Hello
myrti,
First I downloaded the
DeFogger which disabled my CD Emulation drivers.
Here is the
defogger_disable.txt file:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:52 on 04/02/2012 (Daniel)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
After that I restarted my laptop.
Then I downloaded
GMER from the
Main Mirror which downloaded a randomly named file to my Desktop but I couldn't opet it because it gave me win32 error:
That's why I downloaded a zipped version which I run without any problems.
Here is the log from the scan:
GMER 1.0.15.15641 -
http://www.gmer.netRootkit scan 2012-02-04 16:43:35
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST9160821AS rev.3.ALD
Running: gmer.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uwdirpod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x89EFEFC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9050C510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x89F01456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x89F014AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x89F015C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x89F013AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x89F014FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x89F01400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x89F01572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x89EFEFE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9050C5C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x89EFEDB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x89EFF00C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x89F019BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x89EFFAA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x89F01486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x89F014D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x89F015EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x89F013D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x89F0153E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x89F0142E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x89F0159C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9050C658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x89EFF96A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x89EFF030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x89EFF054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x89EFEE0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x89EFEF48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x89EFEF24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x89EFEF6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x89EFF078]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x905207A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKey + 13CD 830399A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830594E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 1393 83060750 4 Bytes [C4, EF, EF, 89]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BB 83060778 4 Bytes [10, C5, 50, 90] {ADC CH, AL; PUSH EAX; NOP }
.text ntoskrnl.exe!KeRemoveQueueEx + 146F 8306082C 8 Bytes [56, 14, F0, 89, AE, 14, F0, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 147B 83060838 4 Bytes [C4, 15, F0, 89]
.text ntoskrnl.exe!KeRemoveQueueEx + 1497 83060854 4 Bytes [AC, 13, F0, 89]
.text ...
PAGE ntoskrnl.exe!ObMakeTemporaryObject 831E640E 5 Bytes JMP 9051D69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 8320D916 5 Bytes JMP 9051F174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 8321406F 4 Bytes CALL 89F00025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 83250C8D 4 Bytes CALL 89F0003B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 832D67D4 7 Bytes JMP 905207A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[328] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[328] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[328] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[468] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[472] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[472] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[472] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[556] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[556] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[556] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[556] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[556] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[556] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[556] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[556] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[568] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\services.exe[612] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[612] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[612] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[628] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\lsm.exe[636] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000A03FC
.text C:\Windows\system32\lsm.exe[636] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\lsm.exe[636] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[732] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[732] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[732] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[804] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[804] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[804] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[804] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\winlogon.exe[804] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\winlogon.exe[804] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\winlogon.exe[804] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\winlogon.exe[804] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[924] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00190A08
.text C:\Windows\System32\svchost.exe[924] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001903FC
.text C:\Windows\System32\svchost.exe[924] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00190804
.text C:\Windows\System32\svchost.exe[924] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001901F8
.text C:\Windows\System32\svchost.exe[924] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00190600
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 008D0A08
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 008D03FC
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 008D0804
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 008D01F8
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 008D0600
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00E80A08
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 00E803FC
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00E80804
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 00E801F8
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00E80600
.text C:\Windows\system32\AUDIODG.EXE[1140] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 003D0A08
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 003D03FC
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 003D0804
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 003D01F8
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 003D0600
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 008F0A08
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 008F03FC
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 008F0804
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 008F01F8
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 008F0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 5D2EB750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 000F0600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1492] kernel32.dll!SetUnhandledExceptionFilter 759BF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1492] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1768] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1768] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1768] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1768] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00360A08
.text C:\Windows\system32\svchost.exe[1768] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 003603FC
.text C:\Windows\system32\svchost.exe[1768] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00360804
.text C:\Windows\system32\svchost.exe[1768] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 003601F8
.text C:\Windows\system32\svchost.exe[1768] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00360600
.text C:\Windows\system32\svchost.exe[1912] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1912] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1912] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Users\Daniel\Desktop\gmer.exe[1920] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe[1996] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe[1996] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001501F8
.text C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe[1996] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000903FC
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000901F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00130A08
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001303FC
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00130804
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001301F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00130600
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 004F0A08
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 004F03FC
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 004F0804
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 004F01F8
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 004F0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001501F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\WUDFHost.exe[2316] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\WUDFHost.exe[2316] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\WUDFHost.exe[2316] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[2316] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\WUDFHost.exe[2316] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\WUDFHost.exe[2316] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\WUDFHost.exe[2316] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\WUDFHost.exe[2316] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[2364] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2364] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2364] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2364] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 002E0A08
.text C:\Windows\system32\svchost.exe[2364] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 002E03FC
.text C:\Windows\system32\svchost.exe[2364] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 002E0804
.text C:\Windows\system32\svchost.exe[2364] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 002E01F8
.text C:\Windows\system32\svchost.exe[2364] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 002E0600
.text C:\Windows\system32\taskhost.exe[2456] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[2456] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[2456] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2456] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskhost.exe[2456] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskhost.exe[2456] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00070804
.text C:\Windows\system32\taskhost.exe[2456] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskhost.exe[2456] USER32.dll!SetWindowsHookExA 757B6D0C 3 Bytes JMP 00070600
.text C:\Windows\system32\taskhost.exe[2456] USER32.dll!SetWindowsHookExA + 4 757B6D10 1 Byte [8A]
.text C:\Windows\system32\Dwm.exe[2588] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[2588] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[2588] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2588] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[2588] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[2588] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[2588] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[2588] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 000F0600
.text C:\Windows\Explorer.EXE[2644] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[2644] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[2644] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[2644] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00150A08
.text C:\Windows\Explorer.EXE[2644] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001503FC
.text C:\Windows\Explorer.EXE[2644] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00150804
.text C:\Windows\Explorer.EXE[2644] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001501F8
.text C:\Windows\Explorer.EXE[2644] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00150600
.text C:\Windows\System32\rundll32.exe[2704] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000703FC
.text C:\Windows\System32\rundll32.exe[2704] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000701F8
.text C:\Windows\System32\rundll32.exe[2704] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[2704] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\rundll32.exe[2704] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\rundll32.exe[2704] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\rundll32.exe[2704] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\rundll32.exe[2704] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00140804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00140600
.text C:\Windows\System32\hkcmd.exe[3000] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\hkcmd.exe[3000] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\hkcmd.exe[3000] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[3000] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\hkcmd.exe[3000] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\hkcmd.exe[3000] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\hkcmd.exe[3000] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\hkcmd.exe[3000] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\igfxpers.exe[3008] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[3008] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[3008] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\igfxsrvc.exe[3032] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Windows\system32\igfxsrvc.exe[3032] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Windows\system32\igfxsrvc.exe[3032] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[3032] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\igfxsrvc.exe[3032] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\igfxsrvc.exe[3032] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\igfxsrvc.exe[3032] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\igfxsrvc.exe[3032] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 02F90A08
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 02F903FC
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 02F90804
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 02F901F8
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 02F90600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 001A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 001A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 001A0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00300A08
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 003003FC
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00300804
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 003001F8
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00300600
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 000F0600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3368] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 000E0A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 000E03FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 000E0804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 000E01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 000E0600
.text C:\Program Files\RocketDock\RocketDock.exe[3432] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Program Files\RocketDock\RocketDock.exe[3432] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Program Files\RocketDock\RocketDock.exe[3432] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\RocketDock\RocketDock.exe[3432] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\RocketDock\RocketDock.exe[3432] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001F03FC
.text C:\Program Files\RocketDock\RocketDock.exe[3432] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 001F0804
.text C:\Program Files\RocketDock\RocketDock.exe[3432] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001F01F8
.text C:\Program Files\RocketDock\RocketDock.exe[3432] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\SearchIndexer.exe[3636] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3636] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3636] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3636] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[3636] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\SearchIndexer.exe[3636] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[3636] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[3636] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001501F8
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00BA0A08
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 00BA03FC
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00BA0804
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 00BA01F8
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00BA0600
.text C:\Windows\System32\svchost.exe[4084] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[4084] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[4084] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4084] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00140A08
.text C:\Windows\System32\svchost.exe[4084] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001403FC
.text C:\Windows\System32\svchost.exe[4084] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00140804
.text C:\Windows\System32\svchost.exe[4084] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001401F8
.text C:\Windows\System32\svchost.exe[4084] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00140600
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740F2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740D5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740D56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [740F24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740E8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740E4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740E506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740E5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [740E6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740E826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740E87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740E901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [740EE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [740E4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7537FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2704] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7537FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7537FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7537FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4B 0xB0 0xC7 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xCA 0x21 0x69 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x70 0x3D 0x42 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x70 0x3D 0x42 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4B 0xB0 0xC7 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xCA 0x21 0x69 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x70 0x3D 0x42 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x70 0x3D 0x42 0x25 ...
---- EOF - GMER 1.0.15 ----
P.S.Afterwards, I run
MBAM and the scan finished without BSOD or any other problem.
I'd like to know if my virtual drives were creating a problem and if I can retrieve them now or should I use them at all in the future?
Thanks in advance.
EDITPreviously, I've run the 'Quick Scan' which completed without problems.
However, when I did the 'Full Scan' my laptop crashed again and a BSOD appeared again.
This is the report from
Windows:
Problem signature: Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033
Additional information about the problem: BCCode: 7a
BCP1: C020C6CC
BCP2: C0000185
BCP3: 6D0A5860
BCP4: 831B3B1E
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1
Files that help describe the problem: C:\Windows\Minidump\020412-33290-01.dmp
C:\Users\Daniel\AppData\Local\Temp\WER-43430-0.sysdata.xml
Read our privacy statement online: http://go.microsoft....88&clcid=0x0409If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
I also recently installed
BlueScreenView program to be able to make a better report regarding the Blue Screen.
