Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSOD 'ataport.sys' when running MalwareBytes Anti-Malware [Clo


  • This topic is locked This topic is locked

#1
Fidel Castro

Fidel Castro

    Member

  • Member
  • PipPipPip
  • 162 posts
Aloha guys,

I have a problem on my notebook which I didn't even realize in the recent weeks because I did not run 'MalwareBytes Anti-Malware' scans recently.

Yesterday, I tried to run a Full Scan with 'MalwareBytes Anti-Malware' and after 2-3 minutes (when it was still scanning Windows files) the computer crushed and a blue screen appeared. In the blue screen I could clearly see that the file that caused the problem is 'ataport.sys'.

After the BSOD, the computer restarts and everything seems fine.

I tried to re-install 'MalwareBytes Anti-Malware' and then try again but same thing happened. So far I tried to run 'MalwareBytes Anti-Malware' scan 3 times and every time the same thing would happen.

I have no problems at all regarding 'usual virus/malware symptoms' such as slow computer, pop-up ads, weird toolbars, strange homepages etc. My notebook is running perfectly but I cannot make a scan with 'MalwareBytes Anti-Malware' because it crashes, showing BSOD.

I was reading a lot on the internet regarding this problem but I didn't find any solution which I'd be satisfied with.

Since I've read that the 'ataport.sys' is 'driver-related' file, I'd like to mention that I had installed some kind of 'driver updater' two weeks ago that maybe created a problem. I'm not sure what was the exact name of the software but it was on some popular download website for free software. After a week I was not satisfied with it and I uninstalled it.


Before posting some logs I'd like to post a screenshot of my 'Search' when typing 'ataport' because I've read somewhere that the mentioned file should be found only in 'system32' but I didn't want to remove the rest manually or do anything similar.

Posted Image





Now, here is the 'OTL.Txt' log:


OTL logfile created on: 1/24/2012 1:59:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Daniel\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 40.42% Memory free
3.98 Gb Paging File | 2.40 Gb Available in Paging File | 60.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.50 Gb Total Space | 23.72 Gb Free Space | 40.55% Space Free | Partition Type: NTFS
Drive D: | 90.45 Gb Total Space | 19.49 Gb Free Space | 21.55% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/24 13:40:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/07/10 23:49:56 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/08 14:49:48 | 000,159,744 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011/03/21 13:19:36 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/14 21:28:46 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2011/02/14 21:13:53 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/04 19:38:48 | 007,763,800 | ---- | M] () -- C:\Program Files\Mobinil USB modem\UIMain.exe
PRC - [2010/04/07 04:01:40 | 035,444,688 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe
PRC - [2010/03/29 16:32:50 | 000,129,872 | ---- | M] () -- C:\Program Files\Mobinil USB modem\AutoDect.exe
PRC - [2010/02/22 04:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
PRC - [2009/12/07 12:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/28 17:39:19 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/10 23:49:56 | 001,014,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/09/04 19:39:00 | 001,185,632 | ---- | M] () -- C:\Program Files\Mobinil USB modem\WaitingForm.dll
MOD - [2010/09/04 19:38:48 | 007,763,800 | ---- | M] () -- C:\Program Files\Mobinil USB modem\UIMain.exe
MOD - [2010/09/04 19:38:04 | 001,008,488 | ---- | M] () -- C:\Program Files\Mobinil USB modem\DLL_Netcard_R.dll
MOD - [2010/04/07 02:34:46 | 000,033,280 | ---- | M] () -- C:\Program Files\Adobe\Adobe Photoshop CS5\QuickTimeGlue.dll
MOD - [2010/03/29 16:32:50 | 000,129,872 | ---- | M] () -- C:\Program Files\Mobinil USB modem\AutoDect.exe
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\Winrar\RarExt.dll
MOD - [2010/02/22 04:50:20 | 000,060,416 | ---- | M] () -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\zlib1.dll
MOD - [2009/07/14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2004/04/15 21:03:46 | 000,215,040 | ---- | M] () -- C:\Program Files\Quintessential Player\QCDIcons.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [On_Demand | Stopped] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011/02/14 21:28:46 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2011/01/08 03:00:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/12/07 12:49:24 | 000,040,960 | ---- | M] (Realtek) [On_Demand | Running] -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/30 01:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/07 13:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel®
DRV - [2010/01/07 04:20:22 | 000,375,808 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8187.sys -- (RTL8187)
DRV - [2010/01/01 21:37:59 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/05 16:55:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/11/05 16:55:04 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/11/05 16:55:02 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/11/05 16:55:02 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/06/28 17:17:00 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 15:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 15:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/30 01:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/08/02 16:46:22 | 000,156,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/12/06 00:16:15 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\Quintessential Player\cdrpdacc.sys -- (CDRPDACC) Quinnware CDDA Driver (by InfinaDyne)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=101916&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 8A 5A 4A DC A1 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.29
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.740
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1367

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll4882); File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Daniel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/14 21:14:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2012/01/14 15:26:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/24 00:57:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/10 23:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 14:45:18 | 000,000,000 | ---D | M]

[2010/02/01 18:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2012/01/24 11:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\r7uffut7.default\extensions
[2011/10/19 11:27:12 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\r7uffut7.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/10/19 11:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\r7uffut7.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2012/01/24 11:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/11 17:18:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/03/13 02:26:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/28 17:27:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/04/27 22:25:31 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2011/09/18 22:24:18 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2011/04/27 22:25:29 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2011/09/18 22:24:09 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2012/01/24 00:57:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/01/14 15:26:51 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2011/02/14 21:14:14 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/09/09 05:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Daniel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Skype Click to Call = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\

