp

c:\windows\system32\tmpD50B.tmp

c:\windows\system32\tmpD588.tmp

c:\windows\system32\tmpD9FC.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-11-19 to 2012-12-19 )))))))))))))))))))))))))))))))

.

.

2012-12-19 06:33 . 2012-12-19 06:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-19 06:33 . 2012-12-19 06:38 -------- d-----w- c:\users\Catherine\AppData\Local\temp

2012-12-19 06:33 . 2012-12-19 06:33 -------- d-----w- c:\users\Charlie\AppData\Local\temp

2012-12-19 06:33 . 2012-12-19 06:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-12-19 06:33 . 2012-12-19 06:33 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-12-19 06:33 . 2012-12-19 06:33 -------- d-----w- c:\users\Cathy\AppData\Local\temp

2012-12-17 17:43 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-17 17:43 . 2012-12-17 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-16 22:01 . 2012-12-16 22:01 -------- d-----w- c:\users\Catherine\AppData\Roaming\Malwarebytes

2012-12-16 22:00 . 2012-12-16 22:00 -------- d-----w- c:\programdata\Malwarebytes

2012-12-14 20:36 . 2009-07-13 23:51 34944 ----a-w- c:\windows\system32\drivers\winusb.sys

2012-12-14 20:06 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-14 20:01 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-12 14:29 . 2012-11-13 21:24 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-10-08 07:56 . 2012-11-14 08:35 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-10-08 07:48 . 2012-11-14 08:35 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-10-08 07:47 . 2012-11-14 08:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-10-08 07:44 . 2012-11-14 08:35 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-10-08 07:43 . 2012-11-14 08:36 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-10-08 07:40 . 2012-11-14 08:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-09-25 16:19 . 2012-11-13 21:39 75776 ----a-w- c:\windows\system32\synceng.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

c:\users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2012-04-23 04:38 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2012-02-23 15:38 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS]

2006-10-16 08:31 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcxtime.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]

2007-01-12 19:57 292336 ----a-w- c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]

2006-11-04 01:09 312200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2006-10-03 15:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2006-10-03 15:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]

2006-11-04 01:04 304008 ----a-w- c:\program files\Dell Photo AIO Printer 926\memcard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]

2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-12-08 04:25 7766016 ----a-w- c:\windows\System32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-12-08 04:25 81920 ----a-w- c:\windows\System32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]

2006-12-08 04:25 90191 ----a-w- c:\windows\System32\nvsvc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-02-08 05:16 303104 ----a-w- c:\windows\sttray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3791582363-2134651681-4099630506-1000]

"EnableNotificationsRef"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMPROTECTOR

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3791582363-2134651681-4099630506-1004Core.job

- c:\users\Catherine\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-14 22:47]

.

2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3791582363-2134651681-4099630506-1004UA.job

- c:\users\Catherine\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-14 22:47]

.

2012-01-11 c:\windows\Tasks\User_Feed_Synchronization-{D90EC1A2-BBFC-4063-8100-534DECCC311D}.job

- c:\windows\system32\msfeedssync.exe [2012-03-26 07:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-NETGEARGenie - c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe

MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe

MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

AddRemove-Oblivion GotY - c:\oblgame\UninstHelper.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-19 01:36

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-12-19 01:52:13

ComboFix-quarantined-files.txt 2012-12-19 06:51

.

Pre-Run: 161,334,054,912 bytes free

Post-Run: 161,263,947,776 bytes free

.

- - End Of File - - 4A984A26A2D790123925D61DA6E72A6E

ComboFix 12-12-17.02 - Catherine 12/19/2012 1:00.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1074 [GMT -5:00]

Running from: c:\users\Catherine\Desktop\ComboFix.exe

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\SPL150B.tmp

c:\programdata\SPL1ECC.tmp

c:\programdata\SPL20D3.tmp

c:\programdata\SPL2605.tmp

c:\programdata\SPL3A6.tmp

c:\programdata\SPL5733.tmp

c:\programdata\SPL5864.tmp

c:\programdata\SPL6A46.tmp

c:\programdata\SPL71B7.tmp

c:\programdata\SPL7290.tmp

c:\programdata\SPL7E81.tmp

c:\programdata\SPL8249.tmp

c:\programdata\SPL831F.tmp

c:\programdata\SPL9548.tmp

c:\programdata\SPL9DE3.tmp

c:\programdata\SPLB29C.tmp

c:\programdata\SPLC255.tmp

c:\programdata\SPLD116.tmp

c:\programdata\SPLD613.tmp

c:\users\Cathy\GoToAssistDownloadHelper.exe

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\muzapp.exe

c:\windows\system32\tmpD0A6.tmp

c:\windows\system32\tmpD50B.tmp

c:\windows\system32\tmpD588.tmp

c:\windows\system32\tmpD9FC.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-11-19 to 2012-12-19 )))))))))))))))))))))))))))))))

.

.

2012-12-19 06:33 . 2012-12-19 06:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-19 06:33 . 2012-12-19 06:38 -------- d-----w- c:\users\Catherine\AppData\Local\temp

2012-12-19 06:33 . 2012-12-19 06:33 -------- d-----w- c:\users\Charlie\AppData\Local\temp

2012-12-19 06:33 . 2012-12-19 06:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-12-19 06:33 . 2012-12-19 06:33 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-12-19 06:33 . 2012-12-19 06:33 -------- d-----w- c:\users\Cathy\AppData\Local\temp

2012-12-17 17:43 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-17 17:43 . 2012-12-17 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-16 22:01 . 2012-12-16 22:01 -------- d-----w- c:\users\Catherine\AppData\Roaming\Malwarebytes

2012-12-16 22:00 . 2012-12-16 22:00 -------- d-----w- c:\programdata\Malwarebytes

2012-12-14 20:36 . 2009-07-13 23:51 34944 ----a-w- c:\windows\system32\drivers\winusb.sys

2012-12-14 20:06 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-14 20:01 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-12 14:29 . 2012-11-13 21:24 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-10-08 07:56 . 2012-11-14 08:35 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-10-08 07:48 . 2012-11-14 08:35 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-10-08 07:47 . 2012-11-14 08:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-10-08 07:44 . 2012-11-14 08:35 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-10-08 07:43 . 2012-11-14 08:36 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-10-08 07:40 . 2012-11-14 08:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-09-25 16:19 . 2012-11-13 21:39 75776 ----a-w- c:\windows\system32\synceng.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

c:\users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2012-04-23 04:38 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2012-02-23 15:38 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS]

2006-10-16 08:31 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcxtime.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]

2007-01-12 19:57 292336 ----a-w- c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]

2006-11-04 01:09 312200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2006-10-03 15:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2006-10-03 15:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]

2006-11-04 01:04 304008 ----a-w- c:\program files\Dell Photo AIO Printer 926\memcard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]

2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-12-08 04:25 7766016 ----a-w- c:\windows\System32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-12-08 04:25 81920 ----a-w- c:\windows\System32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]

2006-12-08 04:25 90191 ----a-w- c:\windows\System32\nvsvc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-02-08 05:16 303104 ----a-w- c:\windows\sttray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3791582363-2134651681-4099630506-1000]

"EnableNotificationsRef"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMPROTECTOR

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3791582363-2134651681-4099630506-1004Core.job

- c:\users\Catherine\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-14 22:47]

.

2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3791582363-2134651681-4099630506-1004UA.job

- c:\users\Catherine\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-14 22:47]

.

2012-01-11 c:\windows\Tasks\User_Feed_Synchronization-{D90EC1A2-BBFC-4063-8100-534DECCC311D}.job

- c:\windows\system32\msfeedssync.exe [2012-03-26 07:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-NETGEARGenie - c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe

MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe

MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

AddRemove-Oblivion GotY - c:\oblgame\UninstHelper.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-19 01:36

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-12-19 01:52:13

ComboFix-quarantined-files.txt 2012-12-19 06:51

.

Pre-Run: 161,334,054,912 bytes free

Post-Run: 161,263,947,776 bytes free

.

- - End Of File - - 4A984A26A2D790123925D61DA6E72A6E

Link to post
Share on other sites

Hi, i just wanted to let you know that while online my comp sufferred a bsod. It was described as a kernel_stack_inpage_error with stop: 0x00000077 followed by parentheses that included four other similar codes, but the 077 seemed to be the main one. I can try to provide you with more information if it is needed. Thanks

Link to post
Share on other sites

  • Staff

Hi,

The IE icon is normal.

Let's get some more information about the blue screen.

'Download BlueScreenView and save it to your Desktop.

  • Double click on BlueScreenView.exe file to run the program.
  • When it finishes scanning, click Edit --> Select All.
  • Click File --> Save Selected Items
  • Save the report as BSOD.txt to your Desktop.
  • Post the contents of BSOD.txtin your next reply.

Run TFC by OldTimer to clear temporary files:
  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

okay, sorry it took so long. here are the logs

==================================================

Filename : ntkrnlpa.exe

Address In Stack : ntkrnlpa.exe+94eac

From Address : 0x82642000

To Address : 0x829fc000

Size : 0x003ba000

Time Stamp : 0x5037809b

Time String : 8/24/2012 8:24:43 AM

Product Name : Microsoft® Windows® Operating System

File Description : NT Kernel & System

File Version : 6.0.6002.18686 (vistasp2_gdr.120824-0336)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\ntkrnlpa.exe

==================================================

==================================================

Filename : hal.dll

Address In Stack :

From Address : 0x8260f000

To Address : 0x82642000

Size : 0x00033000

Time Stamp : 0x49e018d9

Time String : 4/10/2009 11:13:13 PM

Product Name : Microsoft® Windows® Operating System

File Description : Hardware Abstraction Layer DLL

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\hal.dll

==================================================

==================================================

Filename : kdcom.dll

Address In Stack :

From Address : 0x8040c000

To Address : 0x80413000

Size : 0x00007000

Time Stamp : 0x49e037d9

Time String : 4/11/2009 1:25:29 AM

Product Name : Microsoft® Windows® Operating System

File Description : Kernel Debugger HW Extension DLL

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\kdcom.dll

==================================================

==================================================

Filename : PSHED.dll

Address In Stack :

From Address : 0x80413000

To Address : 0x80424000

Size : 0x00011000

Time Stamp : 0x49e037dc

Time String : 4/11/2009 1:25:32 AM

Product Name : Microsoft® Windows® Operating System

File Description : Platform Specific Hardware Error Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\PSHED.dll

==================================================

==================================================

Filename : BOOTVID.dll

Address In Stack :

From Address : 0x80424000

To Address : 0x8042c000

Size : 0x00008000

Time Stamp : 0x4791a653

Time String : 1/19/2008 2:27:15 AM

Product Name : Microsoft® Windows® Operating System

File Description : VGA Boot Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\BOOTVID.dll

==================================================

==================================================

Filename : CLFS.SYS

Address In Stack :

From Address : 0x8042c000

To Address : 0x8046d000

Size : 0x00041000

Time Stamp : 0x49e018ff

Time String : 4/10/2009 11:13:51 PM

Product Name : Microsoft® Windows® Operating System

File Description : Common Log File System Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\CLFS.SYS

==================================================

==================================================

Filename : CI.dll

Address In Stack :

From Address : 0x8046d000

To Address : 0x8054d000

Size : 0x000e0000

Time Stamp : 0x49e037d2

Time String : 4/11/2009 1:25:22 AM

Product Name : Microsoft® Windows® Operating System

File Description : Code Integrity Module

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\CI.dll

==================================================

==================================================

Filename : Wdf01000.sys

Address In Stack :

From Address : 0x8054d000

To Address : 0x805c9000

Size : 0x0007c000

Time Stamp : 0x47919015

Time String : 1/19/2008 12:52:21 AM

Product Name : Microsoft® Windows® Operating System

File Description : WDF Dynamic

File Version : 1.7.6001.0 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\Wdf01000.sys

==================================================

==================================================

Filename : WDFLDR.SYS

Address In Stack :

From Address : 0x805c9000

To Address : 0x805d6000

Size : 0x0000d000

Time Stamp : 0x47919013

Time String : 1/19/2008 12:52:19 AM

Product Name : Microsoft® Windows® Operating System

File Description : WDFLDR

File Version : 1.7.6001.0 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\WDFLDR.SYS

==================================================

==================================================

Filename : acpi.sys

Address In Stack :

From Address : 0x80609000

To Address : 0x8064f000

Size : 0x00046000

Time Stamp : 0x49e01a37

Time String : 4/10/2009 11:19:03 PM

Product Name : Microsoft® Windows® Operating System

File Description : ACPI Driver for NT

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\acpi.sys

==================================================

==================================================

Filename : WMILIB.SYS

Address In Stack :

From Address : 0x8064f000

To Address : 0x80658000

Size : 0x00009000

Time Stamp : 0x47919044

Time String : 1/19/2008 12:53:08 AM

Product Name : Microsoft® Windows® Operating System

File Description : WMILIB WMI support library Dll

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\WMILIB.SYS

==================================================

==================================================

Filename : msisadrv.sys

Address In Stack :

From Address : 0x80658000

To Address : 0x80660000

Size : 0x00008000

Time Stamp : 0x47918b83

Time String : 1/19/2008 12:32:51 AM

Product Name : Microsoft® Windows® Operating System

File Description : ISA Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\msisadrv.sys

==================================================

==================================================

Filename : pci.sys

Address In Stack :