This the report from
BlueScreenView:
==================================================
Filename : ntoskrnl.exe
Address In Stack : ntoskrnl.exe+1afb1e
From Address : 0x83004000
To Address : 0x83407000
Size : 0x00403000
Time Stamp : 0x4ea76e9b
Time String : 10/26/2011 3:21:15 AM
Product Name : Microsoft® Windows® Operating System
File Description : NT Kernel & System
File Version : 6.1.7601.17713 (win7sp1_gdr.111025-1505)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\ntoskrnl.exe
==================================================
==================================================
Filename : hal.dll
Address In Stack :
From Address : 0x83407000
To Address : 0x8343e000
Size : 0x00037000
Time Stamp : 0x4ce788d2
Time String : 11/20/2010 9:37:38 AM
Product Name : Microsoft® Windows® Operating System
File Description : Hardware Abstraction Layer DLL
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\hal.dll
==================================================
==================================================
Filename : kdcom.dll
Address In Stack :
From Address : 0x80ba2000
To Address : 0x80baa000
Size : 0x00008000
Time Stamp : 0x4a5bdaaa
Time String : 7/14/2009 2:08:58 AM
Product Name : Microsoft® Windows® Operating System
File Description : Serial Kernel Debugger
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\kdcom.dll
==================================================
==================================================
Filename : mcupdate.dll
Address In Stack :
From Address : 0x89417000
To Address : 0x8949c000
Size : 0x00085000
Time Stamp : 0x4ce7b876
Time String : 11/20/2010 1:00:54 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : PSHED.dll
Address In Stack :
From Address : 0x8949c000
To Address : 0x894ad000
Size : 0x00011000
Time Stamp : 0x4a5bdad0
Time String : 7/14/2009 2:09:36 AM
Product Name : Microsoft® Windows® Operating System
File Description : Platform Specific Hardware Error Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\PSHED.dll
==================================================
==================================================
Filename : BOOTVID.dll
Address In Stack :
From Address : 0x894ad000
To Address : 0x894b5000
Size : 0x00008000
Time Stamp : 0x4a5bd9a2
Time String : 7/14/2009 2:04:34 AM
Product Name : Microsoft® Windows® Operating System
File Description : VGA Boot Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\BOOTVID.dll
==================================================
==================================================
Filename : CLFS.SYS
Address In Stack :
From Address : 0x894b5000
To Address : 0x894f7000
Size : 0x00042000
Time Stamp : 0x4a5bbf0e
Time String : 7/14/2009 12:11:10 AM
Product Name : Microsoft® Windows® Operating System
File Description : Common Log File System Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\CLFS.SYS
==================================================
==================================================
Filename : CI.dll
Address In Stack :
From Address : 0x894f7000
To Address : 0x895a2000
Size : 0x000ab000
Time Stamp : 0x4ce7b97d
Time String : 11/20/2010 1:05:17 PM
Product Name : Microsoft® Windows® Operating System
File Description : Code Integrity Module
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\CI.dll
==================================================
==================================================
Filename : Wdf01000.sys
Address In Stack :
From Address : 0x895a2000
To Address : 0x89613000
Size : 0x00071000
Time Stamp : 0x4a5bbf28
Time String : 7/14/2009 12:11:36 AM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Mode Driver Framework Runtime
File Version : 1.9.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Wdf01000.sys
==================================================
==================================================
Filename : WDFLDR.SYS
Address In Stack :
From Address : 0x89613000
To Address : 0x89621000
Size : 0x0000e000
Time Stamp : 0x4a5bbf1d
Time String : 7/14/2009 12:11:25 AM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Mode Driver Framework Loader
File Version : 1.9.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\WDFLDR.SYS
==================================================
==================================================
Filename : ACPI.sys
Address In Stack :
From Address : 0x89621000
To Address : 0x89669000
Size : 0x00048000
Time Stamp : 0x4ce788e0
Time String : 11/20/2010 9:37:52 AM
Product Name : Microsoft® Windows® Operating System
File Description : ACPI Driver for NT
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ACPI.sys
==================================================
==================================================
Filename : WMILIB.SYS
Address In Stack :
From Address : 0x89669000
To Address : 0x89672000
Size : 0x00009000
Time Stamp : 0x4a5bbf1a
Time String : 7/14/2009 12:11:22 AM
Product Name : Microsoft® Windows® Operating System
File Description : WMILIB WMI support library Dll
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\WMILIB.SYS
==================================================
==================================================
Filename : msisadrv.sys
Address In Stack :
From Address : 0x89672000
To Address : 0x8967a000
Size : 0x00008000
Time Stamp : 0x4a5bbf0d
Time String : 7/14/2009 12:11:09 AM
Product Name : Microsoft® Windows® Operating System
File Description : ISA Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\msisadrv.sys
==================================================
==================================================
Filename : vdrvroot.sys
Address In Stack :
From Address : 0x8967a000
To Address : 0x89685000
Size : 0x0000b000
Time Stamp : 0x4a5bc74b
Time String : 7/14/2009 12:46:19 AM
Product Name : Microsoft® Windows® Operating System
File Description : Virtual Drive Root Enumerator
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vdrvroot.sys
==================================================
==================================================
Filename : pci.sys
Address In Stack :
From Address : 0x89685000
To Address : 0x896af000
Size : 0x0002a000
Time Stamp : 0x4ce788e5
Time String : 11/20/2010 9:37:57 AM
Product Name : Microsoft® Windows® Operating System
File Description : NT Plug and Play PCI Enumerator
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pci.sys
==================================================
==================================================
Filename : partmgr.sys
Address In Stack :
From Address : 0x896af000
To Address : 0x896c0000
Size : 0x00011000
Time Stamp : 0x4ce788f6
Time String : 11/20/2010 9:38:14 AM
Product Name : Microsoft® Windows® Operating System
File Description : Partition Management Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\partmgr.sys
==================================================
==================================================
Filename : compbatt.sys
Address In Stack :
From Address : 0x896c0000
To Address : 0x896c8000
Size : 0x00008000
Time Stamp : 0x4a5bc0f6
Time String : 7/14/2009 12:19:18 AM
Product Name : Microsoft® Windows® Operating System
File Description : Composite Battery Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\compbatt.sys
==================================================
==================================================
Filename : BATTC.SYS
Address In Stack :
From Address : 0x896c8000
To Address : 0x896d3000
Size : 0x0000b000
Time Stamp : 0x4a5bc0f3
Time String : 7/14/2009 12:19:15 AM
Product Name : Microsoft® Windows® Operating System
File Description : Battery Class Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\BATTC.SYS
==================================================
==================================================
Filename : volmgr.sys
Address In Stack :
From Address : 0x896d3000
To Address : 0x896e3000
Size : 0x00010000
Time Stamp : 0x4ce788ee
Time String : 11/20/2010 9:38:06 AM
Product Name : Microsoft® Windows® Operating System
File Description : Volume Manager Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\volmgr.sys
==================================================
==================================================
Filename : volmgrx.sys
Address In Stack :
From Address : 0x896e3000
To Address : 0x8972e000
Size : 0x0004b000
Time Stamp : 0x4a5bbf2d
Time String : 7/14/2009 12:11:41 AM
Product Name : Microsoft® Windows® Operating System
File Description : Volume Manager Extension Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\volmgrx.sys
==================================================
==================================================
Filename : intelide.sys
Address In Stack :
From Address : 0x8972e000
To Address : 0x89735000
Size : 0x00007000
Time Stamp : 0x4a5bbf17
Time String : 7/14/2009 12:11:19 AM
Product Name : Microsoft® Windows® Operating System
File Description : Intel PCI IDE Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\intelide.sys
==================================================
==================================================
Filename : PCIIDEX.SYS
Address In Stack :
From Address : 0x89735000
To Address : 0x89743000
Size : 0x0000e000
Time Stamp : 0x4a5bbf13
Time String : 7/14/2009 12:11:15 AM
Product Name : Microsoft® Windows® Operating System
File Description : PCI IDE Bus Driver Extension
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\PCIIDEX.SYS
==================================================
==================================================
Filename : mountmgr.sys
Address In Stack :
From Address : 0x89743000
To Address : 0x89759000
Size : 0x00016000
Time Stamp : 0x4ce788f1
Time String : 11/20/2010 9:38:09 AM
Product Name : Microsoft® Windows® Operating System
File Description : Mount Point Manager
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mountmgr.sys
==================================================
==================================================
Filename : vmbus.sys
Address In Stack :
From Address : 0x89759000
To Address : 0x89782180
Size : 0x00029180
Time Stamp : 0x4ce79192
Time String : 11/20/2010 10:14:58 AM
Product Name : Microsoft® Windows® Operating System
File Description : Virtual Machine Bus
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vmbus.sys
==================================================
==================================================
Filename : winhv.sys
Address In Stack :
From Address : 0x89783000
To Address : 0x89795000
Size : 0x00012000
Time Stamp : 0x4ce788f7
Time String : 11/20/2010 9:38:15 AM
Product Name : Microsoft® Windows® Operating System
File Description : Windows Hypervisor Interface Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\winhv.sys
==================================================
==================================================
Filename : atapi.sys
Address In Stack :
From Address : 0x89795000
To Address : 0x8979e000
Size : 0x00009000
Time Stamp : 0x4a5bbf13
Time String : 7/14/2009 12:11:15 AM
Product Name : Microsoft® Windows® Operating System
File Description : ATAPI IDE Miniport Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\atapi.sys