O1 HOSTS File: ([2011/01/02 13:39:11 | 000,001,710 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 forum.alcohol-soft.com
O1 - Hosts: 127.0.0.1 support.alcohol-soft.com
O1 - Hosts: 127.0.0.1 users.alcohol-soft.com
O1 - Hosts: 127.0.0.1 shop.alcohol-soft.com
O1 - Hosts: 127.0.0.1 vodka.alcohol-soft.com
O1 - Hosts: 127.0.0.1 *.alcohol-soft.com
O1 - Hosts: 127.0.0.1 *.alcohol-soft.*
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 3 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [autodetect] C:\Program Files\Mobinil USB modem\AutoDect.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E287B4DF-33BB-41BD-87B7-2FBD10F22B7C}: NameServer = 213.131.66.248 213.131.66.246
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) -C:\Windows\System32\RtlGina\RtlGina.dll (Realtek)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/24 13:38:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2012/01/24 00:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/24 00:58:26 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/24 00:58:26 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/24 00:58:24 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/01/24 00:58:23 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/24 00:58:21 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/01/24 00:58:16 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/01/24 00:57:49 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/01/24 00:57:49 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/24 00:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/24 00:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/24 00:36:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\DOSBox
[2012/01/24 00:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.73
[2012/01/24 00:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.73
[2012/01/23 11:21:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/20 10:16:38 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2012/01/20 10:16:38 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2012/01/20 10:16:38 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2012/01/20 10:16:38 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2012/01/20 10:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobinil USB modem
[2012/01/20 10:16:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\SupportAppXL
[2012/01/20 10:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mobinil USB modem
[2012/01/17 15:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2012/01/14 15:28:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\PC Suite
[2012/01/14 15:28:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Nokia
[2012/01/14 15:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2012/01/14 15:26:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[2012/01/14 15:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2012/01/14 15:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2012/01/14 15:26:43 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012/01/14 15:26:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/01/14 15:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012/01/14 15:26:17 | 000,075,264 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2012/01/14 15:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2012/01/14 15:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2012/01/14 15:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/01/14 14:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/01/14 14:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/01/14 14:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/14 14:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/01/14 14:42:29 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/01/06 01:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\{012D4027-47E3-4197-8E6F-872F11EF57BD}
[2011/12/30 16:21:44 | 000,000,000 | R--D | C] -- C:\Users\Daniel\Documents\Notes
[2011/12/26 17:41:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Help
[2011/12/26 17:41:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Help
[7 C:\Users\Daniel\Documents\*.tmp files -> C:\Users\Daniel\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/24 13:58:36 | 000,180,131 | ---- | M] () -- C:\Users\Daniel\Desktop\ataport.jpg
[2012/01/24 13:58:36 | 000,001,456 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/01/24 13:50:04 | 000,007,599 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
[2012/01/24 13:40:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2012/01/24 13:25:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/24 11:43:31 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 11:43:31 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 11:16:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/24 08:54:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/24 08:53:31 | 1602,760,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/24 03:28:17 | 003,776,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/24 03:02:44 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/24 03:02:44 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/24 00:58:16 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/23 22:08:23 | 000,034,113 | ---- | M] () -- C:\Windows\Run32A50.mch
[2012/01/23 22:08:13 | 000,000,035 | ---- | M] () -- C:\Windows\A5W.INI
[2012/01/20 10:16:31 | 000,001,872 | ---- | M] () -- C:\Users\Daniel\Desktop\Mobinil USB modem.lnk
[2012/01/14 17:41:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/01/14 17:41:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/01/14 01:13:01 | 000,001,502 | ---- | M] () -- C:\Users\Daniel\Documents\Svijeca.rtf
[2012/01/03 17:17:06 | 000,206,291 | ---- | M] () -- C:\Users\Daniel\Desktop\Domaca muzika - D disk.m3u8
[2012/01/03 11:32:27 | 000,274,778 | ---- | M] () -- C:\Users\Daniel\Desktop\Single Songs EHDD.m3u8
[2011/12/30 16:38:53 | 000,001,230 | ---- | M] () -- C:\Users\Daniel\Documents\KONTRA SMJER.rtf
[7 C:\Users\Daniel\Documents\*.tmp files -> C:\Users\Daniel\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 13:58:35 | 000,180,131 | ---- | C] () -- C:\Users\Daniel\Desktop\ataport.jpg
[2012/01/20 10:16:31 | 000,001,872 | ---- | C] () -- C:\Users\Daniel\Desktop\Mobinil USB modem.lnk
[2012/01/20 02:29:57 | 000,007,599 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
[2012/01/14 17:41:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/01/14 17:41:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/12/30 16:23:51 | 000,001,230 | ---- | C] () -- C:\Users\Daniel\Documents\KONTRA SMJER.rtf
[2011/12/26 21:45:11 | 000,001,502 | ---- | C] () -- C:\Users\Daniel\Documents\Svijeca.rtf
[2011/12/23 03:25:56 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/12/19 18:24:44 | 000,000,132 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/14 13:17:50 | 000,000,179 | ---- | C] () -- C:\Windows\w32dasm8.ini
[2011/10/28 20:16:01 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011/10/28 17:50:44 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011/10/04 16:25:35 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011/10/04 11:48:10 | 000,002,508 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\$_hpcst$.hpc
[2011/09/30 19:49:48 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2011/09/18 22:25:23 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2011/07/03 16:08:58 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/03 16:07:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/18 08:11:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\ColorSync
[2011/01/18 08:11:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Cocoa
[2011/01/18 08:11:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips
[2011/01/18 08:11:08 | 000,000,268 | RH-- | C] () -- C:\Users\Daniel\AppData\Roaming\Classical
[2011/01/18 08:11:08 | 000,000,268 | RH-- | C] () -- C:\Users\Daniel\AppData\Roaming\Classic Thick
[2011/01/18 08:11:08 | 000,000,268 | RH-- | C] () -- C:\Users\Daniel\AppData\Roaming\Chorus
[2011/01/18 08:11:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/01/18 08:11:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/01/18 08:11:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/01/14 19:33:42 | 000,001,456 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/01/02 00:59:18 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/01/01 23:46:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/02/01 12:16:49 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/02/01 12:16:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/02/01 12:16:48 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/02/01 12:16:48 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/02/01 12:16:48 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/02/01 12:16:47 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/23 19:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 003,776,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,627,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,107,366 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:17:08 | 000,016,497 | ---- | C] () -- C:\Windows\System32\fk2voydes.dll
[2009/07/14 00:17:08 | 000,016,062 | ---- | C] () -- C:\Windows\System32\op1voyfil.dll
[2009/07/14 00:17:08 | 000,006,930 | R--- | C] () -- C:\Windows\System32\wpwizapi.dll
[2009/07/14 00:17:08 | 000,004,732 | R--- | C] () -- C:\Windows\System32\dpxsockw.dll
[2009/07/14 00:17:08 | 000,000,140 | R--- | C] () -- C:\Windows\System32\mfcuiz32.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/12/05 15:07:16 | 000,032,256 | ---- | C] () -- C:\Windows\System32\dzbryce6.dll
[2006/12/05 15:00:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dzwrapper.dll
[2006/12/05 15:00:44 | 006,144,000 | ---- | C] () -- C:\Windows\System32\dzcore.dll
[2006/11/20 16:25:16 | 001,343,488 | ---- | C] () -- C:\Windows\System32\daz-qsa.dll
[2006/11/20 16:25:02 | 004,984,832 | ---- | C] () -- C:\Windows\System32\daz-qt-mt.dll

========== LOP Check ==========

[2011/10/23 13:30:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\7 Sticky Notes
[2011/10/18 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\BitComet
[2011/03/14 05:07:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1
[2011/02/14 21:28:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Netscape
[2011/04/16 02:20:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Nikon
[2012/01/14 18:56:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Nokia
[2012/01/14 17:41:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PC Suite
[2011/02/14 21:26:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Photodex
[2011/04/27 21:00:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Quest3D
[2011/06/13 20:46:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\RadarChaos
[2011/04/27 21:00:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Roaming
[2011/06/09 20:12:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Rovio
[2011/01/14 19:28:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/01/02 00:56:57 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\YoudaGames
[2012/01/24 08:09:13 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


[extra.txt. removed due privacy reasons]



Thanks in advance,

Fidel

Edited by Fidel Castro, 30 January 2012 - 03:18 PM.

  • 0

Advertisements


#2
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here:
    • OTL.txt <-- Will be opened

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti
  • 0

#3
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Thanks for replying.

Here is the updated OTL report following your instructions.



OTL logfile created on: 1/30/2012 10:10:08 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Daniel\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.49% Memory free
3.98 Gb Paging File | 2.44 Gb Available in Paging File | 61.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.50 Gb Total Space | 21.33 Gb Free Space | 36.47% Space Free | Partition Type: NTFS
Drive D: | 90.45 Gb Total Space | 17.49 Gb Free Space | 19.34% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/30 22:08:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2012/01/25 11:19:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/20 15:45:06 | 001,186,184 | ---- | M] (BienneSoft) -- C:\Program Files\YouTube Downloader\YouTubeDownloader.exe
PRC - [2011/11/28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/14 21:28:46 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/29 16:32:50 | 000,129,872 | ---- | M] () -- C:\Program Files\Mobinil USB modem\AutoDect.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2004/05/14 02:05:26 | 000,885,760 | ---- | M] (Quinnware) -- C:\Program Files\Quintessential Player\QCDPlayer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/25 11:50:42 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012/01/25 11:19:46 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2010/03/29 16:32:50 | 000,129,872 | ---- | M] () -- C:\Program Files\Mobinil USB modem\AutoDect.exe
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\Winrar\RarExt.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2005/07/13 22:39:52 | 000,073,728 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QMPBalloonTip.dll
MOD - [2004/05/14 02:05:22 | 000,526,848 | ---- | M] () -- C:\Program Files\Quintessential Player\Branding.dll
MOD - [2004/05/14 01:01:59 | 000,238,080 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QCDCdda.dll
MOD - [2004/05/12 01:22:20 | 000,124,416 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QCDVideo.dll
MOD - [2004/05/12 01:22:07 | 000,085,504 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QCDCddb.dll
MOD - [2004/05/12 00:27:33 | 000,006,656 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QCDmmkb.dll
MOD - [2004/05/12 00:27:30 | 000,078,848 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QCDWatch.dll
MOD - [2004/05/12 00:27:17 | 000,212,992 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QCDTagEdit.dll
MOD - [2004/05/12 00:27:03 | 000,019,968 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QCDTimer.dll
MOD - [2004/05/12 00:27:00 | 000,022,016 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QCDHotKeys.dll
MOD - [2004/05/12 00:26:54 | 000,019,968 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QCDPlaylists.dll
MOD - [2004/05/12 00:24:31 | 000,163,328 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QCDWMA.dll
MOD - [2004/05/12 00:24:24 | 000,097,280 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QCDWav.dll
MOD - [2004/05/12 00:24:17 | 000,256,512 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QCDVorbis.dll
MOD - [2004/05/12 00:24:09 | 000,134,144 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QCDVisPak.dll
MOD - [2004/05/12 00:24:00 | 000,016,384 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QCDWavOut.dll
MOD - [2004/05/12 00:23:57 | 000,247,808 | ---- | M] () -- c:\Program Files\Quintessential Player\Plugins\QCDMp3.dll
MOD - [2004/04/15 21:03:46 | 000,215,040 | ---- | M] () -- C:\Program Files\Quintessential Player\QCDIcons.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [On_Demand | Stopped] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011/02/14 21:28:46 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2011/01/08 03:00:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/12/07 12:49:24 | 000,040,960 | ---- | M] (Realtek) [On_Demand | Stopped] -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/30 01:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/07 13:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel®
DRV - [2010/01/07 04:20:22 | 000,375,808 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187.sys -- (RTL8187)
DRV - [2010/01/01 21:37:59 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/05 16:55:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/11/05 16:55:04 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/11/05 16:55:02 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/11/05 16:55:02 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/06/28 17:17:00 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 15:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 15:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/30 01:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/08/02 16:46:22 | 000,156,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/12/06 00:16:15 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\Quintessential Player\cdrpdacc.sys -- (CDRPDACC) Quinnware CDDA Driver (by InfinaDyne)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-731560342-2506985378-2738843783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=101916&l=dis
IE - HKU\S-1-5-21-731560342-2506985378-2738843783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-731560342-2506985378-2738843783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-731560342-2506985378-2738843783-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 8A 5A 4A DC A1 CA 01 [binary data]
IE - HKU\S-1-5-21-731560342-2506985378-2738843783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.29
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.740
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1367