From Address : 0x80660000

To Address : 0x80687000

Size : 0x00027000

Time Stamp : 0x49e01a44

Time String : 4/10/2009 11:19:16 PM

Product Name : Microsoft® Windows® Operating System

File Description : NT Plug and Play PCI Enumerator

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\pci.sys

==================================================

==================================================

Filename : partmgr.sys

Address In Stack :

From Address : 0x80687000

To Address : 0x80697000

Size : 0x00010000

Time Stamp : 0x4f68bbfc

Time String : 3/20/2012 12:18:52 PM

Product Name : Microsoft® Windows® Operating System

File Description : Partition Management Driver

File Version : 6.0.6002.18600 (vistasp2_gdr.120320-0702)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\partmgr.sys

==================================================

==================================================

Filename : volmgr.sys

Address In Stack :

From Address : 0x80697000

To Address : 0x806a6000

Size : 0x0000f000

Time Stamp : 0x47918f7f

Time String : 1/19/2008 12:49:51 AM

Product Name : Microsoft® Windows® Operating System

File Description : Volume Manager Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\volmgr.sys

==================================================

==================================================

Filename : volmgrx.sys

Address In Stack :

From Address : 0x806a6000

To Address : 0x806f0000

Size : 0x0004a000

Time Stamp : 0x49e01efd

Time String : 4/10/2009 11:39:25 PM

Product Name : Microsoft® Windows® Operating System

File Description : Volume Manager Extension Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\volmgrx.sys

==================================================

==================================================

Filename : mountmgr.sys

Address In Stack :

From Address : 0x806f0000

To Address : 0x80700000

Size : 0x00010000

Time Stamp : 0x47918f59

Time String : 1/19/2008 12:49:13 AM

Product Name : Microsoft® Windows® Operating System

File Description : Mount Point Manager

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\mountmgr.sys

==================================================

==================================================

Filename : nvstor.sys

Address In Stack :

From Address : 0x80700000

To Address : 0x8070d000

Size : 0x0000d000

Time Stamp : 0x458d543d

Time String : 12/23/2006 11:07:25 AM

Product Name : NVIDIA nForce SATA Driver

File Description : NVIDIA® nForce Sata Performance Driver

File Version : 5.10.2600.0824 built by: WinDDK

Company : NVIDIA Corporation

Full Path : C:\Windows\system32\drivers\nvstor.sys

==================================================

==================================================

Filename : storport.sys

Address In Stack :

From Address : 0x8070d000

To Address : 0x8074e000

Size : 0x00041000

Time Stamp : 0x49e01ef7

Time String : 4/10/2009 11:39:19 PM

Product Name : Microsoft® Windows® Operating System

File Description : Microsoft Storage Port Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\storport.sys

==================================================

==================================================

Filename : nvstor32.sys

Address In Stack :

From Address : 0x8074e000

To Address : 0x8076b000

Size : 0x0001d000

Time Stamp : 0x46bb58d8

Time String : 8/9/2007 1:11:36 PM

Product Name : NVIDIA nForce SATA Driver

File Description : NVIDIA® nForce Sata Performance Driver

File Version : 5.10.2600.0998 built by: WinDDK

Company : NVIDIA Corporation

Full Path : C:\Windows\system32\drivers\nvstor32.sys

==================================================

==================================================

Filename : fltmgr.sys

Address In Stack :

From Address : 0x8076b000

To Address : 0x8079d000

Size : 0x00032000

Time Stamp : 0x49e01907

Time String : 4/10/2009 11:13:59 PM

Product Name : Microsoft® Windows® Operating System

File Description : Microsoft Filesystem Filter Manager

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\fltmgr.sys

==================================================

==================================================

Filename : SYMDS.SYS

Address In Stack :

From Address : 0x8079d000

To Address : 0x807f4000

Size : 0x00057000

Time Stamp : 0x4dd1a1c2

Time String : 5/16/2011 5:14:26 PM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : fileinfo.sys

Address In Stack :

From Address : 0x805d6000

To Address : 0x805e6000

Size : 0x00010000

Time Stamp : 0x47918be3

Time String : 1/19/2008 12:34:27 AM

Product Name : Microsoft® Windows® Operating System

File Description : FileInfo Filter Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\fileinfo.sys

==================================================

==================================================

Filename : SYMEFA.SYS

Address In Stack :

From Address : 0x8300c000

To Address : 0x830f4000

Size : 0x000e8000

Time Stamp : 0x4fb6f774

Time String : 5/18/2012 8:29:24 PM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : ksecdd.sys

Address In Stack :

From Address : 0x830f4000

To Address : 0x83166000

Size : 0x00072000

Time Stamp : 0x4fc93a77

Time String : 6/1/2012 4:56:07 PM

Product Name : Microsoft® Windows® Operating System

File Description : Kernel Security Support Provider Interface

File Version : 6.0.6002.18643 (vistasp2_gdr.120601-1144)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\ksecdd.sys

==================================================

==================================================

Filename : ndis.sys

Address In Stack :

From Address : 0x8320b000

To Address : 0x83316000

Size : 0x0010b000

Time Stamp : 0x49e02080

Time String : 4/10/2009 11:45:52 PM

Product Name : Microsoft® Windows® Operating System

File Description : NDIS 6.0 wrapper driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\ndis.sys

==================================================

==================================================

Filename : msrpc.sys

Address In Stack :

From Address : 0x83316000

To Address : 0x83341000

Size : 0x0002b000

Time Stamp : 0x00000000

Time String :

Product Name : Microsoft® Windows® Operating System

File Description : Kernel Remote Procedure Call Provider

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\msrpc.sys

==================================================

==================================================

Filename : NETIO.SYS

Address In Stack :

From Address : 0x83341000

To Address : 0x8337c000

Size : 0x0003b000

Time Stamp : 0x49e0209d

Time String : 4/10/2009 11:46:21 PM

Product Name : Microsoft® Windows® Operating System

File Description : Network I/O Subsystem

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\NETIO.SYS

==================================================

==================================================

Filename : Ntfs.sys

Address In Stack :

From Address : 0x88007000

To Address : 0x88117000

Size : 0x00110000

Time Stamp : 0x49e0192a

Time String : 4/10/2009 11:14:34 PM

Product Name : Microsoft® Windows® Operating System

File Description : NT File System Driver

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\Ntfs.sys

==================================================

==================================================

Filename : volsnap.sys

Address In Stack :

From Address : 0x88117000

To Address : 0x88150000

Size : 0x00039000

Time Stamp : 0x502cfb5e

Time String : 8/16/2012 8:53:34 AM

Product Name : Microsoft® Windows® Operating System

File Description : Volume Shadow Copy Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\volsnap.sys

==================================================

==================================================

Filename : spldr.sys

Address In Stack :

From Address : 0x88150000

To Address : 0x88158000

Size : 0x00008000

Time Stamp : 0x467b17dd

Time String : 6/21/2007 7:29:17 PM

Product Name : Microsoft® Windows® Operating System

File Description : loader for security processor

File Version : 6.0.6001.16606 (lh_security(sepbld-s).070621-1657)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\spldr.sys

==================================================

==================================================

Filename : mup.sys

Address In Stack :

From Address : 0x88158000

To Address : 0x88167000

Size : 0x0000f000

Time Stamp : 0x49e01914

Time String : 4/10/2009 11:14:12 PM

Product Name : Microsoft® Windows® Operating System

File Description : Multiple UNC Provider driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\mup.sys

==================================================

==================================================

Filename : ecache.sys

Address In Stack :

From Address : 0x88167000

To Address : 0x8818e000

Size : 0x00027000

Time Stamp : 0x49e01f2c

Time String : 4/10/2009 11:40:12 PM

Product Name : Microsoft® Windows® Operating System

File Description : Special Memory Device Cache

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\ecache.sys

==================================================

==================================================

Filename : disk.sys

Address In Stack :

From Address : 0x8818e000

To Address : 0x8819f000

Size : 0x00011000

Time Stamp : 0x49e01ef2

Time String : 4/10/2009 11:39:14 PM

Product Name : Microsoft® Windows® Operating System

File Description : PnP Disk Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\disk.sys

==================================================

==================================================

Filename : CLASSPNP.SYS

Address In Stack :

From Address : 0x8819f000

To Address : 0x881c0000

Size : 0x00021000

Time Stamp : 0x49e01ee9

Time String : 4/10/2009 11:39:05 PM

Product Name : Microsoft® Windows® Operating System

File Description : SCSI Class System Dll

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\CLASSPNP.SYS

==================================================

==================================================

Filename : crcdisk.sys

Address In Stack :

From Address : 0x881c0000

To Address : 0x881c9000

Size : 0x00009000

Time Stamp : 0x4549b1cb

Time String : 11/2/2006 3:52:27 AM

Product Name : Microsoft® Windows® Operating System

File Description : Disk Block Verification Filter Driver

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\crcdisk.sys

==================================================

==================================================

Filename : tunnel.sys

Address In Stack :

From Address : 0x8337c000

To Address : 0x83387000

Size : 0x0000b000

Time Stamp : 0x4b7d244d

Time String : 2/18/2010 6:28:13 AM

Product Name : Microsoft® Windows® Operating System

File Description : Microsoft Tunnel Interface Driver

File Version : 6.0.6002.18209 (vistasp2_gdr.100218-0019)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\tunnel.sys

==================================================

==================================================

Filename : tunmp.sys

Address In Stack :

From Address : 0x83387000

To Address : 0x83390000

Size : 0x00009000

Time Stamp : 0x479190dc

Time String : 1/19/2008 12:55:40 AM

Product Name : Microsoft® Windows® Operating System

File Description : Microsoft Tunnel Interface Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\tunmp.sys

==================================================

==================================================

Filename : amdk8.sys

Address In Stack :

From Address : 0x83390000

To Address : 0x833a0000

Size : 0x00010000

Time Stamp : 0x47918a38

Time String : 1/19/2008 12:27:20 AM

Product Name : Microsoft® Windows® Operating System

File Description : Processor Device Driver

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\amdk8.sys

==================================================

==================================================

Filename : nvlddmkm.sys

Address In Stack :

From Address : 0x8ce04000

To Address : 0x8d243fe0

Size : 0x0043ffe0

Time Stamp : 0x4578eca9

Time String : 12/7/2006 11:40:09 PM

Product Name : NVIDIA Compatible Windows 2000 Miniport Driver, Version 97.46

File Description : NVIDIA Compatible Windows 2000 Miniport Driver, Version 97.46

File Version : 7.15.10.9746

Company : NVIDIA Corporation

Full Path : C:\Windows\system32\drivers\nvlddmkm.sys

==================================================

==================================================

Filename : dxgkrnl.sys

Address In Stack :

From Address : 0x8d244000

To Address : 0x8d2e4000

Size : 0x000a0000

Time Stamp : 0x4d383dc1

Time String : 1/20/2011 8:50:57 AM

Product Name : Microsoft® Windows® Operating System

File Description : DirectX Graphics Kernel

File Version : 7.0.6002.18107 (vistasp2_gdr_win7ip_dgt(wmbla).090924-1550)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\dxgkrnl.sys

==================================================

==================================================

Filename : watchdog.sys

Address In Stack :

From Address : 0x8d2e4000

To Address : 0x8d2f0000

Size : 0x0000c000

Time Stamp : 0x49e01b13

Time String : 4/10/2009 11:22:43 PM

Product Name : Microsoft® Windows® Operating System

File Description : Watchdog Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\watchdog.sys

==================================================

==================================================

Filename : usbohci.sys

Address In Stack :

From Address : 0x8d2f0000

To Address : 0x8d2fa000

Size : 0x0000a000

Time Stamp : 0x49e01fcc

Time String : 4/10/2009 11:42:52 PM

Product Name : Microsoft® Windows® Operating System

File Description : OHCI USB Miniport Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\usbohci.sys

==================================================

==================================================

Filename : USBPORT.SYS

Address In Stack :

From Address : 0x8d2fa000

To Address : 0x8d338000

Size : 0x0003e000

Time Stamp : 0x49e01fcf

Time String : 4/10/2009 11:42:55 PM

Product Name : Microsoft® Windows® Operating System

File Description : USB 1.1 & 2.0 Port Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\USBPORT.SYS

==================================================

==================================================

Filename : usbehci.sys

Address In Stack :

From Address : 0x8d338000

To Address : 0x8d347000

Size : 0x0000f000

Time Stamp : 0x49e01fcc

Time String : 4/10/2009 11:42:52 PM

Product Name : Microsoft® Windows® Operating System

File Description : EHCI eUSB Miniport Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\usbehci.sys

==================================================

==================================================

Filename : cdrom.sys

Address In Stack :

From Address : 0x8d347000

To Address : 0x8d35f000

Size : 0x00018000

Time Stamp : 0x49e01ef5

Time String : 4/10/2009 11:39:17 PM

Product Name : Microsoft® Windows® Operating System

File Description : SCSI CD-ROM Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\cdrom.sys

==================================================

==================================================

Filename : bcm4sbxp.sys

Address In Stack :

From Address : 0x8d35f000

To Address : 0x8d36f000

Size : 0x00010000

Time Stamp : 0x4562f047

Time String : 11/21/2006 7:25:43 AM

Product Name : Broadcom 440x 10/100 Integrated Controller

File Description : Broadcom Corporation NDIS 5.1 ethernet driver

File Version : 4.60.0.0 built by: WinDDK

Company : Broadcom Corporation

Full Path : C:\Windows\system32\drivers\bcm4sbxp.sys

==================================================

==================================================

Filename : HSXHWBS2.sys

Address In Stack :

From Address : 0x8d36f000

To Address : 0x8d3b9000

Size : 0x0004a000

Time Stamp : 0x45366d90

Time String : 10/18/2006 1:08:16 PM

Product Name : SoftK56 Modem Driver

File Description : HSF_HWB2 WDM driver

File Version : 7.58.00 built by: WinDDK

Company : Conexant Systems, Inc.