==================================================
==================================================
Filename : ataport.SYS
Address In Stack :
From Address : 0x8979e000
To Address : 0x897c1000
Size : 0x00023000
Time Stamp : 0x4ce788e8
Time String : 11/20/2010 9:38:00 AM
Product Name : Microsoft® Windows® Operating System
File Description : ATAPI Driver Extension
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ataport.SYS
==================================================
==================================================
Filename : msahci.sys
Address In Stack :
From Address : 0x897c1000
To Address : 0x897cb000
Size : 0x0000a000
Time Stamp : 0x4ce799f8
Time String : 11/20/2010 10:50:48 AM
Product Name : Microsoft® Windows® Operating System
File Description : MS AHCI 1.0 Standard Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\msahci.sys
==================================================
==================================================
Filename : amdxata.sys
Address In Stack :
From Address : 0x897cb000
To Address : 0x897d4000
Size : 0x00009000
Time Stamp : 0x4ba3a3f5
Time String : 3/19/2010 5:19:01 PM
Product Name : Storage Filter Driver
File Description : Storage Filter Driver
File Version : 1.1.2.5 (NT.091202-1711)
Company : Advanced Micro Devices
Full Path : C:\Windows\system32\drivers\amdxata.sys
==================================================
==================================================
Filename : fltmgr.sys
Address In Stack :
From Address : 0x89822000
To Address : 0x89856000
Size : 0x00034000
Time Stamp : 0x4a5bbf11
Time String : 7/14/2009 12:11:13 AM
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Filesystem Filter Manager
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fltmgr.sys
==================================================
==================================================
Filename : fileinfo.sys
Address In Stack :
From Address : 0x89856000
To Address : 0x89867000
Size : 0x00011000
Time Stamp : 0x4a5bc18f
Time String : 7/14/2009 12:21:51 AM
Product Name : Microsoft® Windows® Operating System
File Description : FileInfo Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fileinfo.sys
==================================================
==================================================
Filename : Ntfs.sys
Address In Stack :
From Address : 0x89867000
To Address : 0x89996000
Size : 0x0012f000
Time Stamp : 0x4d799527
Time String : 3/11/2011 4:21:11 AM
Product Name : Microsoft® Windows® Operating System
File Description : NT File System Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Ntfs.sys
==================================================
==================================================
Filename : msrpc.sys
Address In Stack :
From Address : 0x89996000
To Address : 0x899c1000
Size : 0x0002b000
Time Stamp : 0x4a5bbf3f
Time String : 7/14/2009 12:11:59 AM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Remote Procedure Call Provider
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\msrpc.sys
==================================================
==================================================
Filename : ksecdd.sys
Address In Stack :
From Address : 0x899c1000
To Address : 0x899d4000
Size : 0x00013000
Time Stamp : 0x4ec47c6c
Time String : 11/17/2011 4:15:56 AM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Security Support Provider Interface
File Version : 6.1.7601.17725 (win7sp1_gdr.111116-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ksecdd.sys
==================================================
==================================================
Filename : cng.sys
Address In Stack :
From Address : 0x899d4000
To Address : 0x89a31000
Size : 0x0005d000
Time Stamp : 0x4ec48143
Time String : 11/17/2011 4:36:35 AM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Cryptography, Next Generation
File Version : 6.1.7601.17725 (win7sp1_gdr.111116-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\cng.sys
==================================================
==================================================
Filename : pcw.sys
Address In Stack :
From Address : 0x89a31000
To Address : 0x89a3f000
Size : 0x0000e000
Time Stamp : 0x4a5bbf0e
Time String : 7/14/2009 12:11:10 AM
Product Name : Microsoft® Windows® Operating System
File Description : Performance Counters for Windows Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pcw.sys
==================================================
==================================================
Filename : Fs_Rec.sys
Address In Stack :
From Address : 0x89a3f000
To Address : 0x89a48000
Size : 0x00009000
Time Stamp : 0x4a5bbf12
Time String : 7/14/2009 12:11:14 AM
Product Name : Microsoft® Windows® Operating System
File Description : File System Recognizer Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Fs_Rec.sys
==================================================
==================================================
Filename : ndis.sys
Address In Stack :
From Address : 0x89a48000
To Address : 0x89aff000
Size : 0x000b7000
Time Stamp : 0x4ce78937
Time String : 11/20/2010 9:39:19 AM
Product Name : Microsoft® Windows® Operating System
File Description : NDIS 6.20 driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndis.sys
==================================================
==================================================
Filename : NETIO.SYS
Address In Stack :
From Address : 0x89aff000
To Address : 0x89b3d000
Size : 0x0003e000
Time Stamp : 0x4ce78963
Time String : 11/20/2010 9:40:03 AM
Product Name : Microsoft® Windows® Operating System
File Description : Network I/O Subsystem
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\NETIO.SYS
==================================================
==================================================
Filename : ksecpkg.sys
Address In Stack :
From Address : 0x89b3d000
To Address : 0x89b62000
Size : 0x00025000
Time Stamp : 0x4ec4817e
Time String : 11/17/2011 4:37:34 AM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Security Support Provider Interface Packages
File Version : 6.1.7601.17725 (win7sp1_gdr.111116-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ksecpkg.sys
==================================================
==================================================
Filename : tcpip.sys
Address In Stack :
From Address : 0x89c22000
To Address : 0x89d6c000
Size : 0x0014a000
Time Stamp : 0x4e83e463
Time String : 9/29/2011 4:22:11 AM
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tcpip.sys
==================================================
==================================================
Filename : fwpkclnt.sys
Address In Stack :
From Address : 0x89d6c000
To Address : 0x89d9d000
Size : 0x00031000
Time Stamp : 0x4ce7892c
Time String : 11/20/2010 9:39:08 AM
Product Name : Microsoft® Windows® Operating System
File Description : FWP/IPsec Kernel-Mode API
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fwpkclnt.sys
==================================================
==================================================
Filename : vmstorfl.sys
Address In Stack :
From Address : 0x89d9d000
To Address : 0x89da5380
Size : 0x00008380
Time Stamp : 0x4ce7917d
Time String : 11/20/2010 10:14:37 AM
Product Name : Microsoft® Windows® Operating System
File Description : Virtual Storage Filter Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vmstorfl.sys
==================================================
==================================================
Filename : volsnap.sys
Address In Stack :
From Address : 0x89da6000
To Address : 0x89de5000
Size : 0x0003f000
Time Stamp : 0x4ce788f5
Time String : 11/20/2010 9:38:13 AM
Product Name : Microsoft® Windows® Operating System
File Description : Volume Shadow Copy Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\volsnap.sys
==================================================
==================================================
Filename : spldr.sys
Address In Stack :
From Address : 0x89de5000
To Address : 0x89ded000
Size : 0x00008000
Time Stamp : 0x4a084ebb
Time String : 5/11/2009 5:13:47 PM
Product Name : Microsoft® Windows® Operating System
File Description : loader for security processor
File Version : 6.1.7127.0 (fbl_security_bugfix(sepbld-s).090511-0900)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\spldr.sys
==================================================
==================================================
Filename : rdyboost.sys
Address In Stack :
From Address : 0x89ded000
To Address : 0x89e1a000
Size : 0x0002d000
Time Stamp : 0x4ce78e17
Time String : 11/20/2010 10:00:07 AM
Product Name : Microsoft® Windows® Operating System
File Description : ReadyBoost Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdyboost.sys
==================================================
==================================================
Filename : mup.sys
Address In Stack :
From Address : 0x89e1a000
To Address : 0x89e2a000
Size : 0x00010000
Time Stamp : 0x4a5bbfc6
Time String : 7/14/2009 12:14:14 AM
Product Name : Microsoft® Windows® Operating System
File Description : Multiple UNC Provider Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mup.sys
==================================================
==================================================
Filename : hwpolicy.sys
Address In Stack :
From Address : 0x89e2a000
To Address : 0x89e32000
Size : 0x00008000
Time Stamp : 0x4ce788cf
Time String : 11/20/2010 9:37:35 AM
Product Name : Microsoft® Windows® Operating System
File Description : Hardware Policy Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\hwpolicy.sys
==================================================
==================================================
Filename : fvevol.sys
Address In Stack :
From Address : 0x89e32000
To Address : 0x89e64000
Size : 0x00032000
Time Stamp : 0x4ce78976
Time String : 11/20/2010 9:40:22 AM
Product Name : Microsoft® Windows® Operating System
File Description : BitLocker Drive Encryption Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fvevol.sys
==================================================
==================================================
Filename : disk.sys
Address In Stack :
From Address : 0x89e64000
To Address : 0x89e75000
Size : 0x00011000
Time Stamp : 0x4a5bbf20
Time String : 7/14/2009 12:11:28 AM
Product Name : Microsoft® Windows® Operating System
File Description : PnP Disk Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\disk.sys
==================================================
==================================================
Filename : CLASSPNP.SYS
Address In Stack :
From Address : 0x89e75000
To Address : 0x89e9a000
Size : 0x00025000
Time Stamp : 0x4a5bbf18
Time String : 7/14/2009 12:11:20 AM
Product Name : Microsoft® Windows® Operating System
File Description : SCSI Class System Dll
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\CLASSPNP.SYS
==================================================
==================================================
Filename : cdrom.sys
Address In Stack :
From Address : 0x89ecd000
To Address : 0x89eec000