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Daniel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/14 21:14:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2012/01/14 15:26:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/24 00:57:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/25 12:39:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/25 12:39:05 | 000,000,000 | ---D | M]

[2010/02/01 18:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2012/01/25 07:01:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\r7uffut7.default\extensions
[2011/10/19 11:27:12 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\r7uffut7.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/10/19 11:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\r7uffut7.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2012/01/25 11:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/11 17:18:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/27 22:25:31 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2011/09/18 22:24:18 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2011/04/27 22:25:29 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2011/09/18 22:24:09 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2012/01/25 11:19:46 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/09 05:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/25 11:19:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/25 11:19:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Daniel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Skype Click to Call = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\

O1 HOSTS File: ([2011/01/02 13:39:11 | 000,001,710 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 forum.alcohol-soft.com
O1 - Hosts: 127.0.0.1 support.alcohol-soft.com
O1 - Hosts: 127.0.0.1 users.alcohol-soft.com
O1 - Hosts: 127.0.0.1 shop.alcohol-soft.com
O1 - Hosts: 127.0.0.1 vodka.alcohol-soft.com
O1 - Hosts: 127.0.0.1 *.alcohol-soft.com
O1 - Hosts: 127.0.0.1 *.alcohol-soft.*
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 3 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-731560342-2506985378-2738843783-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [autodetect] C:\Program Files\Mobinil USB modem\AutoDect.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-731560342-2506985378-2738843783-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-731560342-2506985378-2738843783-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-731560342-2506985378-2738843783-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3021FFA-71CA-4CFB-915F-98423E0D82FA}: DhcpNameServer = 194.90.1.5 212.143.212.143
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC3E3223-6D9F-4788-A195-27BBD64776E4}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) -C:\Windows\System32\RtlGina\RtlGina.dll (Realtek)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk - C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe - (Acresso Software Inc.)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
MsConfig - StartUpReg: NBAgent - hkey= - key= - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig - StartUpReg: Nikon Message Center 2 - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 22:08:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2012/01/26 21:00:59 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/26 21:00:58 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/25 12:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Alternative
[2012/01/25 12:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2012/01/25 12:39:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Real
[2012/01/25 12:00:37 | 000,065,536 | ---- | C] (NirSoft) -- C:\Users\Daniel\Desktop\VideoCacheView.exe
[2012/01/25 04:08:52 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/01/25 04:08:51 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/01/25 04:08:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/01/25 04:08:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/01/25 04:08:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/01/25 04:08:46 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/01/24 15:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\YouTube Downloader
[2012/01/24 15:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2012/01/24 15:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2012/01/24 14:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/01/24 14:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/24 00:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/24 00:58:26 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/24 00:58:26 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/24 00:58:24 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/01/24 00:58:23 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/24 00:58:21 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/01/24 00:58:16 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/01/24 00:57:49 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/01/24 00:57:49 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/24 00:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/24 00:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/24 00:36:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\DOSBox
[2012/01/24 00:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.73
[2012/01/24 00:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.73
[2012/01/23 11:21:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/23 06:33:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/01/23 04:26:35 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/01/23 04:26:03 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/01/23 04:25:30 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/01/23 04:25:28 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/23 04:25:28 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/23 04:24:26 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/01/23 04:24:26 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/01/23 04:19:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/20 10:16:38 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2012/01/20 10:16:38 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2012/01/20 10:16:38 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2012/01/20 10:16:38 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2012/01/20 10:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobinil USB modem
[2012/01/20 10:16:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\SupportAppXL
[2012/01/20 10:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mobinil USB modem
[2012/01/17 15:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2012/01/14 15:28:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\PC Suite
[2012/01/14 15:28:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Nokia
[2012/01/14 15:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2012/01/14 15:26:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[2012/01/14 15:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2012/01/14 15:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2012/01/14 15:26:43 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012/01/14 15:26:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/01/14 15:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012/01/14 15:26:17 | 000,075,264 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2012/01/14 15:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2012/01/14 15:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2012/01/14 15:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/01/14 14:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/01/14 14:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/01/14 14:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/14 14:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/01/14 14:42:29 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/01/06 01:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\{012D4027-47E3-4197-8E6F-872F11EF57BD}
[7 C:\Users\Daniel\Documents\*.tmp files -> C:\Users\Daniel\Documents\*.tmp -> ]
[1 C:\Users\Daniel\Desktop\*.tmp files -> C:\Users\Daniel\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/30 22:08:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2012/01/30 22:06:59 | 125,881,679 | ---- | M] () -- C:\Users\Daniel\Desktop\Sergej Ćetković - 2 Minuta (cd_mc 2 Minuta).mp4
[2012/01/30 21:53:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/30 21:32:09 | 000,001,065 | ---- | M] () -- C:\Users\Daniel\Desktop\VideoCacheView.cfg
[2012/01/30 21:25:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/30 06:53:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/30 06:45:55 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/30 06:45:55 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/28 03:34:56 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/28 03:34:56 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/28 03:27:18 | 1602,760,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/26 23:56:02 | 003,773,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/26 23:29:49 | 013,609,399 | ---- | M] () -- C:\Users\Daniel\Desktop\flaFC94.flv
[2012/01/26 23:18:57 | 003,686,161 | ---- | M] () -- C:\Users\Daniel\Desktop\flaAB86.flv
[2012/01/26 23:07:25 | 000,001,149 | ---- | M] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012/01/26 20:00:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/25 17:08:02 | 000,007,599 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
[2012/01/25 11:50:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/01/25 11:20:25 | 000,001,998 | ---- | M] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/24 13:58:36 | 000,001,456 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/01/23 22:08:23 | 000,034,113 | ---- | M] () -- C:\Windows\Run32A50.mch
[2012/01/23 22:08:13 | 000,000,035 | ---- | M] () -- C:\Windows\A5W.INI
[2012/01/21 12:46:50 | 000,065,536 | ---- | M] (NirSoft) -- C:\Users\Daniel\Desktop\VideoCacheView.exe
[2012/01/20 10:16:31 | 000,001,872 | ---- | M] () -- C:\Users\Daniel\Desktop\Mobinil USB modem.lnk
[2012/01/14 17:41:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/01/14 17:41:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/01/14 01:13:01 | 000,001,502 | ---- | M] () -- C:\Users\Daniel\Documents\Svijeca.rtf
[2012/01/03 17:17:06 | 000,206,291 | ---- | M] () -- C:\Users\Daniel\Desktop\Domaca muzika - D disk.m3u8
[2012/01/03 11:32:27 | 000,274,778 | ---- | M] () -- C:\Users\Daniel\Desktop\Single Songs EHDD.m3u8
[7 C:\Users\Daniel\Documents\*.tmp files -> C:\Users\Daniel\Documents\*.tmp -> ]
[1 C:\Users\Daniel\Desktop\*.tmp files -> C:\Users\Daniel\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/30 21:54:56 | 125,881,679 | ---- | C] () -- C:\Users\Daniel\Desktop\Sergej Ćetković - 2 Minuta (cd_mc 2 Minuta).mp4
[2012/01/26 23:29:49 | 013,609,399 | ---- | C] () -- C:\Users\Daniel\Desktop\flaFC94.flv
[2012/01/26 23:18:57 | 003,686,161 | ---- | C] () -- C:\Users\Daniel\Desktop\flaAB86.flv
[2012/01/25 12:46:27 | 000,001,065 | ---- | C] () -- C:\Users\Daniel\Desktop\VideoCacheView.cfg
[2012/01/25 11:19:50 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/25 06:56:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/20 10:16:31 | 000,001,872 | ---- | C] () -- C:\Users\Daniel\Desktop\Mobinil USB modem.lnk
[2012/01/20 02:29:57 | 000,007,599 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
[2012/01/14 17:41:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/01/14 17:41:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/12/23 03:25:56 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/12/19 18:24:44 | 000,000,132 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/14 13:17:50 | 000,000,179 | ---- | C] () -- C:\Windows\w32dasm8.ini
[2011/10/28 20:16:01 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011/10/28 17:50:44 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011/10/04 16:25:35 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011/10/04 11:48:10 | 000,002,508 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\$_hpcst$.hpc
[2011/09/30 19:49:48 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2011/09/18 22:25:23 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2011/07/03 16:08:58 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/03 16:07:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/18 08:11:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\ColorSync
[2011/01/18 08:11:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Cocoa
[2011/01/18 08:11:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips
[2011/01/18 08:11:08 | 000,000,268 | RH-- | C] () -- C:\Users\Daniel\AppData\Roaming\Classical
[2011/01/18 08:11:08 | 000,000,268 | RH-- | C] () -- C:\Users\Daniel\AppData\Roaming\Classic Thick
[2011/01/18 08:11:08 | 000,000,268 | RH-- | C] () -- C:\Users\Daniel\AppData\Roaming\Chorus
[2011/01/18 08:11:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/01/18 08:11:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/01/18 08:11:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/01/14 19:33:42 | 000,001,456 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/01/02 00:59:18 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/01/01 23:46:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/02/01 12:16:49 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/02/01 12:16:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/02/01 12:16:48 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/02/01 12:16:48 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/02/01 12:16:48 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/02/01 12:16:47 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/23 19:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 003,773,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,627,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,107,366 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:17:08 | 000,016,497 | ---- | C] () -- C:\Windows\System32\fk2voydes.dll
[2009/07/14 00:17:08 | 000,016,062 | ---- | C] () -- C:\Windows\System32\op1voyfil.dll
[2009/07/14 00:17:08 | 000,006,930 | R--- | C] () -- C:\Windows\System32\wpwizapi.dll
[2009/07/14 00:17:08 | 000,004,732 | R--- | C] () -- C:\Windows\System32\dpxsockw.dll
[2009/07/14 00:17:08 | 000,000,140 | R--- | C] () -- C:\Windows\System32\mfcuiz32.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/12/05 15:07:16 | 000,032,256 | ---- | C] () -- C:\Windows\System32\dzbryce6.dll
[2006/12/05 15:00:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dzwrapper.dll
[2006/12/05 15:00:44 | 006,144,000 | ---- | C] () -- C:\Windows\System32\dzcore.dll
[2006/11/20 16:25:16 | 001,343,488 | ---- | C] () -- C:\Windows\System32\daz-qsa.dll
[2006/11/20 16:25:02 | 004,984,832 | ---- | C] () -- C:\Windows\System32\daz-qt-mt.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/01/01 21:37:59 | 000,436,792 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/11/28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswFsBlk.sys
[2011/11/28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswMonFlt.sys
[2011/11/28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswRdr.sys
[2011/11/28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSnx.sys
[2011/11/28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSP.sys
[2011/11/28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswTdi.sys
[2011/11/17 06:39:24 | 000,369,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cng.sys
[2011/11/17 06:41:52 | 000,067,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
[2011/11/17 06:41:51 | 000,134,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecpkg.sys
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< End of report >