Full Path : C:\Windows\system32\drivers\HSXHWBS2.sys

==================================================

==================================================

Filename : ks.sys

Address In Stack :

From Address : 0x8d3b9000

To Address : 0x8d3e3000

Size : 0x0002a000

Time Stamp : 0x49e01ed7

Time String : 4/10/2009 11:38:47 PM

Product Name : Microsoft® Windows® Operating System

File Description : Kernel CSA Library

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\ks.sys

==================================================

==================================================

Filename : HSX_DPV.sys

Address In Stack :

From Address : 0x8ee0f000

To Address : 0x8ef12000

Size : 0x00103000

Time Stamp : 0x45366dd2

Time String : 10/18/2006 1:09:22 PM

Product Name : SoftK56 Modem Driver

File Description : HSF_DP driver

File Version : 7.58.00 built by: WinDDK

Company : Conexant Systems, Inc.

Full Path : C:\Windows\system32\drivers\HSX_DPV.sys

==================================================

==================================================

Filename : HSX_CNXT.sys

Address In Stack :

From Address : 0x8ef12000

To Address : 0x8efc6000

Size : 0x000b4000

Time Stamp : 0x45366d81

Time String : 10/18/2006 1:08:01 PM

Product Name : SoftK56 Modem Driver

File Description : HSF_CNXT driver

File Version : 7.58.00 built by: WinDDK

Company : Conexant Systems, Inc.

Full Path : C:\Windows\system32\drivers\HSX_CNXT.sys

==================================================

==================================================

Filename : modem.sys

Address In Stack :

From Address : 0x8efc6000

To Address : 0x8efd3000

Size : 0x0000d000

Time Stamp : 0x4791913c

Time String : 1/19/2008 12:57:16 AM

Product Name : Microsoft® Windows® Operating System

File Description : Modem Device Driver

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\modem.sys

==================================================

==================================================

Filename : HDAudBus.sys

Address In Stack :

From Address : 0x83166000

To Address : 0x831f3000

Size : 0x0008d000

Time Stamp : 0x49e01fc1

Time String : 4/10/2009 11:42:41 PM

Product Name : Microsoft® Windows® Operating System

File Description : High Definition Audio Bus Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\HDAudBus.sys

==================================================

==================================================

Filename : msiscsi.sys

Address In Stack :

From Address : 0x833a0000

To Address : 0x833cf000

Size : 0x0002f000

Time Stamp : 0x49e01f27

Time String : 4/10/2009 11:40:07 PM

Product Name : Microsoft® Windows® Operating System

File Description : Microsoft iSCSI Initiator Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\msiscsi.sys

==================================================

==================================================

Filename : TDI.SYS

Address In Stack :

From Address : 0x8efd3000

To Address : 0x8efde000

Size : 0x0000b000

Time Stamp : 0x47919136

Time String : 1/19/2008 12:57:10 AM

Product Name : Microsoft® Windows® Operating System

File Description : TDI Wrapper

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\TDI.SYS

==================================================

==================================================

Filename : rasl2tp.sys

Address In Stack :

From Address : 0x8efde000

To Address : 0x8eff5000

Size : 0x00017000

Time Stamp : 0x47919111

Time String : 1/19/2008 12:56:33 AM

Product Name : Microsoft® Windows® Operating System

File Description : RAS L2TP mini-port/call-manager driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\rasl2tp.sys

==================================================

==================================================

Filename : ndistapi.sys

Address In Stack :

From Address : 0x8eff5000

To Address : 0x8f000000

Size : 0x0000b000

Time Stamp : 0x47919108

Time String : 1/19/2008 12:56:24 AM

Product Name : Microsoft® Windows® Operating System

File Description : NDIS 3.0 connection wrapper driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\ndistapi.sys

==================================================

==================================================

Filename : ndiswan.sys

Address In Stack :

From Address : 0x833cf000

To Address : 0x833f2000

Size : 0x00023000

Time Stamp : 0x49e020a7

Time String : 4/10/2009 11:46:31 PM

Product Name : Microsoft® Windows® Operating System

File Description : MS PPP Framing Driver (Strong Encryption)

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\ndiswan.sys

==================================================

==================================================

Filename : raspppoe.sys

Address In Stack :

From Address : 0x8ee00000

To Address : 0x8ee0f000

Size : 0x0000f000

Time Stamp : 0x49e020a6

Time String : 4/10/2009 11:46:30 PM

Product Name : Microsoft® Windows® Operating System

File Description : RAS PPPoE mini-port/call-manager driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\raspppoe.sys

==================================================

==================================================

Filename : raspptp.sys

Address In Stack :

From Address : 0x8d3e3000

To Address : 0x8d3f7000

Size : 0x00014000

Time Stamp : 0x47919112

Time String : 1/19/2008 12:56:34 AM

Product Name : Microsoft® Windows® Operating System

File Description : Peer-to-Peer Tunneling Protocol

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\raspptp.sys

==================================================

==================================================

Filename : rassstp.sys

Address In Stack :

From Address : 0x805e6000

To Address : 0x805fb000

Size : 0x00015000

Time Stamp : 0x49e020b0

Time String : 4/10/2009 11:46:40 PM

Product Name : Microsoft® Windows® Operating System

File Description : RAS SSTP Miniport Call Manager

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\rassstp.sys

==================================================

==================================================

Filename : termdd.sys

Address In Stack :

From Address : 0x90e08000

To Address : 0x90e18000

Size : 0x00010000

Time Stamp : 0x49e021c2

Time String : 4/10/2009 11:51:14 PM

Product Name : Microsoft® Windows® Operating System

File Description : Terminal Server Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\termdd.sys

==================================================

==================================================

Filename : kbdclass.sys

Address In Stack :

From Address : 0x90e18000

To Address : 0x90e23000

Size : 0x0000b000

Time Stamp : 0x47918f5a

Time String : 1/19/2008 12:49:14 AM

Product Name : Microsoft® Windows® Operating System

File Description : Keyboard Class Driver

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\kbdclass.sys

==================================================

==================================================

Filename : mouclass.sys

Address In Stack :

From Address : 0x90e23000

To Address : 0x90e2e000

Size : 0x0000b000

Time Stamp : 0x47918f5a

Time String : 1/19/2008 12:49:14 AM

Product Name : Microsoft® Windows® Operating System

File Description : Mouse Class Driver

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\mouclass.sys

==================================================

==================================================

Filename : swenum.sys

Address In Stack :

From Address : 0x90e2e000

To Address : 0x90e2f380

Size : 0x00001380

Time Stamp : 0x47918f60

Time String : 1/19/2008 12:49:20 AM

Product Name : Microsoft® Windows® Operating System

File Description : Plug and Play Software Device Enumerator

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\swenum.sys

==================================================

==================================================

Filename : mssmbios.sys

Address In Stack :

From Address : 0x90e30000

To Address : 0x90e3a000

Size : 0x0000a000

Time Stamp : 0x47918b87

Time String : 1/19/2008 12:32:55 AM

Product Name : Microsoft® Windows® Operating System

File Description : System Management BIOS Driver

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\mssmbios.sys

==================================================

==================================================

Filename : umbus.sys

Address In Stack :

From Address : 0x90e3a000

To Address : 0x90e47000

Size : 0x0000d000

Time Stamp : 0x47919064

Time String : 1/19/2008 12:53:40 AM

Product Name : Microsoft® Windows® Operating System

File Description : User-Mode Bus Enumerator

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\umbus.sys

==================================================

==================================================

Filename : usbhub.sys

Address In Stack :

From Address : 0x90e47000

To Address : 0x90e7c000

Size : 0x00035000

Time Stamp : 0x49e01fe2

Time String : 4/10/2009 11:43:14 PM

Product Name : Microsoft® Windows® Operating System

File Description : Default Hub Driver for USB

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\usbhub.sys

==================================================

==================================================

Filename : NDProxy.SYS

Address In Stack :

From Address : 0x90e7c000

To Address : 0x90e8d000

Size : 0x00011000

Time Stamp : 0x4791910c

Time String : 1/19/2008 12:56:28 AM

Product Name : Microsoft® Windows® Operating System

File Description : NDIS Proxy

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\NDProxy.SYS

==================================================

==================================================

Filename : stwrt.sys

Address In Stack :

From Address : 0x90e8d000

To Address : 0x90f30000

Size : 0x000a3000

Time Stamp : 0x45a6c693

Time String : 1/11/2007 6:21:55 PM

Product Name : C-Major Audio

File Description : NDRC

File Version : 6.10.5343.1 nd544 cp1 built by: WinDDK

Company : SigmaTel, Inc.

Full Path : C:\Windows\system32\drivers\stwrt.sys

==================================================

==================================================

Filename : portcls.sys

Address In Stack :

From Address : 0x90f30000

To Address : 0x90f5d000

Size : 0x0002d000

Time Stamp : 0x49e01fc8

Time String : 4/10/2009 11:42:48 PM

Product Name : Microsoft® Windows® Operating System

File Description : Port Class (Class Driver for Port/Miniport Devices)

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\portcls.sys

==================================================

==================================================

Filename : drmk.sys

Address In Stack :

From Address : 0x90f5d000

To Address : 0x90f82000

Size : 0x00025000

Time Stamp : 0x47919e4e

Time String : 1/19/2008 1:53:02 AM

Product Name : Microsoft® Windows® Operating System

File Description : Microsoft Kernel DRM Descrambler Filter

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\drmk.sys

==================================================

==================================================

Filename : ccSetx86.sys

Address In Stack :

From Address : 0x90f82000

To Address : 0x90fa6000

Size : 0x00024000

Time Stamp : 0x00000000

Time String :

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : Ironx86.SYS

Address In Stack :

From Address : 0x90fa6000

To Address : 0x90fcd000

Size : 0x00027000

Time Stamp : 0x4ec1c7ad

Time String : 11/14/2011 9:00:13 PM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : Fs_Rec.SYS

Address In Stack :

From Address : 0x90fcd000

To Address : 0x90fd6000

Size : 0x00009000

Time Stamp : 0x00000000

Time String :

Product Name : Microsoft® Windows® Operating System

File Description : File System Recognizer Driver

File Version : 6.0.6002.18592 (vistasp2_gdr.120229-0238)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\Fs_Rec.SYS

==================================================

==================================================

Filename : Null.SYS

Address In Stack :

From Address : 0x90fd6000

To Address : 0x90fdd000

Size : 0x00007000

Time Stamp : 0x00000000

Time String :

Product Name : Microsoft® Windows® Operating System

File Description : NULL Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\Null.SYS

==================================================

==================================================

Filename : Beep.SYS

Address In Stack :

From Address : 0x90fdd000

To Address : 0x90fe4000

Size : 0x00007000

Time Stamp : 0x47918f56

Time String : 1/19/2008 12:49:10 AM

Product Name : Microsoft® Windows® Operating System

File Description : BEEP Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\Beep.SYS

==================================================

==================================================

Filename : HIDPARSE.SYS

Address In Stack :

From Address : 0x90fed000

To Address : 0x90ff3380

Size : 0x00006380

Time Stamp : 0x4791904c

Time String : 1/19/2008 12:53:16 AM

Product Name : Microsoft® Windows® Operating System

File Description : Hid Parsing Library

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\HIDPARSE.SYS

==================================================

==================================================

Filename : vga.sys

Address In Stack :

From Address : 0x90ff4000

To Address : 0x91000000

Size : 0x0000c000

Time Stamp : 0x47919006

Time String : 1/19/2008 12:52:06 AM

Product Name : Microsoft® Windows® Operating System

File Description : VGA/Super VGA Video Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\vga.sys

==================================================

==================================================

Filename : VIDEOPRT.SYS

Address In Stack :

From Address : 0x9160f000

To Address : 0x91630000

Size : 0x00021000

Time Stamp : 0x4791900a

Time String : 1/19/2008 12:52:10 AM

Product Name : Microsoft® Windows® Operating System

File Description : Video Port Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\VIDEOPRT.SYS

==================================================

==================================================

Filename : hidusb.sys

Address In Stack :

From Address : 0x91630000

To Address : 0x91639000

Size : 0x00009000

Time Stamp : 0x49e01fc8

Time String : 4/10/2009 11:42:48 PM

Product Name : Microsoft® Windows® Operating System

File Description : USB Miniport Driver for Input Devices

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\hidusb.sys

==================================================

==================================================

Filename : HIDCLASS.SYS

Address In Stack :

From Address : 0x91639000

To Address : 0x91649000

Size : 0x00010000

Time Stamp : 0x49e01fc7

Time String : 4/10/2009 11:42:47 PM

Product Name : Microsoft® Windows® Operating System

File Description : Hid Class Library

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\HIDCLASS.SYS

==================================================

==================================================

Filename : USBD.SYS

Address In Stack :

From Address : 0x91649000

To Address : 0x9164a700

Size : 0x00001700

Time Stamp : 0x4791904d

Time String : 1/19/2008 12:53:17 AM

Product Name : Microsoft® Windows® Operating System

File Description : Universal Serial Bus Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\USBD.SYS

==================================================

==================================================

Filename : RDPCDD.sys

Address In Stack :