Size : 0x0001f000
Time Stamp : 0x4ce788f1
Time String : 11/20/2010 9:38:09 AM
Product Name : Microsoft® Windows® Operating System
File Description : SCSI CD-ROM Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\cdrom.sys
==================================================
==================================================
Filename : aswSnx.SYS
Address In Stack :
From Address : 0x89eec000
To Address : 0x89f59000
Size : 0x0006d000
Time Stamp : 0x4ed3cab0
Time String : 11/28/2011 6:53:52 PM
Product Name : avast! Antivirus System
File Description : avast! Virtualization Driver
File Version : 6.0.1367.0
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswSnx.SYS
==================================================
==================================================
Filename : Null.SYS
Address In Stack :
From Address : 0x89f59000
To Address : 0x89f60000
Size : 0x00007000
Time Stamp : 0x4a5bbf10
Time String : 7/14/2009 12:11:12 AM
Product Name : Microsoft® Windows® Operating System
File Description : NULL Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Null.SYS
==================================================
==================================================
Filename : Beep.SYS
Address In Stack :
From Address : 0x89f60000
To Address : 0x89f67000
Size : 0x00007000
Time Stamp : 0x4a5bc6fc
Time String : 7/14/2009 12:45:00 AM
Product Name : Microsoft® Windows® Operating System
File Description : BEEP Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Beep.SYS
==================================================
==================================================
Filename : vga.sys
Address In Stack :
From Address : 0x89f67000
To Address : 0x89f73000
Size : 0x0000c000
Time Stamp : 0x4a5bc27e
Time String : 7/14/2009 12:25:50 AM
Product Name : Microsoft® Windows® Operating System
File Description : VGA/Super VGA Video Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vga.sys
==================================================
==================================================
Filename : VIDEOPRT.SYS
Address In Stack :
From Address : 0x89f73000
To Address : 0x89f94000
Size : 0x00021000
Time Stamp : 0x4a5bc27d
Time String : 7/14/2009 12:25:49 AM
Product Name : Microsoft® Windows® Operating System
File Description : Video Port Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\VIDEOPRT.SYS
==================================================
==================================================
Filename : watchdog.sys
Address In Stack :
From Address : 0x89f94000
To Address : 0x89fa1000
Size : 0x0000d000
Time Stamp : 0x4a5bc21a
Time String : 7/14/2009 12:24:10 AM
Product Name : Microsoft® Windows® Operating System
File Description : Watchdog Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\watchdog.sys
==================================================
==================================================
Filename : RDPCDD.sys
Address In Stack :
From Address : 0x89fa1000
To Address : 0x89fa9000
Size : 0x00008000
Time Stamp : 0x4ce7a15b
Time String : 11/20/2010 11:22:19 AM
Product Name : Microsoft® Windows® Operating System
File Description : RDP Miniport
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\RDPCDD.sys
==================================================
==================================================
Filename : rdpencdd.sys
Address In Stack :
From Address : 0x89fa9000
To Address : 0x89fb1000
Size : 0x00008000
Time Stamp : 0x4a5bcae3
Time String : 7/14/2009 1:01:39 AM
Product Name : Microsoft® Windows® Operating System
File Description : RDP Encoder Miniport
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdpencdd.sys
==================================================
==================================================
Filename : rdprefmp.sys
Address In Stack :
From Address : 0x89fb1000
To Address : 0x89fb9000
Size : 0x00008000
Time Stamp : 0x4a5bcae5
Time String : 7/14/2009 1:01:41 AM
Product Name : Microsoft® Windows® Operating System
File Description : RDP Reflector Driver Miniport
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdprefmp.sys
==================================================
==================================================
Filename : Msfs.SYS
Address In Stack :
From Address : 0x89fb9000
To Address : 0x89fc4000
Size : 0x0000b000
Time Stamp : 0x4a5bbf1e
Time String : 7/14/2009 12:11:26 AM
Product Name : Microsoft® Windows® Operating System
File Description : Mailslot driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Msfs.SYS
==================================================
==================================================
Filename : Npfs.SYS
Address In Stack :
From Address : 0x89fc4000
To Address : 0x89fd2000
Size : 0x0000e000
Time Stamp : 0x4a5bbf23
Time String : 7/14/2009 12:11:31 AM
Product Name : Microsoft® Windows® Operating System
File Description : NPFS Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Npfs.SYS
==================================================
==================================================
Filename : tdx.sys
Address In Stack :
From Address : 0x89fd2000
To Address : 0x89fe9000
Size : 0x00017000
Time Stamp : 0x4ce78935
Time String : 11/20/2010 9:39:17 AM
Product Name : Microsoft® Windows® Operating System
File Description : TDI Translation Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tdx.sys
==================================================
==================================================
Filename : TDI.SYS
Address In Stack :
From Address : 0x89fe9000
To Address : 0x89ff5000
Size : 0x0000c000
Time Stamp : 0x4ce78936
Time String : 11/20/2010 9:39:18 AM
Product Name : Microsoft® Windows® Operating System
File Description : TDI Wrapper
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\TDI.SYS
==================================================
==================================================
Filename : aswTdi.SYS
Address In Stack :
From Address : 0x89ff5000
To Address : 0x89fffd80
Size : 0x0000ad80
Time Stamp : 0x4ed3ca4e
Time String : 11/28/2011 6:52:14 PM
Product Name : avast! Antivirus System
File Description : avast! TDI Filter Driver
File Version : 6.0.1367.0 built by: WinDDK
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswTdi.SYS
==================================================
==================================================
Filename : afd.sys
Address In Stack :
From Address : 0x89b62000
To Address : 0x89bbc000
Size : 0x0005a000
Time Stamp : 0x4db4d9d8
Time String : 4/25/2011 3:18:00 AM
Product Name : Microsoft® Windows® Operating System
File Description : Ancillary Function Driver for WinSock
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\afd.sys
==================================================
==================================================
Filename : aswRdr.SYS
Address In Stack :
From Address : 0x89c00000
To Address : 0x89c06500
Size : 0x00006500
Time Stamp : 0x4ed3ca51
Time String : 11/28/2011 6:52:17 PM
Product Name : avast! Antivirus System
File Description : avast! TDI RDR Driver
File Version : 6.0.1367.0 built by: WinDDK
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswRdr.SYS
==================================================
==================================================
Filename : netbt.sys
Address In Stack :
From Address : 0x89bbc000
To Address : 0x89bee000
Size : 0x00032000
Time Stamp : 0x4ce7893a
Time String : 11/20/2010 9:39:22 AM
Product Name : Microsoft® Windows® Operating System
File Description : MBT Transport driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\netbt.sys
==================================================
==================================================
Filename : wfplwf.sys
Address In Stack :
From Address : 0x89c07000
To Address : 0x89c0e000
Size : 0x00007000
Time Stamp : 0x4a5bc90f
Time String : 7/14/2009 12:53:51 AM
Product Name : Microsoft® Windows® Operating System
File Description : WFP NDIS 6.20 Lightweight Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\wfplwf.sys
==================================================
==================================================
Filename : pacer.sys
Address In Stack :
From Address : 0x89800000
To Address : 0x8981f000
Size : 0x0001f000
Time Stamp : 0x4a5bc916
Time String : 7/14/2009 12:53:58 AM
Product Name : Microsoft® Windows® Operating System
File Description : QoS Packet Scheduler
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pacer.sys
==================================================
==================================================
Filename : vwififlt.sys
Address In Stack :
From Address : 0x89c0e000
To Address : 0x89c1f000
Size : 0x00011000
Time Stamp : 0x4a5bc8a3
Time String : 7/14/2009 12:52:03 AM
Product Name : Microsoft® Windows® Operating System
File Description : Virtual WiFi Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vwififlt.sys
==================================================
==================================================
Filename : netbios.sys
Address In Stack :
From Address : 0x89bee000
To Address : 0x89bfc000
Size : 0x0000e000
Time Stamp : 0x4a5bc912
Time String : 7/14/2009 12:53:54 AM
Product Name : Microsoft® Windows® Operating System
File Description : NetBIOS interface driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\netbios.sys
==================================================
==================================================
Filename : wanarp.sys
Address In Stack :
From Address : 0x897d4000
To Address : 0x897e7000
Size : 0x00013000
Time Stamp : 0x4ce79df1
Time String : 11/20/2010 11:07:45 AM
Product Name : Microsoft® Windows® Operating System
File Description : MS Remote Access and Routing ARP Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\wanarp.sys
==================================================
==================================================
Filename : termdd.sys
Address In Stack :
From Address : 0x897e7000
To Address : 0x897f8000
Size : 0x00011000
Time Stamp : 0x4ce7a116
Time String : 11/20/2010 11:21:10 AM
Product Name : Microsoft® Windows® Operating System
File Description : Remote Desktop Server Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\termdd.sys
==================================================
==================================================
Filename : rdbss.sys
Address In Stack :
From Address : 0x90417000
To Address : 0x90458000
Size : 0x00041000
Time Stamp : 0x4ce78a04
Time String : 11/20/2010 9:42:44 AM
Product Name : Microsoft® Windows® Operating System
File Description : Redirected Drive Buffering SubSystem Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdbss.sys
==================================================
==================================================
Filename : nsiproxy.sys
Address In Stack :
From Address : 0x90458000
To Address : 0x90462000
Size : 0x0000a000
Time Stamp : 0x4a5bbf48
Time String : 7/14/2009 12:12:08 AM
Product Name : Microsoft® Windows® Operating System
File Description : NSI Proxy
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\nsiproxy.sys
==================================================
==================================================