P.S. I would really like to ask for an exemption with the '5 days rule' because I'm currently on board and sometimes I don't have internet access for longer than 5 days. Due to this, if I don't reply in 5 days it doesn't mean that I solved my problem but that I've been without internet for the last 5 days and that I will make a reply as soon as I get the possibility to do so.

Thanks for your consideration in advance,

Fidel
  • 0

#4
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

please run defogger and let's see if you can run MBAM after that:
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Please also try running a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Should I accidentally close your topic and you want it reopen at a later point (say a week after I originally replied) you can just PM me.

regards myrti
  • 0

#5
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Hello myrti,

First I downloaded the DeFogger which disabled my CD Emulation drivers.

Here is the defogger_disable.txt file:




defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:52 on 04/02/2012 (Daniel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-






After that I restarted my laptop.

Then I downloaded GMER from the Main Mirror which downloaded a randomly named file to my Desktop but I couldn't opet it because it gave me win32 error:

Posted Image



That's why I downloaded a zipped version which I run without any problems.

Here is the log from the scan:




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-04 16:43:35
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST9160821AS rev.3.ALD
Running: gmer.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uwdirpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x89EFEFC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9050C510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x89F01456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x89F014AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x89F015C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x89F013AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x89F014FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x89F01400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x89F01572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x89EFEFE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9050C5C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x89EFEDB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x89EFF00C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x89F019BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x89EFFAA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x89F01486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x89F014D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x89F015EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x89F013D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x89F0153E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x89F0142E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x89F0159C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9050C658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x89EFF96A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x89EFF030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x89EFF054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x89EFEE0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x89EFEF48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x89EFEF24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x89EFEF6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x89EFF078]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x905207A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 830399A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830594E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 1393 83060750 4 Bytes [C4, EF, EF, 89]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BB 83060778 4 Bytes [10, C5, 50, 90] {ADC CH, AL; PUSH EAX; NOP }
.text ntoskrnl.exe!KeRemoveQueueEx + 146F 8306082C 8 Bytes [56, 14, F0, 89, AE, 14, F0, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 147B 83060838 4 Bytes [C4, 15, F0, 89]
.text ntoskrnl.exe!KeRemoveQueueEx + 1497 83060854 4 Bytes [AC, 13, F0, 89]
.text ...
PAGE ntoskrnl.exe!ObMakeTemporaryObject 831E640E 5 Bytes JMP 9051D69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 8320D916 5 Bytes JMP 9051F174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 8321406F 4 Bytes CALL 89F00025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 83250C8D 4 Bytes CALL 89F0003B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 832D67D4 7 Bytes JMP 905207A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[328] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[328] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[328] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[468] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[472] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[472] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[472] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[556] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[556] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[556] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[556] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[556] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[556] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[556] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[556] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[568] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\services.exe[612] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[612] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[612] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[628] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\lsm.exe[636] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000A03FC
.text C:\Windows\system32\lsm.exe[636] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\lsm.exe[636] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[732] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[732] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[732] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[804] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[804] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[804] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[804] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\winlogon.exe[804] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\winlogon.exe[804] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\winlogon.exe[804] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\winlogon.exe[804] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[924] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00190A08
.text C:\Windows\System32\svchost.exe[924] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001903FC
.text C:\Windows\System32\svchost.exe[924] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00190804
.text C:\Windows\System32\svchost.exe[924] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001901F8
.text C:\Windows\System32\svchost.exe[924] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00190600
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 008D0A08
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 008D03FC
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 008D0804
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 008D01F8
.text C:\Windows\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 008D0600
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00E80A08
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 00E803FC
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00E80804
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 00E801F8
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00E80600
.text C:\Windows\system32\AUDIODG.EXE[1140] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 003D0A08
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 003D03FC
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 003D0804
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 003D01F8
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 003D0600
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 008F0A08
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 008F03FC
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 008F0804
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 008F01F8
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 008F0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 5D2EB750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 000F0600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1492] kernel32.dll!SetUnhandledExceptionFilter 759BF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1492] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1768] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1768] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1768] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1768] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00360A08
.text C:\Windows\system32\svchost.exe[1768] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 003603FC
.text C:\Windows\system32\svchost.exe[1768] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00360804
.text C:\Windows\system32\svchost.exe[1768] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 003601F8
.text C:\Windows\system32\svchost.exe[1768] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00360600
.text C:\Windows\system32\svchost.exe[1912] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1912] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1912] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Users\Daniel\Desktop\gmer.exe[1920] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe[1996] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe[1996] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001501F8
.text C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe[1996] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000903FC
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000901F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00130A08
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001303FC
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00130804
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001301F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2020] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00130600
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 004F0A08
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 004F03FC
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 004F0804
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 004F01F8
.text C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe[2192] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 004F0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001501F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2284] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\WUDFHost.exe[2316] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\WUDFHost.exe[2316] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\WUDFHost.exe[2316] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[2316] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\WUDFHost.exe[2316] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\WUDFHost.exe[2316] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\WUDFHost.exe[2316] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\WUDFHost.exe[2316] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[2364] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2364] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2364] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2364] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 002E0A08
.text C:\Windows\system32\svchost.exe[2364] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 002E03FC
.text C:\Windows\system32\svchost.exe[2364] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 002E0804
.text C:\Windows\system32\svchost.exe[2364] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 002E01F8
.text C:\Windows\system32\svchost.exe[2364] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 002E0600
.text C:\Windows\system32\taskhost.exe[2456] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[2456] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[2456] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2456] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskhost.exe[2456] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskhost.exe[2456] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00070804
.text C:\Windows\system32\taskhost.exe[2456] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskhost.exe[2456] USER32.dll!SetWindowsHookExA 757B6D0C 3 Bytes JMP 00070600
.text C:\Windows\system32\taskhost.exe[2456] USER32.dll!SetWindowsHookExA + 4 757B6D10 1 Byte [8A]
.text C:\Windows\system32\Dwm.exe[2588] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[2588] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[2588] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2588] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[2588] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[2588] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[2588] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[2588] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 000F0600
.text C:\Windows\Explorer.EXE[2644] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[2644] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[2644] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[2644] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00150A08
.text C:\Windows\Explorer.EXE[2644] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001503FC
.text C:\Windows\Explorer.EXE[2644] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00150804
.text C:\Windows\Explorer.EXE[2644] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001501F8
.text C:\Windows\Explorer.EXE[2644] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00150600
.text C:\Windows\System32\rundll32.exe[2704] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000703FC
.text C:\Windows\System32\rundll32.exe[2704] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000701F8
.text C:\Windows\System32\rundll32.exe[2704] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[2704] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\rundll32.exe[2704] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\rundll32.exe[2704] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\rundll32.exe[2704] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\rundll32.exe[2704] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00140804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2860] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00140600
.text C:\Windows\System32\hkcmd.exe[3000] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\hkcmd.exe[3000] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\hkcmd.exe[3000] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[3000] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\hkcmd.exe[3000] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\hkcmd.exe[3000] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\hkcmd.exe[3000] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\hkcmd.exe[3000] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\igfxpers.exe[3008] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[3008] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[3008] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\igfxsrvc.exe[3032] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Windows\system32\igfxsrvc.exe[3032] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Windows\system32\igfxsrvc.exe[3032] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[3032] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\igfxsrvc.exe[3032] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\igfxsrvc.exe[3032] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\igfxsrvc.exe[3032] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\igfxsrvc.exe[3032] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 02F90A08
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 02F903FC
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 02F90804
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 02F901F8
.text C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe[3060] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 02F90600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 001A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 001A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 001A0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3228] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00300A08
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 003003FC
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00300804
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 003001F8
.text C:\Program Files\REALTEK\Audio\HDA\RtHDVCpl.exe[3292] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00300600
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Mobinil USB modem\AutoDect.exe[3300] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3340] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 000F0600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3368] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 000E0A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 000E03FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 000E0804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 000E01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3416] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 000E0600
.text C:\Program Files\RocketDock\RocketDock.exe[3432] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001603FC
.text C:\Program Files\RocketDock\RocketDock.exe[3432] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001601F8
.text C:\Program Files\RocketDock\RocketDock.exe[3432] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\RocketDock\RocketDock.exe[3432] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\RocketDock\RocketDock.exe[3432] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001F03FC
.text C:\Program Files\RocketDock\RocketDock.exe[3432] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 001F0804
.text C:\Program Files\RocketDock\RocketDock.exe[3432] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001F01F8
.text C:\Program Files\RocketDock\RocketDock.exe[3432] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\SearchIndexer.exe[3636] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3636] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3636] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3636] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[3636] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\SearchIndexer.exe[3636] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[3636] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[3636] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 001501F8
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00BA0A08
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 00BA03FC
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00BA0804
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 00BA01F8
.text C:\Program Files\Mobinil USB modem\UIMain.exe[3820] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00BA0600
.text C:\Windows\System32\svchost.exe[4084] ntdll.dll!LdrUnloadDll 7734C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[4084] ntdll.dll!LdrLoadDll 7735223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[4084] kernel32.dll!GetBinaryTypeW + 70 759D69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4084] USER32.dll!UnhookWindowsHookEx 7578ADF9 5 Bytes JMP 00140A08
.text C:\Windows\System32\svchost.exe[4084] USER32.dll!UnhookWinEvent 7578B750 5 Bytes JMP 001403FC
.text C:\Windows\System32\svchost.exe[4084] USER32.dll!SetWindowsHookExW 7578E30C 5 Bytes JMP 00140804
.text C:\Windows\System32\svchost.exe[4084] USER32.dll!SetWinEventHook 757924DC 5 Bytes JMP 001401F8
.text C:\Windows\System32\svchost.exe[4084] USER32.dll!SetWindowsHookExA 757B6D0C 5 Bytes JMP 00140600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740F2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740D5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740D56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [740F24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740E8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740E4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740E506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740E5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [740E6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740E826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740E87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740E901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [740EE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [740E4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7537FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2704] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7537FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7537FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7537FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x4B 0xB0 0xC7 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xCA 0x21 0x69 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0x70 0x3D 0x42 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0x70 0x3D 0x42 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x4B 0xB0 0xC7 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xCA 0x21 0x69 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0x70 0x3D 0x42 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0x70 0x3D 0x42 0x25 ...