From Address : 0x9164b000

To Address : 0x91653000

Size : 0x00008000

Time Stamp : 0x47919224

Time String : 1/19/2008 1:01:08 AM

Product Name : Microsoft® Windows® Operating System

File Description : RDP Miniport

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\RDPCDD.sys

==================================================

==================================================

Filename : mouhid.sys

Address In Stack :

From Address : 0x91653000

To Address : 0x9165b000

Size : 0x00008000

Time Stamp : 0x47918f5c

Time String : 1/19/2008 12:49:16 AM

Product Name : Microsoft® Windows® Operating System

File Description : HID Mouse Filter Driver

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\mouhid.sys

==================================================

==================================================

Filename : rdpencdd.sys

Address In Stack :

From Address : 0x9165b000

To Address : 0x91663000

Size : 0x00008000

Time Stamp : 0x47919225

Time String : 1/19/2008 1:01:09 AM

Product Name : Microsoft® Windows® Operating System

File Description : RDP Miniport

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\rdpencdd.sys

==================================================

==================================================

Filename : Msfs.SYS

Address In Stack :

From Address : 0x91663000

To Address : 0x9166e000

Size : 0x0000b000

Time Stamp : 0x00000000

Time String :

Product Name : Microsoft® Windows® Operating System

File Description : Mailslot driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\Msfs.SYS

==================================================

==================================================

Filename : Npfs.SYS

Address In Stack :

From Address : 0x9166e000

To Address : 0x9167c000

Size : 0x0000e000

Time Stamp : 0x49e01909

Time String : 4/10/2009 11:14:01 PM

Product Name : Microsoft® Windows® Operating System

File Description : NPFS Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\Npfs.SYS

==================================================

==================================================

Filename : rasacd.sys

Address In Stack :

From Address : 0x9167c000

To Address : 0x91685000

Size : 0x00009000

Time Stamp : 0x4791910f

Time String : 1/19/2008 12:56:31 AM

Product Name : Microsoft® Windows® Operating System

File Description : RAS Automatic Connection Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\rasacd.sys

==================================================

==================================================

Filename : tcpip.sys

Address In Stack :

From Address : 0x91685000

To Address : 0x9176f000

Size : 0x000ea000

Time Stamp : 0x4f746a14

Time String : 3/29/2012 8:56:36 AM

Product Name : Microsoft® Windows® Operating System

File Description : TCP/IP Driver

File Version : 6.0.6002.18604 (vistasp2_gdr.120329-0337)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\tcpip.sys

==================================================

==================================================

Filename : fwpkclnt.sys

Address In Stack :

From Address : 0x9176f000

To Address : 0x9178a000

Size : 0x0001b000

Time Stamp : 0x49e02076

Time String : 4/10/2009 11:45:42 PM

Product Name : Microsoft® Windows® Operating System

File Description : FWP/IPsec Kernel-Mode API

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\fwpkclnt.sys

==================================================

==================================================

Filename : tdx.sys

Address In Stack :

From Address : 0x9178a000

To Address : 0x917a0000

Size : 0x00016000

Time Stamp : 0x49e02084

Time String : 4/10/2009 11:45:56 PM

Product Name : Microsoft® Windows® Operating System

File Description : TDI Translation Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\tdx.sys

==================================================

==================================================

Filename : SYMTDIV.SYS

Address In Stack :

From Address : 0x917a0000

To Address : 0x917fb000

Size : 0x0005b000

Time Stamp : 0x4ebedd1f

Time String : 11/12/2011 3:54:55 PM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : SYMEVENT.SYS

Address In Stack :

From Address : 0x91806000

To Address : 0x91830000

Size : 0x0002a000

Time Stamp : 0x4ecbea42

Time String : 11/22/2011 1:30:26 PM

Product Name : SYMEVENT

File Description : Symantec Event Library

File Version : 12.9.1.20

Company : Symantec Corporation

Full Path : C:\Windows\system32\drivers\SYMEVENT.SYS

==================================================

==================================================

Filename : kbdhid.sys

Address In Stack :

From Address : 0x91830000

To Address : 0x91839000

Size : 0x00009000

Time Stamp : 0x49e01ed0

Time String : 4/10/2009 11:38:40 PM

Product Name : Microsoft® Windows® Operating System

File Description : HID Keyboard Filter Driver

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\kbdhid.sys

==================================================

==================================================

Filename : smb.sys

Address In Stack :

From Address : 0x91839000

To Address : 0x9184d000

Size : 0x00014000

Time Stamp : 0x49e02062

Time String : 4/10/2009 11:45:22 PM

Product Name : Microsoft® Windows® Operating System

File Description : SMB Transport driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\smb.sys

==================================================

==================================================

Filename : afd.sys

Address In Stack :

From Address : 0x9184d000

To Address : 0x91895000

Size : 0x00048000

Time Stamp : 0x4db03801

Time String : 4/21/2011 8:58:25 AM

Product Name : Microsoft® Windows® Operating System

File Description : Ancillary Function Driver for WinSock

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\afd.sys

==================================================

==================================================

Filename : netbt.sys

Address In Stack :

From Address : 0x91895000

To Address : 0x918c7000

Size : 0x00032000

Time Stamp : 0x49e0206f

Time String : 4/10/2009 11:45:35 PM

Product Name : Microsoft® Windows® Operating System

File Description : MBT Transport driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\netbt.sys

==================================================

==================================================

Filename : pacer.sys

Address In Stack :

From Address : 0x918c7000

To Address : 0x918dd000

Size : 0x00016000

Time Stamp : 0x49e0207f

Time String : 4/10/2009 11:45:51 PM

Product Name : Microsoft® Windows® Operating System

File Description : QoS Packet Scheduler

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\pacer.sys

==================================================

==================================================

Filename : SymIMv.sys

Address In Stack :

From Address : 0x918dd000

To Address : 0x918e9000

Size : 0x0000c000

Time Stamp : 0x4ebedd32

Time String : 11/12/2011 3:55:14 PM

Product Name : Symantec Security Drivers

File Description : NDIS 6.0 Filter Driver for Windows Vista

File Version : 12.0.2.11

Company : Symantec Corporation

Full Path : C:\Windows\system32\drivers\SymIMv.sys

==================================================

==================================================

Filename : netbios.sys

Address In Stack :

From Address : 0x918e9000

To Address : 0x918f7000

Size : 0x0000e000

Time Stamp : 0x479190e1

Time String : 1/19/2008 12:55:45 AM

Product Name : Microsoft® Windows® Operating System

File Description : NetBIOS interface driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\netbios.sys

==================================================

==================================================

Filename : wanarp.sys

Address In Stack :

From Address : 0x918f7000

To Address : 0x9190a000

Size : 0x00013000

Time Stamp : 0x4791910f

Time String : 1/19/2008 12:56:31 AM

Product Name : Microsoft® Windows® Operating System

File Description : MS Remote Access and Routing ARP Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\wanarp.sys

==================================================

==================================================

Filename : SRTSPX.SYS

Address In Stack :

From Address : 0x9190a000

To Address : 0x9191a000

Size : 0x00010000

Time Stamp : 0x4ff1e582

Time String : 7/2/2012 1:16:34 PM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : rdbss.sys

Address In Stack :

From Address : 0x9191a000

To Address : 0x91956000

Size : 0x0003c000

Time Stamp : 0x49e01922

Time String : 4/10/2009 11:14:26 PM

Product Name : Microsoft® Windows® Operating System

File Description : Redirected Drive Buffering SubSystem Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\rdbss.sys

==================================================

==================================================

Filename : nsiproxy.sys

Address In Stack :

From Address : 0x91956000

To Address : 0x91960000

Size : 0x0000a000

Time Stamp : 0x479190e6

Time String : 1/19/2008 12:55:50 AM

Product Name : Microsoft® Windows® Operating System

File Description : NSI Proxy

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\nsiproxy.sys

==================================================

==================================================

Filename : eeCtrl.sys

Address In Stack :

From Address : 0x92801000

To Address : 0x92860000

Size : 0x0005f000

Time Stamp : 0x50186b4a

Time String : 7/31/2012 6:33:30 PM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : EraserUtilRebootDrv.sys

Address In Stack :

From Address : 0x92860000

To Address : 0x9287e000

Size : 0x0001e000

Time Stamp : 0x50186b4a

Time String : 7/31/2012 6:33:30 PM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : dfsc.sys

Address In Stack :

From Address : 0x9287e000

To Address : 0x92895000

Size : 0x00017000

Time Stamp : 0x4da70bb7

Time String : 4/14/2011 9:59:03 AM

Product Name : Microsoft® Windows® Operating System

File Description : DFS Namespace Client Driver

File Version : 6.0.6002.18451 (vistasp2_gdr.110414-0338)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\dfsc.sys

==================================================

==================================================

Filename : BHDrvx86.sys

Address In Stack :

From Address : 0x92895000

To Address : 0x9298b000

Size : 0x000f6000

Time Stamp : 0x5080c48d

Time String : 10/18/2012 10:10:05 PM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : crashdmp.sys

Address In Stack :

From Address : 0x9298b000

To Address : 0x92998000

Size : 0x0000d000

Time Stamp : 0x49e01ef0

Time String : 4/10/2009 11:39:12 PM

Product Name : Microsoft® Windows® Operating System

File Description : Crash Dump Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\crashdmp.sys

==================================================

==================================================

Filename : dump_diskdump.sys

Address In Stack :

From Address : 0x92998000

To Address : 0x929a2000

Size : 0x0000a000

Time Stamp : 0x49e01eef

Time String : 4/10/2009 11:39:11 PM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : dump_nvstor32.sys

Address In Stack :

From Address : 0x929a2000

To Address : 0x929bf000

Size : 0x0001d000

Time Stamp : 0x46bb58d8

Time String : 8/9/2007 1:11:36 PM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : win32k.sys

Address In Stack :

From Address : 0x81440000

To Address : 0x81645000

Size : 0x00205000

Time Stamp : 0x00000000

Time String :

Product Name : Microsoft® Windows® Operating System

File Description : Multi-User Win32 Driver

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\win32k.sys

==================================================

==================================================

Filename : Dxapi.sys

Address In Stack :

From Address : 0x929bf000

To Address : 0x929c9000

Size : 0x0000a000

Time Stamp : 0x47918c4c

Time String : 1/19/2008 12:36:12 AM

Product Name : Microsoft® Windows® Operating System

File Description : DirectX API Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\Dxapi.sys

==================================================

==================================================

Filename : monitor.sys

Address In Stack :

From Address : 0x929c9000

To Address : 0x929d8000

Size : 0x0000f000

Time Stamp : 0x47919013

Time String : 1/19/2008 12:52:19 AM

Product Name : Microsoft® Windows® Operating System

File Description : Monitor Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\monitor.sys

==================================================

==================================================

Filename : TSDDD.dll

Address In Stack :

From Address : 0x81660000

To Address : 0x81669000

Size : 0x00009000

Time Stamp : 0x00000000

Time String :

Product Name : Microsoft® Windows® Operating System

File Description : Framebuffer Display Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\TSDDD.dll

==================================================

==================================================

Filename : cdd.dll

Address In Stack :

From Address : 0x81680000

To Address : 0x8168e000

Size : 0x0000e000

Time Stamp : 0x00000000

Time String :

Product Name : Microsoft® Windows® Operating System

File Description : Canonical Display Driver

File Version : 7.0.6002.22573 (vistasp2_ldr.110120-0254)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\cdd.dll

==================================================

==================================================

Filename : luafv.sys

Address In Stack :

From Address : 0x929d8000

To Address : 0x929f3000

Size : 0x0001b000

Time Stamp : 0x47918afb

Time String : 1/19/2008 12:30:35 AM

Product Name : Microsoft® Windows® Operating System

File Description : LUA File Virtualization Filter Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\luafv.sys

==================================================

==================================================

Filename : WudfPf.sys

Address In Stack :

From Address : 0x919c3000

To Address : 0x919d5000

Size : 0x00012000

Time Stamp : 0x47919031

Time String : 1/19/2008 12:52:49 AM

Product Name : Microsoft® Windows® Operating System

File Description : Windows Driver Foundation - User-mode Driver Framework Platform Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\WudfPf.sys

==================================================

==================================================

Filename : spsys.sys

Address In Stack :

From Address : 0xa0002000

To Address : 0xa00b2000

Size : 0x000b0000

Time Stamp : 0x49b69f04

Time String : 3/10/2009 12:10:28 PM

Product Name : Microsoft® Windows® Operating System

File Description : security processor

File Version : 6.0.6002.17040 (longhorn(sepbld-s).090310-1002)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\spsys.sys

==================================================

==================================================

Filename : RMCAST.sys

Address In Stack :

From Address : 0xa00b2000

To Address : 0xa00e2000

Size : 0x00030000

Time Stamp : 0x49e02064

Time String : 4/10/2009 11:45:24 PM

Product Name : Microsoft® Windows® Operating System

File Description : Reliable Multicast Transport

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\RMCAST.sys

==================================================

==================================================

Filename : lltdio.sys

Address In Stack :

From Address : 0xa00e2000

To Address : 0xa00f2000

Size : 0x00010000

Time Stamp : 0x479190b7

Time String : 1/19/2008 12:55:03 AM

Product Name : Microsoft® Windows® Operating System

File Description : Link-Layer Topology Mapper I/O Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\lltdio.sys

==================================================

==================================================

Filename : rspndr.sys

Address In Stack :