Filename : mssmbios.sys
Address In Stack :
From Address : 0x90462000
To Address : 0x9046c000
Size : 0x0000a000
Time Stamp : 0x4a5bc0fd
Time String : 7/14/2009 12:19:25 AM
Product Name : Microsoft® Windows® Operating System
File Description : System Management BIOS Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mssmbios.sys
==================================================
==================================================
Filename : discache.sys
Address In Stack :
From Address : 0x9046c000
To Address : 0x90478000
Size : 0x0000c000
Time Stamp : 0x4a5bc214
Time String : 7/14/2009 12:24:04 AM
Product Name : Microsoft® Windows® Operating System
File Description : System Indexer/Cache Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\discache.sys
==================================================
==================================================
Filename : csc.sys
Address In Stack :
From Address : 0x90478000
To Address : 0x904dc000
Size : 0x00064000
Time Stamp : 0x4ce78a70
Time String : 11/20/2010 9:44:32 AM
Product Name : Microsoft® Windows® Operating System
File Description : Windows Client Side Caching Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\csc.sys
==================================================
==================================================
Filename : dfsc.sys
Address In Stack :
From Address : 0x904dc000
To Address : 0x904f4000
Size : 0x00018000
Time Stamp : 0x4ce789f8
Time String : 11/20/2010 9:42:32 AM
Product Name : Microsoft® Windows® Operating System
File Description : DFS Namespace Client Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\dfsc.sys
==================================================
==================================================
Filename : blbdrive.sys
Address In Stack :
From Address : 0x904f4000
To Address : 0x90502000
Size : 0x0000e000
Time Stamp : 0x4a5bc1d8
Time String : 7/14/2009 12:23:04 AM
Product Name : Microsoft® Windows® Operating System
File Description : BLB Drive Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\blbdrive.sys
==================================================
==================================================
Filename : aswSP.SYS
Address In Stack :
From Address : 0x90502000
To Address : 0x9054cb00
Size : 0x0004ab00
Time Stamp : 0x4ed3ca9d
Time String : 11/28/2011 6:53:33 PM
Product Name : avast! Antivirus System
File Description : avast! self protection module
File Version : 6.0.1367.0
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswSP.SYS
==================================================
==================================================
Filename : tunnel.sys
Address In Stack :
From Address : 0x9054d000
To Address : 0x9056e000
Size : 0x00021000
Time Stamp : 0x4ce79db0
Time String : 11/20/2010 11:06:40 AM
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Tunnel Interface Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tunnel.sys
==================================================
==================================================
Filename : intelppm.sys
Address In Stack :
From Address : 0x9056e000
To Address : 0x90580000
Size : 0x00012000
Time Stamp : 0x4a5bbf07
Time String : 7/14/2009 12:11:03 AM
Product Name : Microsoft® Windows® Operating System
File Description : Processor Device Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\intelppm.sys
==================================================
==================================================
Filename : igdkmd32.sys
Address In Stack :
From Address : 0x9142a000
To Address : 0x91933000
Size : 0x00509000
Time Stamp : 0x4aba7471
Time String : 9/23/2009 8:18:09 PM
Product Name : Intel Graphics Accelerator Drivers for Windows Vista®
File Description : Intel Graphics Kernel Mode Driver
File Version : 8.14.10.1930
Company : Intel Corporation
Full Path : C:\Windows\system32\drivers\igdkmd32.sys
==================================================
==================================================
Filename : dxgkrnl.sys
Address In Stack :
From Address : 0x91933000
To Address : 0x919ea000
Size : 0x000b7000
Time Stamp : 0x4ce78ffe
Time String : 11/20/2010 10:08:14 AM
Product Name : Microsoft® Windows® Operating System
File Description : DirectX Graphics Kernel
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\dxgkrnl.sys
==================================================
==================================================
Filename : dxgmms1.sys
Address In Stack :
From Address : 0x919ea000
To Address : 0x91a23000
Size : 0x00039000
Time Stamp : 0x4d4a24c1
Time String : 2/3/2011 4:45:05 AM
Product Name : Microsoft® Windows® Operating System
File Description : DirectX Graphics MMS
File Version : 6.1.7601.17554 (win7sp1_gdr.110202-1504)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\dxgmms1.sys
==================================================
==================================================
Filename : usbuhci.sys
Address In Stack :
From Address : 0x91a23000
To Address : 0x91a2e000
Size : 0x0000b000
Time Stamp : 0x4d8c04b4
Time String : 3/25/2011 3:57:56 AM
Product Name : Microsoft® Windows® Operating System
File Description : UHCI USB Miniport Driver
File Version : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbuhci.sys
==================================================
==================================================
Filename : USBPORT.SYS
Address In Stack :
From Address : 0x91a2e000
To Address : 0x91a79000
Size : 0x0004b000
Time Stamp : 0x4d8c04bd
Time String : 3/25/2011 3:58:05 AM
Product Name : Microsoft® Windows® Operating System
File Description : USB 1.1 & 2.0 Port Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\USBPORT.SYS
==================================================
==================================================
Filename : usbehci.sys
Address In Stack :
From Address : 0x91a79000
To Address : 0x91a88000
Size : 0x0000f000
Time Stamp : 0x4d8c04b6
Time String : 3/25/2011 3:57:58 AM
Product Name : Microsoft® Windows® Operating System
File Description : EHCI eUSB Miniport Driver
File Version : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbehci.sys
==================================================
==================================================
Filename : HDAudBus.sys
Address In Stack :
From Address : 0x91a88000
To Address : 0x91aa7000
Size : 0x0001f000
Time Stamp : 0x4ce79c00
Time String : 11/20/2010 10:59:28 AM
Product Name : Microsoft® Windows® Operating System
File Description : High Definition Audio Bus Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HDAudBus.sys
==================================================
==================================================
Filename : b57nd60x.sys
Address In Stack :
From Address : 0x91aa7000
To Address : 0x91aff000
Size : 0x00058000
Time Stamp : 0x4d59fa28
Time String : 2/15/2011 4:59:36 AM
Product Name : Broadcom NetXtreme Gigabit Ethernet Driver
File Description : Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.
File Version : 14.6.1.0 (cbuild.02142011-1956,b57nd6x-rel_14.6-lhdepot1106.CL-135337)
Company : Broadcom Corporation
Full Path : C:\Windows\system32\drivers\b57nd60x.sys
==================================================
==================================================
Filename : NETwLv32.sys
Address In Stack :
From Address : 0x9381c000
To Address : 0x93e7b000
Size : 0x0065f000
Time Stamp : 0x4cadb8da
Time String : 10/7/2010 1:11:06 PM
Product Name : Intel® Wireless WiFi Link Adapter
File Description : Intel® Wireless WiFi Link Driver
File Version : 13.4.0.139
Company : Intel Corporation
Full Path : C:\Windows\system32\drivers\NETwLv32.sys
==================================================
==================================================
Filename : 1394ohci.sys
Address In Stack :
From Address : 0x93e7b000
To Address : 0x93ea8000
Size : 0x0002d000
Time Stamp : 0x4ce79c67
Time String : 11/20/2010 11:01:11 AM
Product Name : Microsoft® Windows® Operating System
File Description : 1394 OpenHCI Port Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\1394ohci.sys
==================================================
==================================================
Filename : sdbus.sys
Address In Stack :
From Address : 0x93ea8000
To Address : 0x93ec1000
Size : 0x00019000
Time Stamp : 0x4ce78caa
Time String : 11/20/2010 9:54:02 AM
Product Name : Microsoft® Windows® Operating System
File Description : SecureDigital Bus Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\sdbus.sys
==================================================
==================================================
Filename : rimmptsk.sys
Address In Stack :
From Address : 0x93ec1000
To Address : 0x93ed2000
Size : 0x00011000
Time Stamp : 0x4a432e11
Time String : 6/25/2009 8:58:09 AM
Product Name : RICOH SD/MMC Driver
File Description : RICOH SD/MMC Driver
File Version : 6.10.01.03
Company : REDC
Full Path : C:\Windows\system32\drivers\rimmptsk.sys
==================================================
==================================================
Filename : rimsptsk.sys
Address In Stack :
From Address : 0x93ed2000
To Address : 0x93ee6000
Size : 0x00014000
Time Stamp : 0x4a4322f6
Time String : 6/25/2009 8:10:46 AM
Product Name : Ricoh Memorystick Controller
File Description : RICOH MS Driver
File Version : 6.10.01.03
Company : REDC
Full Path : C:\Windows\system32\drivers\rimsptsk.sys
==================================================
==================================================
Filename : rixdptsk.sys
Address In Stack :
From Address : 0x93ee6000
To Address : 0x93f38000
Size : 0x00052000
Time Stamp : 0x4a432685
Time String : 6/25/2009 8:25:57 AM
Product Name : R5C852 Ricoh xD Controller
File Description : RICOH XD SM Driver
File Version : 6.10.01.04
Company : REDC
Full Path : C:\Windows\system32\drivers\rixdptsk.sys
==================================================
==================================================
Filename : i8042prt.sys
Address In Stack :
From Address : 0x93f38000
To Address : 0x93f50000
Size : 0x00018000
Time Stamp : 0x4a5bbf1b
Time String : 7/14/2009 12:11:23 AM
Product Name : Microsoft® Windows® Operating System
File Description : i8042 Port Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\i8042prt.sys
==================================================
==================================================
Filename : kbdclass.sys
Address In Stack :
From Address : 0x93f50000
To Address : 0x93f5d000
Size : 0x0000d000
Time Stamp : 0x4a5bbf13
Time String : 7/14/2009 12:11:15 AM
Product Name : Microsoft® Windows® Operating System
File Description : Keyboard Class Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\kbdclass.sys
==================================================
==================================================
Filename : SynTP.sys
Address In Stack :
From Address : 0x93f5d000
To Address : 0x93f89080
Size : 0x0002c080
Time Stamp : 0x4643ce79
Time String : 5/11/2007 3:01:29 AM
Product Name : Synaptics Pointing Device Driver
File Description : Synaptics Touchpad Driver
File Version : 9.2.5 10May07
Company : Synaptics, Inc.