---- EOF - GMER 1.0.15 ----




P.S.

Afterwards, I run MBAM and the scan finished without BSOD or any other problem.

I'd like to know if my virtual drives were creating a problem and if I can retrieve them now or should I use them at all in the future?

Thanks in advance.


EDIT

Previously, I've run the 'Quick Scan' which completed without problems.

However, when I did the 'Full Scan' my laptop crashed again and a BSOD appeared again.

This is the report from Windows:


Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033

Additional information about the problem:
BCCode: 7a
BCP1: C020C6CC
BCP2: C0000185
BCP3: 6D0A5860
BCP4: 831B3B1E
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\020412-33290-01.dmp
C:\Users\Daniel\AppData\Local\Temp\WER-43430-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft....88&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt




I also recently installed BlueScreenView program to be able to make a better report regarding the Blue Screen.

This the report from BlueScreenView:


Posted Image



==================================================
Filename : ntoskrnl.exe
Address In Stack : ntoskrnl.exe+1afb1e
From Address : 0x83004000
To Address : 0x83407000
Size : 0x00403000
Time Stamp : 0x4ea76e9b
Time String : 10/26/2011 3:21:15 AM
Product Name : Microsoft® Windows® Operating System
File Description : NT Kernel & System
File Version : 6.1.7601.17713 (win7sp1_gdr.111025-1505)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\ntoskrnl.exe
==================================================

==================================================
Filename : hal.dll
Address In Stack :
From Address : 0x83407000
To Address : 0x8343e000
Size : 0x00037000
Time Stamp : 0x4ce788d2
Time String : 11/20/2010 9:37:38 AM
Product Name : Microsoft® Windows® Operating System
File Description : Hardware Abstraction Layer DLL
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\hal.dll
==================================================

==================================================
Filename : kdcom.dll
Address In Stack :
From Address : 0x80ba2000
To Address : 0x80baa000
Size : 0x00008000
Time Stamp : 0x4a5bdaaa
Time String : 7/14/2009 2:08:58 AM
Product Name : Microsoft® Windows® Operating System
File Description : Serial Kernel Debugger
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\kdcom.dll
==================================================

==================================================
Filename : mcupdate.dll
Address In Stack :
From Address : 0x89417000
To Address : 0x8949c000
Size : 0x00085000
Time Stamp : 0x4ce7b876
Time String : 11/20/2010 1:00:54 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : PSHED.dll
Address In Stack :
From Address : 0x8949c000
To Address : 0x894ad000
Size : 0x00011000
Time Stamp : 0x4a5bdad0
Time String : 7/14/2009 2:09:36 AM
Product Name : Microsoft® Windows® Operating System
File Description : Platform Specific Hardware Error Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\PSHED.dll
==================================================

==================================================
Filename : BOOTVID.dll
Address In Stack :
From Address : 0x894ad000
To Address : 0x894b5000
Size : 0x00008000
Time Stamp : 0x4a5bd9a2
Time String : 7/14/2009 2:04:34 AM
Product Name : Microsoft® Windows® Operating System
File Description : VGA Boot Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\BOOTVID.dll
==================================================

==================================================
Filename : CLFS.SYS
Address In Stack :
From Address : 0x894b5000
To Address : 0x894f7000
Size : 0x00042000
Time Stamp : 0x4a5bbf0e
Time String : 7/14/2009 12:11:10 AM
Product Name : Microsoft® Windows® Operating System
File Description : Common Log File System Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\CLFS.SYS
==================================================

==================================================
Filename : CI.dll
Address In Stack :
From Address : 0x894f7000
To Address : 0x895a2000
Size : 0x000ab000
Time Stamp : 0x4ce7b97d
Time String : 11/20/2010 1:05:17 PM
Product Name : Microsoft® Windows® Operating System
File Description : Code Integrity Module
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\CI.dll
==================================================

==================================================
Filename : Wdf01000.sys
Address In Stack :
From Address : 0x895a2000
To Address : 0x89613000
Size : 0x00071000
Time Stamp : 0x4a5bbf28
Time String : 7/14/2009 12:11:36 AM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Mode Driver Framework Runtime
File Version : 1.9.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Wdf01000.sys
==================================================

==================================================
Filename : WDFLDR.SYS
Address In Stack :
From Address : 0x89613000
To Address : 0x89621000
Size : 0x0000e000
Time Stamp : 0x4a5bbf1d
Time String : 7/14/2009 12:11:25 AM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Mode Driver Framework Loader
File Version : 1.9.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\WDFLDR.SYS
==================================================

==================================================
Filename : ACPI.sys
Address In Stack :
From Address : 0x89621000
To Address : 0x89669000
Size : 0x00048000
Time Stamp : 0x4ce788e0
Time String : 11/20/2010 9:37:52 AM
Product Name : Microsoft® Windows® Operating System
File Description : ACPI Driver for NT
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ACPI.sys
==================================================

==================================================
Filename : WMILIB.SYS
Address In Stack :
From Address : 0x89669000
To Address : 0x89672000
Size : 0x00009000
Time Stamp : 0x4a5bbf1a
Time String : 7/14/2009 12:11:22 AM
Product Name : Microsoft® Windows® Operating System
File Description : WMILIB WMI support library Dll
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\WMILIB.SYS
==================================================