From Address : 0xa00f2000

To Address : 0xa0105000

Size : 0x00013000

Time Stamp : 0x479190b7

Time String : 1/19/2008 12:55:03 AM

Product Name : Microsoft® Windows® Operating System

File Description : Link-Layer Topology Responder Driver for NDIS 6

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\rspndr.sys

==================================================

==================================================

Filename : srvnet.sys

Address In Stack :

From Address : 0xa0105000

To Address : 0xa0122000

Size : 0x0001d000

Time Stamp : 0x4dbabc34

Time String : 4/29/2011 8:25:08 AM

Product Name : Microsoft® Windows® Operating System

File Description : Server Network driver

File Version : 6.0.6002.18462 (vistasp2_gdr.110429-0338)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\srvnet.sys

==================================================

==================================================

Filename : bowser.sys

Address In Stack :

From Address : 0xa0122000

To Address : 0xa013b000

Size : 0x00019000

Time Stamp : 0x4d63b8ea

Time String : 2/22/2011 8:23:54 AM

Product Name : Microsoft® Windows® Operating System

File Description : NT Lan Manager Datagram Receiver Driver

File Version : 6.0.6002.18409 (vistasp2_gdr.110222-0237)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\bowser.sys

==================================================

==================================================

Filename : mpsdrv.sys

Address In Stack :

From Address : 0xa013b000

To Address : 0xa0150000

Size : 0x00015000

Time Stamp : 0x479190a5

Time String : 1/19/2008 12:54:45 AM

Product Name : Microsoft® Windows® Operating System

File Description : Microsoft Protection Service Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\mpsdrv.sys

==================================================

==================================================

Filename : mrxdav.sys

Address In Stack :

From Address : 0xa0150000

To Address : 0xa0171000

Size : 0x00021000

Time Stamp : 0x49e0192f

Time String : 4/10/2009 11:14:39 PM

Product Name : Microsoft® Windows® Operating System

File Description : Windows NT WebDav Minirdr

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\mrxdav.sys

==================================================

==================================================

Filename : mrxsmb.sys

Address In Stack :

From Address : 0xa0171000

To Address : 0xa0190000

Size : 0x0001f000

Time Stamp : 0x4dbabc17

Time String : 4/29/2011 8:24:39 AM

Product Name : Microsoft® Windows® Operating System

File Description : Windows NT SMB Minirdr

File Version : 6.0.6002.18462 (vistasp2_gdr.110429-0338)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\mrxsmb.sys

==================================================

==================================================

Filename : mrxsmb10.sys

Address In Stack :

From Address : 0xa0190000

To Address : 0xa01c9000

Size : 0x00039000

Time Stamp : 0x4e147fe2

Time String : 7/6/2011 10:31:46 AM

Product Name : Microsoft® Windows® Operating System

File Description : Longhorn SMB Downlevel SubRdr

File Version : 6.0.6002.18490 (vistasp2_gdr.110706-0539)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\mrxsmb10.sys

==================================================

==================================================

Filename : mrxsmb20.sys

Address In Stack :

From Address : 0xa01c9000

To Address : 0xa01e1000

Size : 0x00018000

Time Stamp : 0x4dbabc19

Time String : 4/29/2011 8:24:41 AM

Product Name : Microsoft® Windows® Operating System

File Description : Longhorn SMB 2.0 Redirector

File Version : 6.0.6002.18462 (vistasp2_gdr.110429-0338)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\mrxsmb20.sys

==================================================

==================================================

Filename : srv2.sys

Address In Stack :

From Address : 0x919d5000

To Address : 0x919fd000

Size : 0x00028000

Time Stamp : 0x4dbabc35

Time String : 4/29/2011 8:25:09 AM

Product Name : Microsoft® Windows® Operating System

File Description : Smb 2.0 Server driver

File Version : 6.0.6002.18462 (vistasp2_gdr.110429-0338)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\srv2.sys

==================================================

==================================================

Filename : srv.sys

Address In Stack :

From Address : 0xa080f000

To Address : 0xa085e000

Size : 0x0004f000

Time Stamp : 0x4d5e7c30

Time String : 2/18/2011 9:03:28 AM

Product Name : Microsoft® Windows® Operating System

File Description : Server driver

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\srv.sys

==================================================

==================================================

Filename : HTTP.sys

Address In Stack :

From Address : 0xa085e000

To Address : 0xa08cb000

Size : 0x0006d000

Time Stamp : 0x4b804bcb

Time String : 2/20/2010 3:53:31 PM

Product Name : Microsoft® Windows® Operating System

File Description : HTTP Protocol Stack

File Version : 6.0.6002.18136 (vistasp2_gdr.091102-2300)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\HTTP.sys

==================================================

==================================================

Filename : mdmxsdk.sys

Address In Stack :

From Address : 0xa08cb000

To Address : 0xa08ce180

Size : 0x00003180

Time Stamp : 0x449716a3

Time String : 6/19/2006 4:26:59 PM

Product Name : Diagnostic Interface x86 Driver

File Description : Diagnostic Interface x86 Driver

File Version : 1.0.2.012

Company : Conexant

Full Path : C:\Windows\system32\drivers\mdmxsdk.sys

==================================================

==================================================

Filename : peauth.sys

Address In Stack :

From Address : 0xa08cf000

To Address : 0xa09ad000

Size : 0x000de000

Time Stamp : 0x453c8384

Time String : 10/23/2006 3:55:32 AM

Product Name : Microsoft® Windows® Operating System

File Description : Protected Environment Authentication and Authorization Export Driver

File Version : 6.0.5840.16385 (VISTA_RTM_CLIENT_akaDMD.061022-1800)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\peauth.sys

==================================================

==================================================

Filename : secdrv.SYS

Address In Stack :

From Address : 0xa09ad000

To Address : 0xa09b7000

Size : 0x0000a000

Time Stamp : 0x45080528

Time String : 9/13/2006 8:18:32 AM

Product Name : Macrovision SECURITY Driver

File Description : Macrovision SECURITY Driver

File Version : 4.03.086

Company : Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.

Full Path : C:\Windows\system32\drivers\secdrv.SYS

==================================================

==================================================

Filename : tcpipreg.sys

Address In Stack :

From Address : 0xa09b7000

To Address : 0xa09c3000

Size : 0x0000c000

Time Stamp : 0x4b1e8c3a

Time String : 12/8/2009 12:26:18 PM

Product Name : Microsoft® Windows® Operating System

File Description : TCP/IP Registry Compatibility Driver

File Version : 6.0.6002.18160 (vistasp2_gdr.091208-0542)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\tcpipreg.sys

==================================================

==================================================

Filename : fastfat.SYS

Address In Stack :

From Address : 0xa09c3000

To Address : 0xa09eb000

Size : 0x00028000

Time Stamp : 0x49e01900

Time String : 4/10/2009 11:13:52 PM

Product Name : Microsoft® Windows® Operating System

File Description : Fast FAT File System Driver

File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\fastfat.SYS

==================================================

==================================================

Filename : xaudio.sys

Address In Stack :

From Address : 0xa09eb000

To Address : 0xa09f3000

Size : 0x00008000

Time Stamp : 0x44d3e8ad

Time String : 8/4/2006 7:39:09 PM

Product Name : SoftK56 Modem Driver

File Description : Modem Audio Device Driver

File Version : 1.00.00 built by: WinDDK

Company : Conexant Systems, Inc.

Full Path : C:\Windows\system32\drivers\xaudio.sys

==================================================

==================================================

Filename : ipnat.sys

Address In Stack :

From Address : 0x881c9000

To Address : 0x881ef000

Size : 0x00026000

Time Stamp : 0x4791910c

Time String : 1/19/2008 12:56:28 AM

Product Name : Microsoft® Windows® Operating System

File Description : IP Network Address Translator

File Version : 6.0.6000.16386 (vista_rtm.061101-2205)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\ipnat.sys

==================================================

==================================================

Filename : SRTSP.SYS

Address In Stack :

From Address : 0xa660d000

To Address : 0xa66a1000

Size : 0x00094000

Time Stamp : 0x4ff1e57b

Time String : 7/2/2012 1:16:27 PM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : cdfs.sys

Address In Stack :

From Address : 0xa6d92000

To Address : 0xa6da8000

Size : 0x00016000

Time Stamp : 0x47918a62

Time String : 1/19/2008 12:28:02 AM

Product Name : Microsoft® Windows® Operating System

File Description : CD-ROM File System Driver

File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)

Company : Microsoft Corporation

Full Path : C:\Windows\system32\drivers\cdfs.sys

==================================================

==================================================

Filename : mbam.sys

Address In Stack :

From Address : 0xa6dbd000

To Address : 0xa6dc0a00

Size : 0x00003a00

Time Stamp : 0x50326aa7

Time String : 8/20/2012 11:49:43 AM

Product Name : Malwarebytes Anti-Malware

File Description : Malwarebytes Anti-Malware

File Version : 1.60.2.0000 built by: WinDDK

Company : Malwarebytes Corporation

Full Path : C:\Windows\system32\drivers\mbam.sys

==================================================

==================================================

Filename : PROCEXP113.SYS

Address In Stack :

From Address : 0xa6dd8000

To Address : 0xa6dd9ec0

Size : 0x00001ec0

Time Stamp : 0x490f69b1

Time String : 11/3/2008 4:14:25 PM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : catchme.sys

Address In Stack :

From Address : 0xa6dda000

To Address : 0xa6de1c00

Size : 0x00007c00

Time Stamp : 0x49d3495d

Time String : 4/1/2009 6:00:45 AM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : NAVEX15.SYS

Address In Stack :

From Address : 0xa6c00000

To Address : 0xa6d85400

Size : 0x00185400

Time Stamp : 0x5047c78b

Time String : 9/5/2012 4:43:39 PM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : NAVENG.SYS

Address In Stack :

From Address : 0xa6da8000

To Address : 0xa6dbcf80

Size : 0x00014f80

Time Stamp : 0x5047c7ff

Time String : 9/5/2012 4:45:35 PM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : IDSvix86.sys

Address In Stack :

From Address : 0xa6704000

To Address : 0xa6767000

Size : 0x00063000

Time Stamp : 0x503d82ed

Time String : 8/28/2012 9:48:13 PM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

==================================================

Filename : mbr.sys

Address In Stack :

From Address : 0xa6dc1000

To Address : 0xa6dc7200

Size : 0x00006200

Time Stamp : 0x4cd665da

Time String : 11/7/2010 3:39:54 AM

Product Name :

File Description :

File Version :

Company :

Full Path :

==================================================

Link to post
Share on other sites

the post was too long so i had to split it up....here's the rest

20:03:46.0536 4080 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

20:03:48.0548 4080 ============================================================

20:03:48.0548 4080 Current date / time: 2012/12/19 20:03:48.0548

20:03:48.0548 4080 SystemInfo:

20:03:48.0548 4080

20:03:48.0548 4080 OS Version: 6.0.6002 ServicePack: 2.0

20:03:48.0548 4080 Product type: Workstation

20:03:48.0548 4080 ComputerName: CATHY-PC

20:03:48.0548 4080 UserName: Catherine

20:03:48.0548 4080 Windows directory: C:\Windows

20:03:48.0548 4080 System windows directory: C:\Windows

20:03:48.0548 4080 Processor architecture: Intel x86

20:03:48.0548 4080 Number of processors: 2

20:03:48.0548 4080 Page size: 0x1000

20:03:48.0548 4080 Boot type: Normal boot

20:03:48.0548 4080 ============================================================

20:04:11.0405 4080 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

20:04:11.0421 4080 ============================================================

20:04:11.0421 4080 \Device\Harddisk0\DR0:

20:04:11.0421 4080 MBR partitions:

20:04:11.0421 4080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1400000

20:04:11.0421 4080 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1414000, BlocksNum 0x1BD94800

20:04:11.0421 4080 ============================================================

20:04:12.0606 4080 C: <-> \Device\Harddisk0\DR0\Partition2

20:04:13.0168 4080 D: <-> \Device\Harddisk0\DR0\Partition1

20:04:14.0432 4080 ============================================================

20:04:14.0432 4080 Initialize success

20:04:14.0432 4080 ============================================================

20:04:37.0972 2292 ============================================================

20:04:37.0972 2292 Scan started

20:04:37.0972 2292 Mode: Manual;

20:04:37.0972 2292 ============================================================

20:04:39.0080 2292 ================ Scan system memory ========================

20:04:39.0080 2292 System memory - ok

20:04:39.0095 2292 ================ Scan services =============================

20:04:39.0860 2292 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

20:04:39.0860 2292 ACPI - ok

20:04:39.0922 2292 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

20:04:39.0922 2292 adp94xx - ok

20:04:39.0953 2292 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys

20:04:39.0969 2292 adpahci - ok

20:04:40.0016 2292 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

20:04:40.0016 2292 adpu160m - ok

20:04:40.0047 2292 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys

20:04:40.0047 2292 adpu320 - ok

20:04:40.0125 2292 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

20:04:40.0125 2292 AeLookupSvc - ok

20:04:40.0187 2292 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

20:04:40.0187 2292 AFD - ok

20:04:40.0234 2292 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys

20:04:40.0234 2292 agp440 - ok

20:04:40.0281 2292 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

20:04:40.0281 2292 aic78xx - ok

20:04:40.0515 2292 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

20:04:40.0624 2292 ALG - ok

20:04:40.0655 2292 [ 5C42A992E68724D2CD3DDB4FC3B0409F ] aliide C:\Windows\system32\drivers\aliide.sys