Full Path : C:\Windows\system32\drivers\SynTP.sys
==================================================
==================================================
Filename : USBD.SYS
Address In Stack :
From Address : 0x93f8a000
To Address : 0x93f8b700
Size : 0x00001700
Time Stamp : 0x4d8c04b1
Time String : 3/25/2011 3:57:53 AM
Product Name : Microsoft® Windows® Operating System
File Description : Universal Serial Bus Driver
File Version : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\USBD.SYS
==================================================
==================================================
Filename : mouclass.sys
Address In Stack :
From Address : 0x93f8c000
To Address : 0x93f99000
Size : 0x0000d000
Time Stamp : 0x4a5bbf13
Time String : 7/14/2009 12:11:15 AM
Product Name : Microsoft® Windows® Operating System
File Description : Mouse Class Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mouclass.sys
==================================================
==================================================
Filename : CmBatt.sys
Address In Stack :
From Address : 0x93f99000
To Address : 0x93f9c700
Size : 0x00003700
Time Stamp : 0x4a5bc0f6
Time String : 7/14/2009 12:19:18 AM
Product Name : Microsoft® Windows® Operating System
File Description : Control Method Battery Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\CmBatt.sys
==================================================
==================================================
Filename : enecir.sys
Address In Stack :
From Address : 0x93f9d000
To Address : 0x93fb6000
Size : 0x00019000
Time Stamp : 0x4a482429
Time String : 6/29/2009 3:17:13 AM
Product Name : ENE Consumer IR Driver for eHome
File Description : ENE CIR Driver for eHome
File Version : 2.7.4.0
Company : ENE TECHNOLOGY INC.
Full Path : C:\Windows\system32\drivers\enecir.sys
==================================================
==================================================
Filename : wmiacpi.sys
Address In Stack :
From Address : 0x93fb6000
To Address : 0x93fbf000
Size : 0x00009000
Time Stamp : 0x4a5bc0f4
Time String : 7/14/2009 12:19:16 AM
Product Name : Microsoft® Windows® Operating System
File Description : Windows Management Interface for ACPI
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\wmiacpi.sys
==================================================
==================================================
Filename : CompositeBus.sys
Address In Stack :
From Address : 0x93fbf000
To Address : 0x93fcc000
Size : 0x0000d000
Time Stamp : 0x4ce799dd
Time String : 11/20/2010 10:50:21 AM
Product Name : Microsoft® Windows® Operating System
File Description : Multi-Transport Composite Bus Enumerator
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\CompositeBus.sys
==================================================
==================================================
Filename : AgileVpn.sys
Address In Stack :
From Address : 0x93fcc000
To Address : 0x93fde000
Size : 0x00012000
Time Stamp : 0x4a5bc954
Time String : 7/14/2009 12:55:00 AM
Product Name : Microsoft® Windows® Operating System
File Description : RAS Agile Vpn Miniport Call Manager
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\AgileVpn.sys
==================================================
==================================================
Filename : rasl2tp.sys
Address In Stack :
From Address : 0x93fde000
To Address : 0x93ff6000
Size : 0x00018000
Time Stamp : 0x4a5bc939
Time String : 7/14/2009 12:54:33 AM
Product Name : Microsoft® Windows® Operating System
File Description : RAS L2TP mini-port/call-manager driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rasl2tp.sys
==================================================
==================================================
Filename : ndistapi.sys
Address In Stack :
From Address : 0x93800000
To Address : 0x9380b000
Size : 0x0000b000
Time Stamp : 0x4a5bc930
Time String : 7/14/2009 12:54:24 AM
Product Name : Microsoft® Windows® Operating System
File Description : NDIS 3.0 connection wrapper driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndistapi.sys
==================================================
==================================================
Filename : ndiswan.sys
Address In Stack :
From Address : 0x91aff000
To Address : 0x91b21000
Size : 0x00022000
Time Stamp : 0x4ce79df4
Time String : 11/20/2010 11:07:48 AM
Product Name : Microsoft® Windows® Operating System
File Description : MS PPP Framing Driver (Strong Encryption)
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndiswan.sys
==================================================
==================================================
Filename : raspppoe.sys
Address In Stack :
From Address : 0x91b21000
To Address : 0x91b39000
Size : 0x00018000
Time Stamp : 0x4a5bc94d
Time String : 7/14/2009 12:54:53 AM
Product Name : Microsoft® Windows® Operating System
File Description : RAS PPPoE mini-port/call-manager driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\raspppoe.sys
==================================================
==================================================
Filename : raspptp.sys
Address In Stack :
From Address : 0x91b39000
To Address : 0x91b50000
Size : 0x00017000
Time Stamp : 0x4a5bc947
Time String : 7/14/2009 12:54:47 AM
Product Name : Microsoft® Windows® Operating System
File Description : Peer-to-Peer Tunneling Protocol
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\raspptp.sys
==================================================
==================================================
Filename : rassstp.sys
Address In Stack :
From Address : 0x91b50000
To Address : 0x91b67000
Size : 0x00017000
Time Stamp : 0x4a5bc951
Time String : 7/14/2009 12:54:57 AM
Product Name : Microsoft® Windows® Operating System
File Description : RAS SSTP Miniport Call Manager
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rassstp.sys
==================================================
==================================================
Filename : rdpbus.sys
Address In Stack :
From Address : 0x9380b000
To Address : 0x93815000
Size : 0x0000a000
Time Stamp : 0x4a5bcb20
Time String : 7/14/2009 1:02:40 AM
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft RDP Bus Device driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdpbus.sys
==================================================
==================================================
Filename : swenum.sys
Address In Stack :
From Address : 0x93815000
To Address : 0x93816380
Size : 0x00001380
Time Stamp : 0x4a5bc704
Time String : 7/14/2009 12:45:08 AM
Product Name : Microsoft® Windows® Operating System
File Description : Plug and Play Software Device Enumerator
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\swenum.sys
==================================================
==================================================
Filename : ks.sys
Address In Stack :
From Address : 0x91b67000
To Address : 0x91b9b000
Size : 0x00034000
Time Stamp : 0x4ce799d9
Time String : 11/20/2010 10:50:17 AM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel CSA Library
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ks.sys
==================================================
==================================================
Filename : circlass.sys
Address In Stack :
From Address : 0x91b9b000
To Address : 0x91ba9000
Size : 0x0000e000
Time Stamp : 0x4a5bc875
Time String : 7/14/2009 12:51:17 AM
Product Name : Microsoft® Windows® Operating System
File Description : Consumer IR Class Driver for eHome
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\circlass.sys
==================================================
==================================================
Filename : umbus.sys
Address In Stack :
From Address : 0x91ba9000
To Address : 0x91bb7000
Size : 0x0000e000
Time Stamp : 0x4ce79c37
Time String : 11/20/2010 11:00:23 AM
Product Name : Microsoft® Windows® Operating System
File Description : User-Mode Bus Enumerator
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\umbus.sys
==================================================
==================================================
Filename : usbhub.sys
Address In Stack :
From Address : 0x91bb7000
To Address : 0x91bfb000
Size : 0x00044000
Time Stamp : 0x4d8c04da
Time String : 3/25/2011 3:58:34 AM
Product Name : Microsoft® Windows® Operating System
File Description : Default Hub Driver for USB
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbhub.sys
==================================================
==================================================
Filename : NDProxy.SYS
Address In Stack :
From Address : 0x91400000
To Address : 0x91411000
Size : 0x00011000
Time Stamp : 0x4ce79deb
Time String : 11/20/2010 11:07:39 AM
Product Name : Microsoft® Windows® Operating System
File Description : NDIS Proxy
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\NDProxy.SYS
==================================================
==================================================
Filename : RTKVHDA.sys
Address In Stack :
From Address : 0x82008000
To Address : 0x823683c0
Size : 0x003603c0
Time Stamp : 0x4e9d6673
Time String : 10/18/2011 12:43:47 PM
Product Name : Realtek® High Definition Audio Function Driver
File Description : Realtek® High Definition Audio Function Driver
File Version : 6.0.1.6482 built by: WinDDK
Company : Realtek Semiconductor Corp.
Full Path : C:\Windows\system32\drivers\RTKVHDA.sys
==================================================
==================================================
Filename : portcls.sys
Address In Stack :
From Address : 0x82369000
To Address : 0x82398000
Size : 0x0002f000
Time Stamp : 0x4a5bc864
Time String : 7/14/2009 12:51:00 AM
Product Name : Microsoft® Windows® Operating System
File Description : Port Class (Class Driver for Port/Miniport Devices)
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\portcls.sys
==================================================
==================================================
Filename : drmk.sys
Address In Stack :
From Address : 0x82398000
To Address : 0x823b1000
Size : 0x00019000
Time Stamp : 0x4a5bd2f5
Time String : 7/14/2009 1:36:05 AM
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Trusted Audio Drivers
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\drmk.sys
==================================================
==================================================
Filename : HSXHWAZL.sys
Address In Stack :
From Address : 0x823b1000
To Address : 0x823ee000
Size : 0x0003d000
Time Stamp : 0x4995dee7
Time String : 2/13/2009 9:58:15 PM
Product Name : SoftK56 Modem Driver
File Description : HSF_HWAZL WDM driver
File Version : 7.80.4.0 built by: WinDDK
Company : Conexant Systems, Inc.
Full Path : C:\Windows\system32\drivers\HSXHWAZL.sys
==================================================
==================================================
Filename : HSX_DPV.sys
Address In Stack :
From Address : 0x90580000
To Address : 0x90682000
Size : 0x00102000
Time Stamp : 0x4995df61
Time String : 2/13/2009 10:00:17 PM
Product Name : SoftK56 Modem Driver
File Description : HSF_DP driver
File Version : 7.80.4.0 built by: WinDDK
Company : Conexant Systems, Inc.