==================================================
Filename : msisadrv.sys
Address In Stack :
From Address : 0x89672000
To Address : 0x8967a000
Size : 0x00008000
Time Stamp : 0x4a5bbf0d
Time String : 7/14/2009 12:11:09 AM
Product Name : Microsoft® Windows® Operating System
File Description : ISA Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\msisadrv.sys
==================================================

==================================================
Filename : vdrvroot.sys
Address In Stack :
From Address : 0x8967a000
To Address : 0x89685000
Size : 0x0000b000
Time Stamp : 0x4a5bc74b
Time String : 7/14/2009 12:46:19 AM
Product Name : Microsoft® Windows® Operating System
File Description : Virtual Drive Root Enumerator
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vdrvroot.sys
==================================================

==================================================
Filename : pci.sys
Address In Stack :
From Address : 0x89685000
To Address : 0x896af000
Size : 0x0002a000
Time Stamp : 0x4ce788e5
Time String : 11/20/2010 9:37:57 AM
Product Name : Microsoft® Windows® Operating System
File Description : NT Plug and Play PCI Enumerator
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pci.sys
==================================================

==================================================
Filename : partmgr.sys
Address In Stack :
From Address : 0x896af000
To Address : 0x896c0000
Size : 0x00011000
Time Stamp : 0x4ce788f6
Time String : 11/20/2010 9:38:14 AM
Product Name : Microsoft® Windows® Operating System
File Description : Partition Management Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\partmgr.sys
==================================================

==================================================
Filename : compbatt.sys
Address In Stack :
From Address : 0x896c0000
To Address : 0x896c8000
Size : 0x00008000
Time Stamp : 0x4a5bc0f6
Time String : 7/14/2009 12:19:18 AM
Product Name : Microsoft® Windows® Operating System
File Description : Composite Battery Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\compbatt.sys
==================================================

==================================================
Filename : BATTC.SYS
Address In Stack :
From Address : 0x896c8000
To Address : 0x896d3000
Size : 0x0000b000
Time Stamp : 0x4a5bc0f3
Time String : 7/14/2009 12:19:15 AM
Product Name : Microsoft® Windows® Operating System
File Description : Battery Class Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\BATTC.SYS
==================================================

==================================================
Filename : volmgr.sys
Address In Stack :
From Address : 0x896d3000
To Address : 0x896e3000
Size : 0x00010000
Time Stamp : 0x4ce788ee
Time String : 11/20/2010 9:38:06 AM
Product Name : Microsoft® Windows® Operating System
File Description : Volume Manager Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\volmgr.sys
==================================================

==================================================
Filename : volmgrx.sys
Address In Stack :
From Address : 0x896e3000
To Address : 0x8972e000
Size : 0x0004b000
Time Stamp : 0x4a5bbf2d
Time String : 7/14/2009 12:11:41 AM
Product Name : Microsoft® Windows® Operating System
File Description : Volume Manager Extension Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\volmgrx.sys
==================================================

==================================================
Filename : intelide.sys
Address In Stack :
From Address : 0x8972e000
To Address : 0x89735000
Size : 0x00007000
Time Stamp : 0x4a5bbf17
Time String : 7/14/2009 12:11:19 AM
Product Name : Microsoft® Windows® Operating System
File Description : Intel PCI IDE Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\intelide.sys
==================================================

==================================================
Filename : PCIIDEX.SYS
Address In Stack :
From Address : 0x89735000
To Address : 0x89743000
Size : 0x0000e000
Time Stamp : 0x4a5bbf13
Time String : 7/14/2009 12:11:15 AM
Product Name : Microsoft® Windows® Operating System
File Description : PCI IDE Bus Driver Extension
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\PCIIDEX.SYS
==================================================

==================================================
Filename : mountmgr.sys
Address In Stack :
From Address : 0x89743000
To Address : 0x89759000
Size : 0x00016000
Time Stamp : 0x4ce788f1
Time String : 11/20/2010 9:38:09 AM
Product Name : Microsoft® Windows® Operating System
File Description : Mount Point Manager
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mountmgr.sys
==================================================

==================================================
Filename : vmbus.sys
Address In Stack :
From Address : 0x89759000
To Address : 0x89782180
Size : 0x00029180
Time Stamp : 0x4ce79192
Time String : 11/20/2010 10:14:58 AM
Product Name : Microsoft® Windows® Operating System
File Description : Virtual Machine Bus
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vmbus.sys
==================================================

==================================================
Filename : winhv.sys
Address In Stack :
From Address : 0x89783000
To Address : 0x89795000
Size : 0x00012000
Time Stamp : 0x4ce788f7
Time String : 11/20/2010 9:38:15 AM
Product Name : Microsoft® Windows® Operating System
File Description : Windows Hypervisor Interface Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\winhv.sys
==================================================

==================================================
Filename : atapi.sys
Address In Stack :
From Address : 0x89795000
To Address : 0x8979e000
Size : 0x00009000
Time Stamp : 0x4a5bbf13
Time String : 7/14/2009 12:11:15 AM
Product Name : Microsoft® Windows® Operating System
File Description : ATAPI IDE Miniport Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\atapi.sys
==================================================

==================================================
Filename : ataport.SYS
Address In Stack :
From Address : 0x8979e000
To Address : 0x897c1000
Size : 0x00023000
Time Stamp : 0x4ce788e8
Time String : 11/20/2010 9:38:00 AM
Product Name : Microsoft® Windows® Operating System
File Description : ATAPI Driver Extension
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ataport.SYS
==================================================

==================================================
Filename : msahci.sys
Address In Stack :
From Address : 0x897c1000
To Address : 0x897cb000
Size : 0x0000a000
Time Stamp : 0x4ce799f8
Time String : 11/20/2010 10:50:48 AM
Product Name : Microsoft® Windows® Operating System
File Description : MS AHCI 1.0 Standard Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\msahci.sys
==================================================

==================================================
Filename : amdxata.sys
Address In Stack :
From Address : 0x897cb000
To Address : 0x897d4000
Size : 0x00009000
Time Stamp : 0x4ba3a3f5
Time String : 3/19/2010 5:19:01 PM
Product Name : Storage Filter Driver
File Description : Storage Filter Driver
File Version : 1.1.2.5 (NT.091202-1711)
Company : Advanced Micro Devices
Full Path : C:\Windows\system32\drivers\amdxata.sys
==================================================

==================================================
Filename : fltmgr.sys
Address In Stack :
From Address : 0x89822000
To Address : 0x89856000
Size : 0x00034000
Time Stamp : 0x4a5bbf11
Time String : 7/14/2009 12:11:13 AM
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Filesystem Filter Manager
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fltmgr.sys
==================================================

==================================================
Filename : fileinfo.sys
Address In Stack :
From Address : 0x89856000
To Address : 0x89867000
Size : 0x00011000
Time Stamp : 0x4a5bc18f
Time String : 7/14/2009 12:21:51 AM
Product Name : Microsoft® Windows® Operating System
File Description : FileInfo Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fileinfo.sys
==================================================

==================================================
Filename : Ntfs.sys
Address In Stack :
From Address : 0x89867000
To Address : 0x89996000
Size : 0x0012f000
Time Stamp : 0x4d799527
Time String : 3/11/2011 4:21:11 AM
Product Name : Microsoft® Windows® Operating System
File Description : NT File System Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Ntfs.sys
==================================================

==================================================
Filename : msrpc.sys
Address In Stack :
From Address : 0x89996000
To Address : 0x899c1000
Size : 0x0002b000
Time Stamp : 0x4a5bbf3f
Time String : 7/14/2009 12:11:59 AM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Remote Procedure Call Provider
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\msrpc.sys
==================================================

==================================================
Filename : ksecdd.sys
Address In Stack :
From Address : 0x899c1000
To Address : 0x899d4000
Size : 0x00013000
Time Stamp : 0x4ec47c6c
Time String : 11/17/2011 4:15:56 AM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Security Support Provider Interface
File Version : 6.1.7601.17725 (win7sp1_gdr.111116-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ksecdd.sys
==================================================

==================================================
Filename : cng.sys
Address In Stack :
From Address : 0x899d4000
To Address : 0x89a31000
Size : 0x0005d000
Time Stamp : 0x4ec48143
Time String : 11/17/2011 4:36:35 AM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Cryptography, Next Generation
File Version : 6.1.7601.17725 (win7sp1_gdr.111116-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\cng.sys
==================================================

==================================================
Filename : pcw.sys
Address In Stack :
From Address : 0x89a31000
To Address : 0x89a3f000
Size : 0x0000e000
Time Stamp : 0x4a5bbf0e
Time String : 7/14/2009 12:11:10 AM
Product Name : Microsoft® Windows® Operating System
File Description : Performance Counters for Windows Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pcw.sys
==================================================

==================================================
Filename : Fs_Rec.sys
Address In Stack :
From Address : 0x89a3f000
To Address : 0x89a48000
Size : 0x00009000
Time Stamp : 0x4a5bbf12
Time String : 7/14/2009 12:11:14 AM
Product Name : Microsoft® Windows® Operating System
File Description : File System Recognizer Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Fs_Rec.sys
==================================================