20:04:40.0655 2292 aliide - ok

20:04:40.0764 2292 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys

20:04:40.0764 2292 amdagp - ok

20:04:40.0796 2292 [ 849DFACDDE533DA5D1810F0CAF84EB19 ] amdide C:\Windows\system32\drivers\amdide.sys

20:04:40.0811 2292 amdide - ok

20:04:40.0842 2292 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

20:04:40.0842 2292 AmdK7 - ok

20:04:40.0874 2292 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

20:04:40.0874 2292 AmdK8 - ok

20:04:40.0936 2292 [ DFAE18C675D71FD06D57DC69D2913975 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll

20:04:40.0936 2292 AppHostSvc - ok

20:04:40.0983 2292 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

20:04:40.0983 2292 Appinfo - ok

20:04:41.0139 2292 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:04:41.0139 2292 Apple Mobile Device - ok

20:04:41.0217 2292 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys

20:04:41.0217 2292 arc - ok

20:04:41.0326 2292 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys

20:04:41.0326 2292 arcsas - ok

20:04:41.0451 2292 [ 2FE0D5DB69014980A970D3BF9A85D2B1 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

20:04:41.0466 2292 aspnet_state - ok

20:04:41.0638 2292 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

20:04:41.0638 2292 AsyncMac - ok

20:04:41.0669 2292 [ 9E7E85EC61D1C9C3171CC08427108863 ] atapi C:\Windows\system32\drivers\atapi.sys

20:04:41.0669 2292 atapi - ok

20:04:41.0716 2292 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

20:04:41.0732 2292 AudioEndpointBuilder - ok

20:04:41.0747 2292 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

20:04:41.0747 2292 Audiosrv - ok

20:04:41.0919 2292 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe

20:04:41.0934 2292 BBSvc - ok

20:04:41.0966 2292 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe

20:04:41.0966 2292 BBUpdate - ok

20:04:42.0012 2292 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys

20:04:42.0012 2292 bcm4sbxp - ok

20:04:42.0137 2292 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

20:04:42.0137 2292 Beep - ok

20:04:42.0278 2292 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

20:04:42.0309 2292 BFE - ok

20:04:42.0761 2292 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx86.sys

20:04:42.0777 2292 BHDrvx86 - ok

20:04:42.0980 2292 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll

20:04:43.0011 2292 BITS - ok

20:04:43.0026 2292 blbdrive - ok

20:04:43.0229 2292 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

20:04:43.0245 2292 Bonjour Service - ok

20:04:43.0276 2292 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

20:04:43.0276 2292 bowser - ok

20:04:43.0323 2292 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

20:04:43.0323 2292 BrFiltLo - ok

20:04:43.0338 2292 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

20:04:43.0354 2292 BrFiltUp - ok

20:04:43.0510 2292 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

20:04:43.0619 2292 Browser - ok

20:04:43.0744 2292 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

20:04:43.0760 2292 Brserid - ok

20:04:43.0806 2292 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

20:04:43.0806 2292 BrSerWdm - ok

20:04:43.0931 2292 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

20:04:43.0931 2292 BrUsbMdm - ok

20:04:43.0978 2292 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

20:04:43.0978 2292 BrUsbSer - ok

20:04:44.0025 2292 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

20:04:44.0025 2292 BTHMODEM - ok

20:04:44.0087 2292 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS

20:04:44.0087 2292 BVRPMPR5 - ok

20:04:44.0243 2292 catchme - ok

20:04:44.0352 2292 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\Windows\system32\drivers\N360\0604000.009\ccSetx86.sys

20:04:44.0368 2292 ccSet_N360 - ok

20:04:44.0430 2292 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

20:04:44.0430 2292 cdfs - ok

20:04:44.0477 2292 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

20:04:44.0493 2292 cdrom - ok

20:04:44.0618 2292 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

20:04:44.0618 2292 CertPropSvc - ok

20:04:44.0727 2292 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys

20:04:44.0727 2292 circlass - ok

20:04:44.0774 2292 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

20:04:44.0774 2292 CLFS - ok

20:04:44.0820 2292 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:04:44.0914 2292 clr_optimization_v2.0.50727_32 - ok

20:04:44.0945 2292 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:04:44.0945 2292 clr_optimization_v4.0.30319_32 - ok

20:04:44.0976 2292 [ DE11A06E187756ECB86CFA82DAC40FF7 ] cmdide C:\Windows\system32\drivers\cmdide.sys

20:04:44.0976 2292 cmdide - ok

20:04:45.0008 2292 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

20:04:45.0008 2292 Compbatt - ok

20:04:45.0023 2292 COMSysApp - ok

20:04:45.0117 2292 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

20:04:45.0117 2292 crcdisk - ok

20:04:45.0132 2292 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys

20:04:45.0132 2292 Crusoe - ok

20:04:45.0179 2292 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll

20:04:45.0195 2292 CryptSvc - ok

20:04:45.0273 2292 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

20:04:45.0288 2292 DcomLaunch - ok

20:04:45.0320 2292 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

20:04:45.0335 2292 DfsC - ok

20:04:45.0476 2292 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

20:04:45.0600 2292 DFSR - ok

20:04:45.0647 2292 [ F9F31A9F2A8C0DD0CEB6E380BF0985D4 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys

20:04:45.0647 2292 dg_ssudbus - ok

20:04:45.0710 2292 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

20:04:45.0710 2292 Dhcp - ok

20:04:45.0772 2292 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

20:04:45.0772 2292 disk - ok

20:04:45.0788 2292 dlcx_device - ok

20:04:45.0834 2292 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll

20:04:45.0834 2292 Dnscache - ok

20:04:45.0881 2292 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

20:04:45.0975 2292 dot3svc - ok

20:04:46.0006 2292 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

20:04:46.0022 2292 DPS - ok

20:04:46.0053 2292 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

20:04:46.0053 2292 drmkaud - ok

20:04:46.0209 2292 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

20:04:46.0224 2292 DXGKrnl - ok

20:04:46.0271 2292 [ 7505290504C8E2D172FA378CC0497BCC ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys

20:04:46.0287 2292 e1express - ok

20:04:46.0318 2292 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

20:04:46.0318 2292 E1G60 - ok

20:04:46.0552 2292 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

20:04:46.0661 2292 EapHost - ok

20:04:46.0708 2292 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

20:04:46.0708 2292 Ecache - ok

20:04:46.0755 2292 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

20:04:46.0770 2292 eeCtrl - ok

20:04:46.0848 2292 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

20:04:46.0864 2292 ehRecvr - ok

20:04:46.0895 2292 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe

20:04:46.0911 2292 ehSched - ok

20:04:46.0926 2292 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll

20:04:46.0926 2292 ehstart - ok

20:04:47.0114 2292 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys

20:04:47.0114 2292 elxstor - ok

20:04:47.0379 2292 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

20:04:47.0394 2292 EMDMgmt - ok

20:04:47.0472 2292 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

20:04:47.0472 2292 EraserUtilRebootDrv - ok

20:04:47.0550 2292 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

20:04:47.0582 2292 EventSystem - ok

20:04:47.0644 2292 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

20:04:47.0660 2292 exfat - ok

20:04:47.0706 2292 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

20:04:47.0706 2292 fastfat - ok

20:04:47.0738 2292 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

20:04:47.0738 2292 fdc - ok

20:04:47.0784 2292 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

20:04:47.0800 2292 fdPHost - ok

20:04:47.0816 2292 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

20:04:47.0816 2292 FDResPub - ok

20:04:47.0847 2292 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

20:04:47.0862 2292 FileInfo - ok

20:04:47.0987 2292 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

20:04:48.0003 2292 Filetrace - ok

20:04:48.0018 2292 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

20:04:48.0018 2292 flpydisk - ok

20:04:48.0050 2292 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

20:04:48.0065 2292 FltMgr - ok

20:04:48.0237 2292 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll

20:04:48.0330 2292 FontCache - ok

20:04:48.0455 2292 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

20:04:48.0455 2292 FontCache3.0.0.0 - ok

20:04:48.0533 2292 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

20:04:48.0549 2292 Fs_Rec - ok

20:04:48.0674 2292 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

20:04:48.0689 2292 gagp30kx - ok

20:04:48.0720 2292 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys

20:04:48.0720 2292 GEARAspiWDM - ok

20:04:48.0814 2292 [ 8F6AE606EB0CC884EE12C41948424422 ] GoToAssist C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe

20:04:48.0830 2292 GoToAssist - ok

20:04:48.0908 2292 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

20:04:48.0908 2292 gpsvc - ok

20:04:49.0048 2292 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

20:04:49.0157 2292 gusvc - ok

20:04:49.0313 2292 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

20:04:49.0594 2292 HdAudAddService - ok

20:04:49.0906 2292 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

20:04:50.0046 2292 HDAudBus - ok

20:04:50.0171 2292 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

20:04:50.0187 2292 HidBth - ok

20:04:50.0421 2292 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

20:04:50.0421 2292 HidIr - ok

20:04:50.0468 2292 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll

20:04:50.0468 2292 hidserv - ok

20:04:50.0639 2292 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

20:04:50.0639 2292 HidUsb - ok

20:04:50.0702 2292 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

20:04:50.0733 2292 hkmsvc - ok

20:04:50.0842 2292 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

20:04:50.0842 2292 HpCISSs - ok

20:04:51.0045 2292 [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys

20:04:51.0060 2292 HSF_DPV - ok

20:04:51.0450 2292 [ ED98350ECD4A5A9C9F1E641C09872BB2 ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys

20:04:51.0450 2292 HSXHWBS2 - ok

20:04:51.0466 2292 HTCAND32 - ok

20:04:51.0669 2292 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys

20:04:51.0669 2292 HTTP - ok

20:04:51.0700 2292 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys

20:04:51.0700 2292 i2omp - ok

20:04:51.0747 2292 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

20:04:51.0747 2292 i8042prt - ok

20:04:51.0809 2292 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

20:04:51.0809 2292 iaStorV - ok

20:04:51.0918 2292 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

20:04:51.0934 2292 IDriverT - ok

20:04:52.0043 2292 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:04:52.0059 2292 idsvc - ok

20:04:52.0168 2292 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121218.001\IDSvix86.sys

20:04:52.0464 2292 IDSVix86 - ok

20:04:52.0589 2292 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

20:04:52.0589 2292 iirsp - ok

20:04:53.0213 2292 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

20:04:53.0588 2292 IKEEXT - ok

20:04:53.0837 2292 [ 1B16626BEAE3A52E611FC681CD796F86 ] intelide C:\Windows\system32\drivers\intelide.sys

20:04:53.0837 2292 intelide - ok

20:04:53.0962 2292 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

20:04:53.0978 2292 intelppm - ok

20:04:54.0149 2292 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

20:04:54.0243 2292 IPBusEnum - ok

20:04:54.0399 2292 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:04:54.0399 2292 IpFilterDriver - ok

20:04:54.0648 2292 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

20:04:54.0882 2292 iphlpsvc - ok

20:04:54.0898 2292 IpInIp - ok

20:04:55.0148 2292 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

20:04:55.0163 2292 IPMIDRV - ok

20:04:55.0569 2292 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

20:04:55.0694 2292 IPNAT - ok

20:04:55.0772 2292 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

20:04:55.0772 2292 IRENUM - ok

20:04:55.0834 2292 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys

20:04:55.0834 2292 isapnp - ok

20:04:56.0130 2292 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

20:04:56.0396 2292 iScsiPrt - ok

20:04:56.0520 2292 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

20:04:56.0536 2292 iteatapi - ok

20:04:56.0552 2292 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

20:04:56.0552 2292 iteraid - ok

20:04:56.0801 2292 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

20:04:56.0801 2292 kbdclass - ok

20:04:56.0957 2292 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

20:04:56.0957 2292 kbdhid - ok

20:04:57.0176 2292 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

20:04:57.0191 2292 KeyIso - ok

20:04:57.0550 2292 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

20:04:57.0566 2292 KSecDD - ok

20:04:57.0612 2292 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

20:04:57.0628 2292 KtmRm - ok

20:04:57.0753 2292 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll

20:04:57.0862 2292 LanmanServer - ok

20:04:57.0909 2292 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

20:04:57.0924 2292 LanmanWorkstation - ok

20:04:57.0971 2292 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

20:04:57.0971 2292 lltdio - ok

20:04:58.0018 2292 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

20:04:58.0112 2292 lltdsvc - ok

20:04:58.0236 2292 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

20:04:58.0252 2292 lmhosts - ok

20:04:58.0283 2292 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

20:04:58.0283 2292 LSI_FC - ok

20:04:58.0314 2292 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

20:04:58.0314 2292 LSI_SAS - ok

20:04:58.0439 2292 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

20:04:58.0439 2292 LSI_SCSI - ok

20:04:58.0486 2292 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

20:04:58.0486 2292 luafv - ok

20:04:58.0548 2292 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

20:04:58.0548 2292 MBAMProtector - ok

20:04:58.0751 2292 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

20:04:58.0751 2292 MBAMScheduler - ok

20:04:58.0970 2292 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

20:04:58.0985 2292 MBAMService - ok

20:04:59.0079 2292 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

20:04:59.0079 2292 Mcx2Svc - ok

20:04:59.0110 2292 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

20:04:59.0126 2292 mdmxsdk - ok

20:04:59.0141 2292 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys

20:04:59.0141 2292 megasas - ok

20:04:59.0172 2292 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

20:04:59.0188 2292 MMCSS - ok

20:04:59.0219 2292 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

20:04:59.0219 2292 Modem - ok

20:04:59.0250 2292 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

20:04:59.0250 2292 monitor - ok

20:04:59.0375 2292 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

20:04:59.0375 2292 mouclass - ok

20:04:59.0500 2292 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

20:04:59.0500 2292 mouhid - ok

20:04:59.0531 2292 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

20:04:59.0531 2292 MountMgr - ok

20:04:59.0562 2292 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys

20:04:59.0562 2292 mpio - ok

20:04:59.0640 2292 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

20:04:59.0640 2292 mpsdrv - ok

20:04:59.0765 2292 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll

20:04:59.0796 2292 MpsSvc - ok

20:04:59.0828 2292 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

20:04:59.0828 2292 Mraid35x - ok

20:04:59.0952 2292 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

20:04:59.0952 2292 MRxDAV - ok

20:05:00.0015 2292 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

20:05:00.0015 2292 mrxsmb - ok

20:05:00.0171 2292 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:05:00.0186 2292 mrxsmb10 - ok