Full Path : C:\Windows\system32\drivers\HSX_DPV.sys
==================================================
==================================================
Filename : HSX_CNXT.sys
Address In Stack :
From Address : 0x90682000
To Address : 0x90737000
Size : 0x000b5000
Time Stamp : 0x4995deb5
Time String : 2/13/2009 9:57:25 PM
Product Name : SoftK56 Modem Driver
File Description : HSF_CNXT driver
File Version : 7.80.4.0 built by: WinDDK
Company : Conexant Systems, Inc.
Full Path : C:\Windows\system32\drivers\HSX_CNXT.sys
==================================================
==================================================
Filename : modem.sys
Address In Stack :
From Address : 0x823ee000
To Address : 0x823fb000
Size : 0x0000d000
Time Stamp : 0x4a5bc96c
Time String : 7/14/2009 12:55:24 AM
Product Name : Microsoft® Windows® Operating System
File Description : Modem Device Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\modem.sys
==================================================
==================================================
Filename : hidir.sys
Address In Stack :
From Address : 0x91411000
To Address : 0x91420000
Size : 0x0000f000
Time Stamp : 0x4a5bc868
Time String : 7/14/2009 12:51:04 AM
Product Name : Microsoft® Windows® Operating System
File Description : Infrared Miniport Driver for Input Devices
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\hidir.sys
==================================================
==================================================
Filename : HIDCLASS.SYS
Address In Stack :
From Address : 0x90737000
To Address : 0x9074a000
Size : 0x00013000
Time Stamp : 0x4ce79c09
Time String : 11/20/2010 10:59:37 AM
Product Name : Microsoft® Windows® Operating System
File Description : Hid Class Library
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HIDCLASS.SYS
==================================================
==================================================
Filename : HIDPARSE.SYS
Address In Stack :
From Address : 0x82000000
To Address : 0x82006480
Size : 0x00006480
Time Stamp : 0x4a5bc863
Time String : 7/14/2009 12:50:59 AM
Product Name : Microsoft® Windows® Operating System
File Description : Hid Parsing Library
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HIDPARSE.SYS
==================================================
==================================================
Filename : kbdhid.sys
Address In Stack :
From Address : 0x9074a000
To Address : 0x90756000
Size : 0x0000c000
Time Stamp : 0x4ce799d2
Time String : 11/20/2010 10:50:10 AM
Product Name : Microsoft® Windows® Operating System
File Description : HID Keyboard Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\kbdhid.sys
==================================================
==================================================
Filename : mouhid.sys
Address In Stack :
From Address : 0x90756000
To Address : 0x90761000
Size : 0x0000b000
Time Stamp : 0x4a5bc704
Time String : 7/14/2009 12:45:08 AM
Product Name : Microsoft® Windows® Operating System
File Description : HID Mouse Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mouhid.sys
==================================================
==================================================
Filename : win32k.sys
Address In Stack :
From Address : 0x950f0000
To Address : 0x95340000
Size : 0x00250000
Time Stamp : 0x4ecdc722
Time String : 11/24/2011 5:25:06 AM
Product Name : Microsoft® Windows® Operating System
File Description : Multi-User Win32 Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\win32k.sys
==================================================
==================================================
Filename : Dxapi.sys
Address In Stack :
From Address : 0x93ff6000
To Address : 0x94000000
Size : 0x0000a000
Time Stamp : 0x4a5bc265
Time String : 7/14/2009 12:25:25 AM
Product Name : Microsoft® Windows® Operating System
File Description : DirectX API Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Dxapi.sys
==================================================
==================================================
Filename : usbccgp.sys
Address In Stack :
From Address : 0x9078a000
To Address : 0x907a1000
Size : 0x00017000
Time Stamp : 0x4d8c04be
Time String : 3/25/2011 3:58:06 AM
Product Name : Microsoft® Windows® Operating System
File Description : USB Common Class Generic Parent Driver
File Version : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbccgp.sys
==================================================
==================================================
Filename : ZTEusbser6k.sys
Address In Stack :
From Address : 0x907a1000
To Address : 0x907baa80
Size : 0x00019a80
Time Stamp : 0x4aceb1af
Time String : 10/9/2009 4:44:47 AM
Product Name : ZTE USB Modem/Serial Device Driver
File Description : USB Modem/Serial Device Driver
File Version : 1.2059.0.8
Company : ZTE Incorporated
Full Path : C:\Windows\system32\drivers\ZTEusbser6k.sys
==================================================
==================================================
Filename : ZTEusbnmea.sys
Address In Stack :
From Address : 0x907bb000
To Address : 0x907d4a80
Size : 0x00019a80
Time Stamp : 0x4aceb1af
Time String : 10/9/2009 4:44:47 AM
Product Name : ZTE USB Modem/Serial Device Driver
File Description : USB Modem/Serial Device Driver
File Version : 1.2059.0.8
Company : ZTE Incorporated
Full Path : C:\Windows\system32\drivers\ZTEusbnmea.sys
==================================================
==================================================
Filename : USBSTOR.SYS
Address In Stack :
From Address : 0x907d5000
To Address : 0x907ec000
Size : 0x00017000
Time Stamp : 0x4d799e88
Time String : 3/11/2011 5:01:12 AM
Product Name : Microsoft® Windows® Operating System
File Description : USB Mass Storage Class Driver
File Version : 6.1.7601.17577 (win7sp1_gdr.110310-1504)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\USBSTOR.SYS
==================================================
==================================================
Filename : ZTEusbmdm6k.sys
Address In Stack :
From Address : 0x89e9a000
To Address : 0x89eb3a80
Size : 0x00019a80
Time Stamp : 0x4aceb1af
Time String : 10/9/2009 4:44:47 AM
Product Name : ZTE USB Modem/Serial Device Driver
File Description : USB Modem/Serial Device Driver
File Version : 1.2059.0.8
Company : ZTE Incorporated
Full Path : C:\Windows\system32\drivers\ZTEusbmdm6k.sys
==================================================
==================================================
Filename : monitor.sys
Address In Stack :
From Address : 0x907ec000
To Address : 0x907f7000
Size : 0x0000b000
Time Stamp : 0x4a5bc286
Time String : 7/14/2009 12:25:58 AM
Product Name : Microsoft® Windows® Operating System
File Description : Monitor Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\monitor.sys
==================================================
==================================================
Filename : TSDDD.dll
Address In Stack :
From Address : 0x95350000
To Address : 0x95359000
Size : 0x00009000
Time Stamp : 0x4a5bcae4
Time String : 7/14/2009 1:01:40 AM
Product Name : Microsoft® Windows® Operating System
File Description : Framebuffer Display Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\TSDDD.dll
==================================================
==================================================
Filename : cdd.dll
Address In Stack :
From Address : 0x95380000
To Address : 0x9539e000
Size : 0x0001e000
Time Stamp : 0x4ce7b773
Time String : 11/20/2010 12:56:35 PM
Product Name : Microsoft® Windows® Operating System
File Description : Canonical Display Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\cdd.dll
==================================================
==================================================
Filename : ATMFD.DLL
Address In Stack :
From Address : 0x953a0000
To Address : 0x953ed000
Size : 0x0004d000
Time Stamp : 0x4d5f486d
Time String : 2/19/2011 5:34:53 AM
Product Name : Adobe Type Manager
File Description : Windows NT OpenType/Type 1 Font Driver
File Version : 5.1 Build 234
Company : Adobe Systems Incorporated
Full Path : C:\Windows\system32\ATMFD.DLL
==================================================
==================================================
Filename : luafv.sys
Address In Stack :
From Address : 0xaa439000
To Address : 0xaa454000
Size : 0x0001b000
Time Stamp : 0x4a5bc020
Time String : 7/14/2009 12:15:44 AM
Product Name : Microsoft® Windows® Operating System
File Description : LUA File Virtualization Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\luafv.sys
==================================================
==================================================
Filename : aswMonFlt.sys
Address In Stack :
From Address : 0xaa454000
To Address : 0xaa48c000
Size : 0x00038000
Time Stamp : 0x4ed3ca46
Time String : 11/28/2011 6:52:06 PM
Product Name : avast! Antivirus System
File Description : avast! File System Minifilter for Windows 2003/Vista
File Version : 6.0.1367.0
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswMonFlt.sys
==================================================
==================================================
Filename : aswFsBlk.SYS
Address In Stack :
From Address : 0xaa48c000
To Address : 0xaa48ef00
Size : 0x00002f00
Time Stamp : 0x4ed3ca35
Time String : 11/28/2011 6:51:49 PM
Product Name : avast! Antivirus System
File Description : avast! File System Access Blocking Driver
File Version : 6.0.1367.0
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswFsBlk.SYS
==================================================
==================================================
Filename : WudfPf.sys
Address In Stack :
From Address : 0xaa48f000
To Address : 0xaa4a9000
Size : 0x0001a000
Time Stamp : 0x4ce79bdf
Time String : 11/20/2010 10:58:55 AM
Product Name : Microsoft® Windows® Operating System
File Description : Windows Driver Foundation - User-mode Driver Framework Platform Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\WudfPf.sys
==================================================
==================================================
Filename : lltdio.sys
Address In Stack :
From Address : 0xaa4a9000
To Address : 0xaa4b9000
Size : 0x00010000
Time Stamp : 0x4a5bc8ee
Time String : 7/14/2009 12:53:18 AM
Product Name : Microsoft® Windows® Operating System
File Description : Link-Layer Topology Mapper I/O Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\lltdio.sys
==================================================
==================================================
Filename : nwifi.sys
Address In Stack :
From Address : 0xaa4b9000
To Address : 0xaa4ff000
Size : 0x00046000
Time Stamp : 0x4a5bc89f
Time String : 7/14/2009 12:51:59 AM
Product Name : Microsoft® Windows® Operating System