==================================================
Filename : ndis.sys
Address In Stack :
From Address : 0x89a48000
To Address : 0x89aff000
Size : 0x000b7000
Time Stamp : 0x4ce78937
Time String : 11/20/2010 9:39:19 AM
Product Name : Microsoft® Windows® Operating System
File Description : NDIS 6.20 driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndis.sys
==================================================

==================================================
Filename : NETIO.SYS
Address In Stack :
From Address : 0x89aff000
To Address : 0x89b3d000
Size : 0x0003e000
Time Stamp : 0x4ce78963
Time String : 11/20/2010 9:40:03 AM
Product Name : Microsoft® Windows® Operating System
File Description : Network I/O Subsystem
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\NETIO.SYS
==================================================

==================================================
Filename : ksecpkg.sys
Address In Stack :
From Address : 0x89b3d000
To Address : 0x89b62000
Size : 0x00025000
Time Stamp : 0x4ec4817e
Time String : 11/17/2011 4:37:34 AM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Security Support Provider Interface Packages
File Version : 6.1.7601.17725 (win7sp1_gdr.111116-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ksecpkg.sys
==================================================

==================================================
Filename : tcpip.sys
Address In Stack :
From Address : 0x89c22000
To Address : 0x89d6c000
Size : 0x0014a000
Time Stamp : 0x4e83e463
Time String : 9/29/2011 4:22:11 AM
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tcpip.sys
==================================================

==================================================
Filename : fwpkclnt.sys
Address In Stack :
From Address : 0x89d6c000
To Address : 0x89d9d000
Size : 0x00031000
Time Stamp : 0x4ce7892c
Time String : 11/20/2010 9:39:08 AM
Product Name : Microsoft® Windows® Operating System
File Description : FWP/IPsec Kernel-Mode API
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fwpkclnt.sys
==================================================

==================================================
Filename : vmstorfl.sys
Address In Stack :
From Address : 0x89d9d000
To Address : 0x89da5380
Size : 0x00008380
Time Stamp : 0x4ce7917d
Time String : 11/20/2010 10:14:37 AM
Product Name : Microsoft® Windows® Operating System
File Description : Virtual Storage Filter Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vmstorfl.sys
==================================================

==================================================
Filename : volsnap.sys
Address In Stack :
From Address : 0x89da6000
To Address : 0x89de5000
Size : 0x0003f000
Time Stamp : 0x4ce788f5
Time String : 11/20/2010 9:38:13 AM
Product Name : Microsoft® Windows® Operating System
File Description : Volume Shadow Copy Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\volsnap.sys
==================================================

==================================================
Filename : spldr.sys
Address In Stack :
From Address : 0x89de5000
To Address : 0x89ded000
Size : 0x00008000
Time Stamp : 0x4a084ebb
Time String : 5/11/2009 5:13:47 PM
Product Name : Microsoft® Windows® Operating System
File Description : loader for security processor
File Version : 6.1.7127.0 (fbl_security_bugfix(sepbld-s).090511-0900)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\spldr.sys
==================================================

==================================================
Filename : rdyboost.sys
Address In Stack :
From Address : 0x89ded000
To Address : 0x89e1a000
Size : 0x0002d000
Time Stamp : 0x4ce78e17
Time String : 11/20/2010 10:00:07 AM
Product Name : Microsoft® Windows® Operating System
File Description : ReadyBoost Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdyboost.sys
==================================================

==================================================
Filename : mup.sys
Address In Stack :
From Address : 0x89e1a000
To Address : 0x89e2a000
Size : 0x00010000
Time Stamp : 0x4a5bbfc6
Time String : 7/14/2009 12:14:14 AM
Product Name : Microsoft® Windows® Operating System
File Description : Multiple UNC Provider Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mup.sys
==================================================

==================================================
Filename : hwpolicy.sys
Address In Stack :
From Address : 0x89e2a000
To Address : 0x89e32000
Size : 0x00008000
Time Stamp : 0x4ce788cf
Time String : 11/20/2010 9:37:35 AM
Product Name : Microsoft® Windows® Operating System
File Description : Hardware Policy Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\hwpolicy.sys
==================================================

==================================================
Filename : fvevol.sys
Address In Stack :
From Address : 0x89e32000
To Address : 0x89e64000
Size : 0x00032000
Time Stamp : 0x4ce78976
Time String : 11/20/2010 9:40:22 AM
Product Name : Microsoft® Windows® Operating System
File Description : BitLocker Drive Encryption Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fvevol.sys
==================================================

==================================================
Filename : disk.sys
Address In Stack :
From Address : 0x89e64000
To Address : 0x89e75000
Size : 0x00011000
Time Stamp : 0x4a5bbf20
Time String : 7/14/2009 12:11:28 AM
Product Name : Microsoft® Windows® Operating System
File Description : PnP Disk Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\disk.sys
==================================================

==================================================
Filename : CLASSPNP.SYS
Address In Stack :
From Address : 0x89e75000
To Address : 0x89e9a000
Size : 0x00025000
Time Stamp : 0x4a5bbf18
Time String : 7/14/2009 12:11:20 AM
Product Name : Microsoft® Windows® Operating System
File Description : SCSI Class System Dll
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\CLASSPNP.SYS
==================================================

==================================================
Filename : cdrom.sys
Address In Stack :
From Address : 0x89ecd000
To Address : 0x89eec000
Size : 0x0001f000
Time Stamp : 0x4ce788f1
Time String : 11/20/2010 9:38:09 AM
Product Name : Microsoft® Windows® Operating System
File Description : SCSI CD-ROM Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\cdrom.sys
==================================================

==================================================
Filename : aswSnx.SYS
Address In Stack :
From Address : 0x89eec000
To Address : 0x89f59000
Size : 0x0006d000
Time Stamp : 0x4ed3cab0
Time String : 11/28/2011 6:53:52 PM
Product Name : avast! Antivirus System
File Description : avast! Virtualization Driver
File Version : 6.0.1367.0
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswSnx.SYS
==================================================

==================================================
Filename : Null.SYS
Address In Stack :
From Address : 0x89f59000
To Address : 0x89f60000
Size : 0x00007000
Time Stamp : 0x4a5bbf10
Time String : 7/14/2009 12:11:12 AM
Product Name : Microsoft® Windows® Operating System
File Description : NULL Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Null.SYS
==================================================

==================================================
Filename : Beep.SYS
Address In Stack :
From Address : 0x89f60000
To Address : 0x89f67000
Size : 0x00007000
Time Stamp : 0x4a5bc6fc
Time String : 7/14/2009 12:45:00 AM
Product Name : Microsoft® Windows® Operating System
File Description : BEEP Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Beep.SYS
==================================================

==================================================
Filename : vga.sys
Address In Stack :
From Address : 0x89f67000
To Address : 0x89f73000
Size : 0x0000c000
Time Stamp : 0x4a5bc27e
Time String : 7/14/2009 12:25:50 AM
Product Name : Microsoft® Windows® Operating System
File Description : VGA/Super VGA Video Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vga.sys
==================================================

==================================================
Filename : VIDEOPRT.SYS
Address In Stack :
From Address : 0x89f73000
To Address : 0x89f94000
Size : 0x00021000
Time Stamp : 0x4a5bc27d
Time String : 7/14/2009 12:25:49 AM
Product Name : Microsoft® Windows® Operating System
File Description : Video Port Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\VIDEOPRT.SYS
==================================================

==================================================
Filename : watchdog.sys
Address In Stack :
From Address : 0x89f94000
To Address : 0x89fa1000
Size : 0x0000d000
Time Stamp : 0x4a5bc21a
Time String : 7/14/2009 12:24:10 AM
Product Name : Microsoft® Windows® Operating System
File Description : Watchdog Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\watchdog.sys
==================================================

==================================================
Filename : RDPCDD.sys
Address In Stack :
From Address : 0x89fa1000
To Address : 0x89fa9000
Size : 0x00008000
Time Stamp : 0x4ce7a15b
Time String : 11/20/2010 11:22:19 AM
Product Name : Microsoft® Windows® Operating System
File Description : RDP Miniport
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\RDPCDD.sys
==================================================

==================================================
Filename : rdpencdd.sys
Address In Stack :
From Address : 0x89fa9000
To Address : 0x89fb1000
Size : 0x00008000
Time Stamp : 0x4a5bcae3
Time String : 7/14/2009 1:01:39 AM
Product Name : Microsoft® Windows® Operating System
File Description : RDP Encoder Miniport
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdpencdd.sys
==================================================

==================================================
Filename : rdprefmp.sys
Address In Stack :
From Address : 0x89fb1000
To Address : 0x89fb9000
Size : 0x00008000
Time Stamp : 0x4a5bcae5
Time String : 7/14/2009 1:01:41 AM
Product Name : Microsoft® Windows® Operating System
File Description : RDP Reflector Driver Miniport
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdprefmp.sys
==================================================