20:05:00.0202 2292 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:05:00.0202 2292 mrxsmb20 - ok

20:05:00.0233 2292 [ 0D1C042188FFE61A702A9DF5944DE5BA ] msahci C:\Windows\system32\drivers\msahci.sys

20:05:00.0233 2292 msahci - ok

20:05:00.0264 2292 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys

20:05:00.0264 2292 msdsm - ok

20:05:00.0311 2292 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

20:05:00.0405 2292 MSDTC - ok

20:05:00.0467 2292 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

20:05:00.0467 2292 Msfs - ok

20:05:00.0498 2292 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

20:05:00.0498 2292 msisadrv - ok

20:05:00.0826 2292 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

20:05:00.0842 2292 MSiSCSI - ok

20:05:00.0842 2292 msiserver - ok

20:05:00.0888 2292 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

20:05:00.0888 2292 MSKSSRV - ok

20:05:00.0951 2292 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

20:05:00.0966 2292 MSPCLOCK - ok

20:05:01.0013 2292 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

20:05:01.0013 2292 MSPQM - ok

20:05:01.0154 2292 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

20:05:01.0154 2292 MsRPC - ok

20:05:01.0185 2292 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

20:05:01.0185 2292 mssmbios - ok

20:05:01.0310 2292 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

20:05:01.0310 2292 MSTEE - ok

20:05:01.0341 2292 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

20:05:01.0341 2292 Mup - ok

20:05:02.0043 2292 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe

20:05:02.0043 2292 N360 - ok

20:05:02.0121 2292 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

20:05:02.0261 2292 napagent - ok

20:05:02.0292 2292 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

20:05:02.0292 2292 NativeWifiP - ok

20:05:02.0370 2292 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121218.020\NAVENG.SYS

20:05:02.0402 2292 NAVENG - ok

20:05:02.0480 2292 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121218.020\NAVEX15.SYS

20:05:02.0511 2292 NAVEX15 - ok

20:05:03.0072 2292 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

20:05:03.0088 2292 NDIS - ok

20:05:03.0119 2292 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

20:05:03.0119 2292 NdisTapi - ok

20:05:03.0353 2292 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

20:05:03.0353 2292 Ndisuio - ok

20:05:03.0494 2292 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

20:05:03.0494 2292 NdisWan - ok

20:05:03.0790 2292 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

20:05:03.0930 2292 NDProxy - ok

20:05:04.0149 2292 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

20:05:04.0164 2292 NetBIOS - ok

20:05:04.0242 2292 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

20:05:04.0352 2292 netbt - ok

20:05:04.0367 2292 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

20:05:04.0367 2292 Netlogon - ok

20:05:04.0601 2292 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

20:05:04.0617 2292 Netman - ok

20:05:04.0944 2292 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

20:05:04.0960 2292 NetMsmqActivator - ok

20:05:04.0976 2292 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

20:05:04.0976 2292 NetPipeActivator - ok

20:05:05.0178 2292 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

20:05:05.0194 2292 netprofm - ok

20:05:05.0210 2292 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

20:05:05.0210 2292 NetTcpActivator - ok

20:05:05.0225 2292 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

20:05:05.0225 2292 NetTcpPortSharing - ok

20:05:05.0334 2292 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

20:05:05.0334 2292 nfrd960 - ok

20:05:05.0381 2292 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

20:05:05.0381 2292 NlaSvc - ok

20:05:05.0412 2292 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

20:05:05.0412 2292 Npfs - ok

20:05:05.0537 2292 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

20:05:05.0537 2292 nsi - ok

20:05:05.0568 2292 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

20:05:05.0568 2292 nsiproxy - ok

20:05:05.0631 2292 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

20:05:05.0662 2292 Ntfs - ok

20:05:05.0771 2292 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

20:05:05.0912 2292 ntrigdigi - ok

20:05:05.0927 2292 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

20:05:05.0927 2292 Null - ok

20:05:06.0114 2292 [ B02587FA997723297384C95F424E78FA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:05:06.0302 2292 nvlddmkm - ok

20:05:06.0473 2292 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys

20:05:06.0473 2292 nvraid - ok

20:05:06.0598 2292 [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys

20:05:06.0598 2292 nvstor - ok

20:05:06.0707 2292 [ DC5F166422BEEBF195E3E4BB8AB4EE22 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys

20:05:06.0707 2292 nvstor32 - ok

20:05:06.0848 2292 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

20:05:06.0972 2292 nv_agp - ok

20:05:06.0972 2292 NwlnkFlt - ok

20:05:06.0988 2292 NwlnkFwd - ok

20:05:07.0503 2292 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:05:07.0518 2292 odserv - ok

20:05:07.0550 2292 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

20:05:07.0550 2292 ohci1394 - ok

20:05:07.0846 2292 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:05:07.0955 2292 ose - ok

20:05:08.0314 2292 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

20:05:08.0330 2292 p2pimsvc - ok

20:05:08.0454 2292 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

20:05:08.0470 2292 p2psvc - ok

20:05:08.0610 2292 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

20:05:08.0626 2292 Parport - ok

20:05:08.0735 2292 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

20:05:08.0735 2292 partmgr - ok

20:05:08.0766 2292 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

20:05:08.0782 2292 Parvdm - ok

20:05:08.0922 2292 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

20:05:08.0969 2292 PcaSvc - ok

20:05:09.0125 2292 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

20:05:09.0141 2292 pci - ok

20:05:09.0203 2292 [ 54D23DC5B5072311116826FDB7F6E83E ] pciide C:\Windows\system32\drivers\pciide.sys

20:05:09.0203 2292 pciide - ok

20:05:09.0328 2292 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

20:05:09.0344 2292 pcmcia - ok

20:05:09.0593 2292 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

20:05:09.0640 2292 PEAUTH - ok

20:05:09.0905 2292 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

20:05:10.0030 2292 pla - ok

20:05:10.0295 2292 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll

20:05:10.0326 2292 PlugPlay - ok

20:05:10.0404 2292 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

20:05:10.0420 2292 PNRPAutoReg - ok

20:05:10.0545 2292 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

20:05:10.0560 2292 PNRPsvc - ok

20:05:10.0810 2292 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

20:05:10.0950 2292 PolicyAgent - ok

20:05:11.0075 2292 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

20:05:11.0075 2292 PptpMiniport - ok

20:05:11.0169 2292 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys

20:05:11.0169 2292 Processor - ok

20:05:11.0356 2292 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

20:05:11.0372 2292 ProfSvc - ok

20:05:11.0418 2292 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

20:05:11.0418 2292 ProtectedStorage - ok

20:05:11.0621 2292 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

20:05:11.0652 2292 PSched - ok

20:05:11.0715 2292 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys

20:05:11.0730 2292 ql2300 - ok

20:05:12.0074 2292 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

20:05:12.0089 2292 ql40xx - ok

20:05:12.0308 2292 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

20:05:12.0323 2292 QWAVE - ok

20:05:12.0448 2292 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

20:05:12.0448 2292 QWAVEdrv - ok

20:05:12.0900 2292 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys

20:05:12.0947 2292 R300 - ok

20:05:13.0056 2292 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

20:05:13.0088 2292 RasAcd - ok

20:05:13.0134 2292 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

20:05:13.0134 2292 RasAuto - ok

20:05:13.0290 2292 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

20:05:13.0306 2292 Rasl2tp - ok

20:05:13.0353 2292 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

20:05:13.0353 2292 RasMan - ok

20:05:13.0384 2292 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

20:05:13.0384 2292 RasPppoe - ok

20:05:13.0415 2292 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

20:05:13.0415 2292 RasSstp - ok

20:05:13.0524 2292 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

20:05:13.0524 2292 rdbss - ok

20:05:13.0727 2292 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

20:05:13.0727 2292 RDPCDD - ok

20:05:13.0805 2292 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

20:05:13.0821 2292 rdpdr - ok

20:05:13.0946 2292 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

20:05:14.0055 2292 RDPENCDD - ok

20:05:14.0242 2292 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

20:05:14.0273 2292 RDPWD - ok

20:05:14.0304 2292 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

20:05:14.0304 2292 RemoteAccess - ok

20:05:14.0398 2292 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

20:05:14.0414 2292 RemoteRegistry - ok

20:05:14.0445 2292 [ EEC7EE5675294B03E88AA868540007C1 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys

20:05:14.0460 2292 RMCAST - ok

20:05:14.0585 2292 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

20:05:14.0585 2292 RpcLocator - ok

20:05:14.0772 2292 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

20:05:14.0788 2292 RpcSs - ok

20:05:14.0960 2292 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

20:05:14.0991 2292 rspndr - ok

20:05:15.0022 2292 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

20:05:15.0022 2292 SamSs - ok

20:05:15.0038 2292 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

20:05:15.0053 2292 sbp2port - ok

20:05:15.0069 2292 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

20:05:15.0084 2292 SCardSvr - ok

20:05:15.0474 2292 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

20:05:15.0506 2292 Schedule - ok

20:05:15.0662 2292 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

20:05:15.0662 2292 SCPolicySvc - ok

20:05:15.0724 2292 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

20:05:15.0724 2292 SDRSVC - ok

20:05:15.0755 2292 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

20:05:15.0755 2292 secdrv - ok

20:05:15.0896 2292 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

20:05:15.0911 2292 seclogon - ok

20:05:15.0927 2292 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll

20:05:15.0942 2292 SENS - ok

20:05:15.0958 2292 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys

20:05:15.0958 2292 Serenum - ok

20:05:15.0989 2292 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

20:05:15.0989 2292 Serial - ok

20:05:16.0005 2292 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

20:05:16.0005 2292 sermouse - ok

20:05:16.0036 2292 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

20:05:16.0052 2292 SessionEnv - ok

20:05:16.0083 2292 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

20:05:16.0083 2292 sffdisk - ok

20:05:16.0176 2292 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

20:05:16.0176 2292 sffp_mmc - ok

20:05:16.0192 2292 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

20:05:16.0192 2292 sffp_sd - ok

20:05:16.0286 2292 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

20:05:16.0301 2292 sfloppy - ok

20:05:16.0348 2292 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

20:05:16.0348 2292 SharedAccess - ok

20:05:16.0410 2292 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

20:05:16.0426 2292 ShellHWDetection - ok

20:05:16.0442 2292 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys

20:05:16.0442 2292 sisagp - ok

20:05:16.0457 2292 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

20:05:16.0457 2292 SiSRaid2 - ok

20:05:16.0488 2292 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

20:05:16.0488 2292 SiSRaid4 - ok

20:05:16.0707 2292 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

20:05:17.0128 2292 slsvc - ok

20:05:17.0237 2292 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

20:05:17.0237 2292 SLUINotify - ok

20:05:17.0268 2292 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

20:05:17.0268 2292 Smb - ok

20:05:17.0315 2292 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

20:05:17.0331 2292 SNMPTRAP - ok

20:05:17.0362 2292 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

20:05:17.0378 2292 spldr - ok

20:05:17.0409 2292 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

20:05:17.0424 2292 Spooler - ok

20:05:17.0456 2292 sprtsvc_dellsupportcenter - ok

20:05:17.0534 2292 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\N360\0604000.009\SRTSP.SYS

20:05:17.0549 2292 SRTSP - ok

20:05:17.0565 2292 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\N360\0604000.009\SRTSPX.SYS

20:05:17.0565 2292 SRTSPX - ok

20:05:17.0674 2292 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

20:05:17.0674 2292 srv - ok

20:05:17.0814 2292 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

20:05:17.0814 2292 srv2 - ok

20:05:17.0830 2292 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

20:05:17.0830 2292 srvnet - ok

20:05:17.0877 2292 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

20:05:17.0877 2292 SSDPSRV - ok

20:05:17.0924 2292 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

20:05:17.0955 2292 SstpSvc - ok

20:05:18.0080 2292 [ BCB4E273147AFCAFDFC0DA59AF9E6E25 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys

20:05:18.0080 2292 ssudmdm - ok

20:05:18.0126 2292 [ 9CEA131B5EB0EA653F6B3EA80B54956D ] STHDA C:\Windows\system32\drivers\stwrt.sys