File Description : NativeWiFi Miniport Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\nwifi.sys
==================================================
==================================================
Filename : ndisuio.sys
Address In Stack :
From Address : 0xaa4ff000
To Address : 0xaa50f000
Size : 0x00010000
Time Stamp : 0x4ce79dac
Time String : 11/20/2010 11:06:36 AM
Product Name : Microsoft® Windows® Operating System
File Description : NDIS User mode I/O driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndisuio.sys
==================================================
==================================================
Filename : rspndr.sys
Address In Stack :
From Address : 0xaa50f000
To Address : 0xaa522000
Size : 0x00013000
Time Stamp : 0x4a5bc8f0
Time String : 7/14/2009 12:53:20 AM
Product Name : Microsoft® Windows® Operating System
File Description : Link-Layer Topology Responder Driver for NDIS 6
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rspndr.sys
==================================================
==================================================
Filename : bowser.sys
Address In Stack :
From Address : 0xaa522000
To Address : 0xaa53b000
Size : 0x00019000
Time Stamp : 0x4d649164
Time String : 2/23/2011 5:47:32 AM
Product Name : Microsoft® Windows® Operating System
File Description : NT Lan Manager Datagram Receiver Driver
File Version : 6.1.7601.17565 (win7sp1_gdr.110222-1630)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\bowser.sys
==================================================
==================================================
Filename : mpsdrv.sys
Address In Stack :
From Address : 0xaa53b000
To Address : 0xaa54d000
Size : 0x00012000
Time Stamp : 0x4a5bc8d4
Time String : 7/14/2009 12:52:52 AM
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Protection Service Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mpsdrv.sys
==================================================
==================================================
Filename : mrxsmb.sys
Address In Stack :
From Address : 0xaa54d000
To Address : 0xaa570000
Size : 0x00023000
Time Stamp : 0x4db77cb0
Time String : 4/27/2011 3:17:20 AM
Product Name : Microsoft® Windows® Operating System
File Description : Windows NT SMB Minirdr
File Version : 6.1.7601.17605 (win7sp1_gdr.110426-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mrxsmb.sys
==================================================
==================================================
Filename : mrxsmb10.sys
Address In Stack :
From Address : 0xaa570000
To Address : 0xaa5ab000
Size : 0x0003b000
Time Stamp : 0x4e17bd25
Time String : 7/9/2011 3:29:57 AM
Product Name : Microsoft® Windows® Operating System
File Description : Longhorn SMB Downlevel SubRdr
File Version : 6.1.7601.17647 (win7sp1_gdr.110708-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mrxsmb10.sys
==================================================
==================================================
Filename : mrxsmb20.sys
Address In Stack :
From Address : 0xaa5ab000
To Address : 0xaa5c6000
Size : 0x0001b000
Time Stamp : 0x4db77cb6
Time String : 4/27/2011 3:17:26 AM
Product Name : Microsoft® Windows® Operating System
File Description : Longhorn SMB 2.0 Redirector
File Version : 6.1.7601.17605 (win7sp1_gdr.110426-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mrxsmb20.sys
==================================================
==================================================
Filename : cdrpdacc.sys
Address In Stack :
From Address : 0xaa5de000
To Address : 0xaa5df2c0
Size : 0x000012c0
Time Stamp : 0x3f9ed925
Time String : 10/28/2003 10:01:25 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : HTTP.sys
Address In Stack :
From Address : 0xaa5e0000
To Address : 0xaa665000
Size : 0x00085000
Time Stamp : 0x4ce78971
Time String : 11/20/2010 9:40:17 AM
Product Name : Microsoft® Windows® Operating System
File Description : HTTP Protocol Stack
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HTTP.sys
==================================================
==================================================
Filename : mdmxsdk.sys
Address In Stack :
From Address : 0xaa665000
To Address : 0xaa668180
Size : 0x00003180
Time Stamp : 0x449716a3
Time String : 6/19/2006 10:26:59 PM
Product Name : Diagnostic Interface x86 Driver
File Description : Diagnostic Interface x86 Driver
File Version : 1.0.2.012
Company : Conexant
Full Path : C:\Windows\system32\drivers\mdmxsdk.sys
==================================================
==================================================
Filename : peauth.sys
Address In Stack :
From Address : 0xaa669000
To Address : 0xaa700000
Size : 0x00097000
Time Stamp : 0x4a5bd2e0
Time String : 7/14/2009 1:35:44 AM
Product Name : Microsoft® Windows® Operating System
File Description : Protected Environment Authentication and Authorization Export Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\peauth.sys
==================================================
==================================================
Filename : secdrv.SYS
Address In Stack :
From Address : 0xaa700000
To Address : 0xaa70a000
Size : 0x0000a000
Time Stamp : 0x45080528
Time String : 9/13/2006 2:18:32 PM
Product Name : Macrovision SECURITY Driver
File Description : Macrovision SECURITY Driver
File Version : 4.03.086
Company : Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
Full Path : C:\Windows\system32\drivers\secdrv.SYS
==================================================
==================================================
Filename : srvnet.sys
Address In Stack :
From Address : 0xaa70a000
To Address : 0xaa72b000
Size : 0x00021000
Time Stamp : 0x4dba2670
Time String : 4/29/2011 3:46:08 AM
Product Name : Microsoft® Windows® Operating System
File Description : Server Network driver
File Version : 6.1.7601.17608 (win7sp1_gdr.110428-1525)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\srvnet.sys
==================================================
==================================================
Filename : tcpipreg.sys
Address In Stack :
From Address : 0xaa72b000
To Address : 0xaa738000
Size : 0x0000d000
Time Stamp : 0x4ce79dd1
Time String : 11/20/2010 11:07:13 AM
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Registry Compatibility Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tcpipreg.sys
==================================================
==================================================
Filename : XAudio32.sys
Address In Stack :
From Address : 0xaa738000
To Address : 0xaa740000
Size : 0x00008000
Time Stamp : 0x49f89a87
Time String : 4/29/2009 7:20:55 PM
Product Name : SoftK56 Modem Driver
File Description : Modem Audio Device Driver
File Version : 1.00.23.00 built by: WinDDK
Company : Conexant Systems, Inc.
Full Path : C:\Windows\system32\drivers\XAudio32.sys
==================================================
==================================================
Filename : srv2.sys
Address In Stack :
From Address : 0xaa740000
To Address : 0xaa790000
Size : 0x00050000
Time Stamp : 0x4dba2675
Time String : 4/29/2011 3:46:13 AM
Product Name : Microsoft® Windows® Operating System
File Description : Smb 2.0 Server driver
File Version : 6.1.7601.17608 (win7sp1_gdr.110428-1525)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\srv2.sys
==================================================
==================================================
Filename : srv.sys
Address In Stack :
From Address : 0xaa790000
To Address : 0xaa7e2000
Size : 0x00052000
Time Stamp : 0x4dba2686
Time String : 4/29/2011 3:46:30 AM
Product Name : Microsoft® Windows® Operating System
File Description : Server driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\srv.sys
==================================================
==================================================
Filename : asyncmac.sys
Address In Stack :
From Address : 0xaa421000
To Address : 0xaa42a000
Size : 0x00009000
Time Stamp : 0x4a5bc946
Time String : 7/14/2009 12:54:46 AM
Product Name : Microsoft® Windows® Operating System
File Description : MS Remote Access serial network driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\asyncmac.sys
==================================================
==================================================
Filename : mbam.sys
Address In Stack :
From Address : 0xaa42a000
To Address : 0xaa42d780
Size : 0x00003780
Time Stamp : 0x4eb1408d
Time String : 11/2/2011 2:07:25 PM
Product Name : Malwarebytes' Anti-Malware
File Description : Malwarebytes' Anti-Malware
File Version : 1.60.0.0002 built by: WinDDK
Company : Malwarebytes Corporation
Full Path : C:\Windows\system32\drivers\mbam.sys
==================================================
==================================================
Filename : uwdirpod.sys
Address In Stack :
From Address : 0xaa7e2000
To Address : 0xaa7faa00
Size : 0x00018a00
Time Stamp : 0x4e21f298
Time String : 7/16/2011 9:20:40 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : mbamswissarmy.sys
Address In Stack :
From Address : 0xaa400000
To Address : 0xaa408000
Size : 0x00008000
Time Stamp : 0x4e807679
Time String : 9/26/2011 1:56:25 PM
Product Name : Malwarebytes' Anti-Malware
File Description : Malwarebytes' Anti-Malware
File Version : 1.60.0.0000 built by: WinDDK
Company : Malwarebytes Corporation
Full Path : C:\Windows\system32\drivers\mbamswissarmy.sys
==================================================
==================================================
Filename : crashdmp.sys
Address In Stack :
From Address : 0xd24a5000
To Address : 0xd24b2000
Size : 0x0000d000
Time Stamp : 0x4a5bc72e
Time String : 7/14/2009 12:45:50 AM
Product Name : Microsoft® Windows® Operating System
File Description : Crash Dump Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\crashdmp.sys
==================================================
==================================================
Filename : dump_pciidex.sys
Address In Stack :
From Address : 0xd24b2000
To Address : 0xd24bd000
Size : 0x0000b000
Time Stamp : 0x4a5bbf14
Time String : 7/14/2009 12:11:16 AM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : dump_msahci.sys
Address In Stack :
From Address : 0xd24bd000
To Address : 0xd24c7000
Size : 0x0000a000
Time Stamp : 0x4ce799f8
Time String : 11/20/2010 10:50:48 AM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : dump_dumpfve.sys
Address In Stack :
From Address : 0xd24c7000
To Address : 0xd24d8000
Size : 0x00011000
Time Stamp : 0x4a5bbf6f
Time String : 7/14/2009 12:12:47 AM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
(Please, do not close the topic yet and still have in mind my status regarding internet and 5-day rule)
Edited by Fidel Castro, 04 February 2012 - 11:26 AM.