20:05:18.0142 2292 STHDA - ok

20:05:18.0173 2292 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

20:05:18.0189 2292 stisvc - ok

20:05:18.0282 2292 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

20:05:18.0282 2292 swenum - ok

20:05:18.0314 2292 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

20:05:18.0345 2292 swprv - ok

20:05:18.0392 2292 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

20:05:18.0392 2292 Symc8xx - ok

20:05:18.0423 2292 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\N360\0604000.009\SYMDS.SYS

20:05:18.0438 2292 SymDS - ok

20:05:18.0735 2292 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\N360\0604000.009\SYMEFA.SYS

20:05:18.0844 2292 SymEFA - ok

20:05:18.0875 2292 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS

20:05:18.0891 2292 SymEvent - ok

20:05:18.0922 2292 [ 6E3AD51710CB4A27EA70ADF685FCA4CA ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys

20:05:19.0031 2292 SymIM - ok

20:05:19.0062 2292 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\N360\0604000.009\Ironx86.SYS

20:05:19.0062 2292 SymIRON - ok

20:05:19.0094 2292 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\System32\Drivers\N360\0604000.009\SYMTDIV.SYS

20:05:19.0109 2292 SYMTDIv - ok

20:05:19.0140 2292 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

20:05:19.0140 2292 Sym_hi - ok

20:05:19.0156 2292 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

20:05:19.0172 2292 Sym_u3 - ok

20:05:19.0203 2292 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll

20:05:19.0218 2292 SysMain - ok

20:05:19.0250 2292 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

20:05:19.0250 2292 TabletInputService - ok

20:05:19.0359 2292 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

20:05:19.0452 2292 TapiSrv - ok

20:05:19.0515 2292 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

20:05:19.0515 2292 TBS - ok

20:05:19.0577 2292 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

20:05:19.0593 2292 Tcpip - ok

20:05:19.0624 2292 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

20:05:19.0640 2292 Tcpip6 - ok

20:05:19.0811 2292 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

20:05:19.0811 2292 tcpipreg - ok

20:05:19.0920 2292 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

20:05:19.0920 2292 TDPIPE - ok

20:05:19.0967 2292 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

20:05:19.0983 2292 TDTCP - ok

20:05:20.0092 2292 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

20:05:20.0092 2292 tdx - ok

20:05:20.0123 2292 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

20:05:20.0123 2292 TermDD - ok

20:05:20.0170 2292 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

20:05:20.0279 2292 TermService - ok

20:05:20.0310 2292 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

20:05:20.0326 2292 Themes - ok

20:05:20.0342 2292 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

20:05:20.0342 2292 THREADORDER - ok

20:05:20.0373 2292 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

20:05:20.0373 2292 TrkWks - ok

20:05:20.0498 2292 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

20:05:20.0513 2292 TrustedInstaller - ok

20:05:20.0529 2292 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

20:05:20.0529 2292 tssecsrv - ok

20:05:20.0544 2292 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

20:05:20.0560 2292 tunmp - ok

20:05:20.0576 2292 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

20:05:20.0576 2292 tunnel - ok

20:05:20.0607 2292 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

20:05:20.0622 2292 uagp35 - ok

20:05:20.0732 2292 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

20:05:20.0732 2292 udfs - ok

20:05:20.0919 2292 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

20:05:20.0934 2292 UI0Detect - ok

20:05:21.0059 2292 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

20:05:21.0075 2292 uliagpkx - ok

20:05:21.0122 2292 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys

20:05:21.0122 2292 uliahci - ok

20:05:21.0231 2292 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

20:05:21.0231 2292 UlSata - ok

20:05:21.0340 2292 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

20:05:21.0340 2292 ulsata2 - ok

20:05:21.0371 2292 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

20:05:21.0371 2292 umbus - ok

20:05:21.0434 2292 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

20:05:21.0449 2292 upnphost - ok

20:05:21.0480 2292 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys

20:05:21.0480 2292 USBAAPL - ok

20:05:21.0605 2292 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

20:05:21.0621 2292 usbccgp - ok

20:05:21.0792 2292 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

20:05:21.0792 2292 usbcir - ok

20:05:21.0902 2292 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

20:05:21.0902 2292 usbehci - ok

20:05:21.0948 2292 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

20:05:21.0948 2292 usbhub - ok

20:05:21.0980 2292 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

20:05:21.0995 2292 usbohci - ok

20:05:22.0026 2292 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

20:05:22.0026 2292 usbprint - ok

20:05:22.0073 2292 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

20:05:22.0073 2292 usbscan - ok

20:05:22.0089 2292 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:05:22.0089 2292 USBSTOR - ok

20:05:22.0198 2292 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

20:05:22.0198 2292 usbuhci - ok

20:05:22.0245 2292 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

20:05:22.0245 2292 UxSms - ok

20:05:22.0448 2292 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

20:05:22.0463 2292 vds - ok

20:05:22.0494 2292 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

20:05:22.0494 2292 vga - ok

20:05:22.0604 2292 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

20:05:22.0619 2292 VgaSave - ok

20:05:22.0713 2292 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys

20:05:22.0713 2292 viaagp - ok

20:05:22.0728 2292 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys

20:05:22.0744 2292 ViaC7 - ok

20:05:22.0838 2292 [ C0ACE9D0F5A5EE0B00F58345947A57FC ] viaide C:\Windows\system32\drivers\viaide.sys

20:05:22.0838 2292 viaide - ok

20:05:22.0884 2292 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

20:05:22.0884 2292 volmgr - ok

20:05:23.0103 2292 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

20:05:23.0118 2292 volmgrx - ok

20:05:23.0165 2292 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys

20:05:23.0165 2292 volsnap - ok

20:05:23.0259 2292 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

20:05:23.0259 2292 vsmraid - ok

20:05:23.0306 2292 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

20:05:23.0337 2292 VSS - ok

20:05:23.0352 2292 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

20:05:23.0368 2292 W32Time - ok

20:05:23.0430 2292 [ 9CA92191C8F18E8B491A5B28E63C07B7 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll

20:05:23.0430 2292 W3SVC - ok

20:05:23.0446 2292 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

20:05:23.0446 2292 WacomPen - ok

20:05:23.0477 2292 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

20:05:23.0477 2292 Wanarp - ok

20:05:23.0571 2292 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

20:05:23.0571 2292 Wanarpv6 - ok

20:05:23.0711 2292 [ 9CA92191C8F18E8B491A5B28E63C07B7 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll

20:05:23.0711 2292 WAS - ok

20:05:23.0727 2292 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll

20:05:23.0742 2292 wcncsvc - ok

20:05:23.0774 2292 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

20:05:23.0774 2292 WcsPlugInService - ok

20:05:23.0789 2292 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys

20:05:23.0789 2292 Wd - ok

20:05:23.0836 2292 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

20:05:23.0852 2292 Wdf01000 - ok

20:05:23.0961 2292 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

20:05:23.0976 2292 WdiServiceHost - ok

20:05:24.0070 2292 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

20:05:24.0101 2292 WdiSystemHost - ok

20:05:24.0288 2292 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll

20:05:24.0304 2292 WebClient - ok

20:05:24.0351 2292 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

20:05:24.0366 2292 Wecsvc - ok

20:05:24.0398 2292 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

20:05:24.0398 2292 wercplsupport - ok

20:05:24.0507 2292 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

20:05:24.0522 2292 WerSvc - ok

20:05:24.0585 2292 [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys

20:05:24.0600 2292 winachsf - ok

20:05:24.0741 2292 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

20:05:24.0741 2292 WinDefend - ok

20:05:24.0772 2292 WinHttpAutoProxySvc - ok

20:05:24.0897 2292 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

20:05:24.0897 2292 Winmgmt - ok

20:05:25.0068 2292 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

20:05:25.0193 2292 WinRM - ok

20:05:25.0256 2292 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] winusb C:\Windows\system32\DRIVERS\WinUSB.SYS

20:05:25.0256 2292 winusb - ok

20:05:25.0443 2292 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

20:05:25.0443 2292 Wlansvc - ok

20:05:25.0552 2292 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

20:05:25.0552 2292 WmiAcpi - ok

20:05:25.0692 2292 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

20:05:25.0692 2292 wmiApSrv - ok

20:05:26.0051 2292 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

20:05:26.0067 2292 WMPNetworkSvc - ok

20:05:26.0098 2292 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

20:05:26.0098 2292 WPCSvc - ok

20:05:26.0129 2292 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

20:05:26.0129 2292 WPDBusEnum - ok

20:05:26.0160 2292 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

20:05:26.0160 2292 WpdUsb - ok

20:05:26.0270 2292 [ 762CD41257671CE9DD1B57967537E0D9 ] WPFFontCache_v0400 c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

20:05:26.0285 2292 WPFFontCache_v0400 - ok

20:05:26.0316 2292 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

20:05:26.0316 2292 ws2ifsl - ok

20:05:26.0410 2292 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll

20:05:26.0426 2292 wscsvc - ok

20:05:26.0426 2292 WSearch - ok

20:05:26.0753 2292 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

20:05:26.0816 2292 wuauserv - ok

20:05:26.0878 2292 [ 13B5F255E90624A5BA0441D39CFB6BE2 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

20:05:26.0909 2292 WudfPf - ok

20:05:27.0050 2292 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

20:05:27.0081 2292 WUDFRd - ok

20:05:27.0237 2292 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll

20:05:27.0237 2292 wudfsvc - ok

20:05:27.0315 2292 [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys

20:05:27.0330 2292 XAudio - ok

20:05:27.0455 2292 [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe

20:05:27.0471 2292 XAudioService - ok

20:05:27.0549 2292 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

20:05:27.0564 2292 YahooAUService - ok

20:05:27.0564 2292 ================ Scan global ===============================

20:05:27.0642 2292 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

20:05:27.0830 2292 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

20:05:27.0876 2292 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

20:05:27.0986 2292 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

20:05:28.0001 2292 [Global] - ok

20:05:28.0001 2292 ================ Scan MBR ==================================

20:05:28.0032 2292 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

20:05:32.0603 2292 \Device\Harddisk0\DR0 - ok

20:05:32.0603 2292 ================ Scan VBR ==================================

20:05:32.0744 2292 [ 160B2F467FF02C7B4ED353B4CBAB12D3 ] \Device\Harddisk0\DR0\Partition1

20:05:32.0744 2292 \Device\Harddisk0\DR0\Partition1 - ok

20:05:32.0837 2292 [ 7D0E42F584EF2CEB50DF9BD7E6B3ADD8 ] \Device\Harddisk0\DR0\Partition2

20:05:32.0837 2292 \Device\Harddisk0\DR0\Partition2 - ok

20:05:32.0837 2292 ============================================================

20:05:32.0837 2292 Scan finished

20:05:32.0837 2292 ============================================================

20:05:32.0853 3080 Detected object count: 0

20:05:32.0853 3080 Actual detected object count: 0

Results of screen317's Security Check version 0.99.56

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Norton Security Suite

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

CCleaner

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

# AdwCleaner v2.101 - Logfile created 12/20/2012 at 13:56:54

# Updated 16/12/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : Catherine - CATHY-PC

# Boot Mode : Normal

# Running from : C:\Users\Catherine\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\user.js

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\Users\Catherine\AppData\LocalLow\BabylonToolbar

Folder Found : C:\Users\Catherine\AppData\LocalLow\FunWebProducts

Folder Found : C:\Users\Catherine\AppData\LocalLow\MyWebSearch

Folder Found : C:\Users\Cathy\AppData\LocalLow\FunWebProducts

Folder Found : C:\Users\Cathy\AppData\LocalLow\MyWebSearch

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products

Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts

Key Found : HKCU\Software\BabylonToolbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKU\S-1-5-21-3791582363-2134651681-4099630506-1004\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Key Found : HKU\S-1-5-21-3791582363-2134651681-4099630506-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2507 octets] - [20/12/2012 13:56:54]

########## EOF - C:\AdwCleaner[R1].txt - [2567 octets] ##########

Link to post
Share on other sites

  • Staff

Hi,

The freezing could be a number of things. Do you see any processes in Task Manager (press CTRL + Alt + Del) under Processes that are taking up high CPU%?

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number

Link to post
Share on other sites

here's the log. just out of curiosity, did any of the other logs that i've provided so far detail anything suspicious? i would like to be able to help my cause as much as i can between posts by looking into things. I don't intend to try to fix things on my own, but if i can do anything i will. thanks again screen317. i definitely appreciate all the time you guys put into helping us. i will definitely be donating

# AdwCleaner v2.101 - Logfile created 12/21/2012 at 01:39:34

# Updated 16/12/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : Catherine - CATHY-PC

# Boot Mode : Normal

# Running from : C:\Users\Catherine\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\user.js

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Users\Catherine\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Catherine\AppData\LocalLow\FunWebProducts

Folder Deleted : C:\Users\Catherine\AppData\LocalLow\MyWebSearch

Folder Deleted : C:\Users\Cathy\AppData\LocalLow\FunWebProducts

Folder Deleted : C:\Users\Cathy\AppData\LocalLow\MyWebSearch

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products

Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2636 octets] - [20/12/2012 13:56:54]

AdwCleaner[R2].txt - [2696 octets] - [20/12/2012 13:59:18]

AdwCleaner[s1].txt - [2365 octets] - [21/12/2012 01:39:34]

########## EOF - C:\AdwCleaner[s1].txt - [2425 octets] ##########

Link to post
Share on other sites

  • Staff

Nothing really serious in terms of malware that I can see from here.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan-- do not download any programs; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.