==================================================
Filename : Msfs.SYS
Address In Stack :
From Address : 0x89fb9000
To Address : 0x89fc4000
Size : 0x0000b000
Time Stamp : 0x4a5bbf1e
Time String : 7/14/2009 12:11:26 AM
Product Name : Microsoft® Windows® Operating System
File Description : Mailslot driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Msfs.SYS
==================================================

==================================================
Filename : Npfs.SYS
Address In Stack :
From Address : 0x89fc4000
To Address : 0x89fd2000
Size : 0x0000e000
Time Stamp : 0x4a5bbf23
Time String : 7/14/2009 12:11:31 AM
Product Name : Microsoft® Windows® Operating System
File Description : NPFS Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Npfs.SYS
==================================================

==================================================
Filename : tdx.sys
Address In Stack :
From Address : 0x89fd2000
To Address : 0x89fe9000
Size : 0x00017000
Time Stamp : 0x4ce78935
Time String : 11/20/2010 9:39:17 AM
Product Name : Microsoft® Windows® Operating System
File Description : TDI Translation Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tdx.sys
==================================================

==================================================
Filename : TDI.SYS
Address In Stack :
From Address : 0x89fe9000
To Address : 0x89ff5000
Size : 0x0000c000
Time Stamp : 0x4ce78936
Time String : 11/20/2010 9:39:18 AM
Product Name : Microsoft® Windows® Operating System
File Description : TDI Wrapper
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\TDI.SYS
==================================================

==================================================
Filename : aswTdi.SYS
Address In Stack :
From Address : 0x89ff5000
To Address : 0x89fffd80
Size : 0x0000ad80
Time Stamp : 0x4ed3ca4e
Time String : 11/28/2011 6:52:14 PM
Product Name : avast! Antivirus System
File Description : avast! TDI Filter Driver
File Version : 6.0.1367.0 built by: WinDDK
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswTdi.SYS
==================================================

==================================================
Filename : afd.sys
Address In Stack :
From Address : 0x89b62000
To Address : 0x89bbc000
Size : 0x0005a000
Time Stamp : 0x4db4d9d8
Time String : 4/25/2011 3:18:00 AM
Product Name : Microsoft® Windows® Operating System
File Description : Ancillary Function Driver for WinSock
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\afd.sys
==================================================

==================================================
Filename : aswRdr.SYS
Address In Stack :
From Address : 0x89c00000
To Address : 0x89c06500
Size : 0x00006500
Time Stamp : 0x4ed3ca51
Time String : 11/28/2011 6:52:17 PM
Product Name : avast! Antivirus System
File Description : avast! TDI RDR Driver
File Version : 6.0.1367.0 built by: WinDDK
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswRdr.SYS
==================================================

==================================================
Filename : netbt.sys
Address In Stack :
From Address : 0x89bbc000
To Address : 0x89bee000
Size : 0x00032000
Time Stamp : 0x4ce7893a
Time String : 11/20/2010 9:39:22 AM
Product Name : Microsoft® Windows® Operating System
File Description : MBT Transport driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\netbt.sys
==================================================

==================================================
Filename : wfplwf.sys
Address In Stack :
From Address : 0x89c07000
To Address : 0x89c0e000
Size : 0x00007000
Time Stamp : 0x4a5bc90f
Time String : 7/14/2009 12:53:51 AM
Product Name : Microsoft® Windows® Operating System
File Description : WFP NDIS 6.20 Lightweight Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\wfplwf.sys
==================================================

==================================================
Filename : pacer.sys
Address In Stack :
From Address : 0x89800000
To Address : 0x8981f000
Size : 0x0001f000
Time Stamp : 0x4a5bc916
Time String : 7/14/2009 12:53:58 AM
Product Name : Microsoft® Windows® Operating System
File Description : QoS Packet Scheduler
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pacer.sys
==================================================

==================================================
Filename : vwififlt.sys
Address In Stack :
From Address : 0x89c0e000
To Address : 0x89c1f000
Size : 0x00011000
Time Stamp : 0x4a5bc8a3
Time String : 7/14/2009 12:52:03 AM
Product Name : Microsoft® Windows® Operating System
File Description : Virtual WiFi Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vwififlt.sys
==================================================

==================================================
Filename : netbios.sys
Address In Stack :
From Address : 0x89bee000
To Address : 0x89bfc000
Size : 0x0000e000
Time Stamp : 0x4a5bc912
Time String : 7/14/2009 12:53:54 AM
Product Name : Microsoft® Windows® Operating System
File Description : NetBIOS interface driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\netbios.sys
==================================================

==================================================
Filename : wanarp.sys
Address In Stack :
From Address : 0x897d4000
To Address : 0x897e7000
Size : 0x00013000
Time Stamp : 0x4ce79df1
Time String : 11/20/2010 11:07:45 AM
Product Name : Microsoft® Windows® Operating System
File Description : MS Remote Access and Routing ARP Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\wanarp.sys
==================================================

==================================================
Filename : termdd.sys
Address In Stack :
From Address : 0x897e7000
To Address : 0x897f8000
Size : 0x00011000
Time Stamp : 0x4ce7a116
Time String : 11/20/2010 11:21:10 AM
Product Name : Microsoft® Windows® Operating System
File Description : Remote Desktop Server Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\termdd.sys
==================================================

==================================================
Filename : rdbss.sys
Address In Stack :
From Address : 0x90417000
To Address : 0x90458000
Size : 0x00041000
Time Stamp : 0x4ce78a04
Time String : 11/20/2010 9:42:44 AM
Product Name : Microsoft® Windows® Operating System
File Description : Redirected Drive Buffering SubSystem Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdbss.sys
==================================================

==================================================
Filename : nsiproxy.sys
Address In Stack :
From Address : 0x90458000
To Address : 0x90462000
Size : 0x0000a000
Time Stamp : 0x4a5bbf48
Time String : 7/14/2009 12:12:08 AM
Product Name : Microsoft® Windows® Operating System
File Description : NSI Proxy
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\nsiproxy.sys
==================================================

==================================================
Filename : mssmbios.sys
Address In Stack :
From Address : 0x90462000
To Address : 0x9046c000
Size : 0x0000a000
Time Stamp : 0x4a5bc0fd
Time String : 7/14/2009 12:19:25 AM
Product Name : Microsoft® Windows® Operating System
File Description : System Management BIOS Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mssmbios.sys
==================================================

==================================================
Filename : discache.sys
Address In Stack :
From Address : 0x9046c000
To Address : 0x90478000
Size : 0x0000c000
Time Stamp : 0x4a5bc214
Time String : 7/14/2009 12:24:04 AM
Product Name : Microsoft® Windows® Operating System
File Description : System Indexer/Cache Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\discache.sys
==================================================

==================================================
Filename : csc.sys
Address In Stack :
From Address : 0x90478000
To Address : 0x904dc000
Size : 0x00064000
Time Stamp : 0x4ce78a70
Time String : 11/20/2010 9:44:32 AM
Product Name : Microsoft® Windows® Operating System
File Description : Windows Client Side Caching Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\csc.sys
==================================================

==================================================
Filename : dfsc.sys
Address In Stack :
From Address : 0x904dc000
To Address : 0x904f4000
Size : 0x00018000
Time Stamp : 0x4ce789f8
Time String : 11/20/2010 9:42:32 AM
Product Name : Microsoft® Windows® Operating System
File Description : DFS Namespace Client Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\dfsc.sys
==================================================

==================================================
Filename : blbdrive.sys
Address In Stack :
From Address : 0x904f4000
To Address : 0x90502000
Size : 0x0000e000
Time Stamp : 0x4a5bc1d8
Time String : 7/14/2009 12:23:04 AM
Product Name : Microsoft® Windows® Operating System
File Description : BLB Drive Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\blbdrive.sys
==================================================

==================================================
Filename : aswSP.SYS
Address In Stack :
From Address : 0x90502000
To Address : 0x9054cb00
Size : 0x0004ab00
Time Stamp : 0x4ed3ca9d
Time String : 11/28/2011 6:53:33 PM
Product Name : avast! Antivirus System
File Description : avast! self protection module
File Version : 6.0.1367.0
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswSP.SYS
==================================================

==================================================
Filename : tunnel.sys
Address In Stack :
From Address : 0x9054d000
To Address : 0x9056e000
Size : 0x00021000
Time Stamp : 0x4ce79db0
Time String : 11/20/2010 11:06:40 AM
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Tunnel Interface Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tunnel.sys
==================================================

==================================================
Filename : intelppm.sys
Address In Stack :
From Address : 0x9056e000
To Address : 0x90580000
Size : 0x00012000
Time Stamp : 0x4a5bbf07
Time String : 7/14/2009 12:11:03 AM
Product Name : Microsoft® Windows® Operating System
File Description : Processor Device Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\intelppm.sys
==================================================

==================================================
Filename : igdkmd32.sys
Address In Stack :
From Address : 0x9142a000
To Address : 0x91933000
Size : 0x00509000
Time Stamp : 0x4aba7471
Time String : 9/23/2009 8:18:09 PM
Product Name : Intel Graphics Accelerator Drivers for Windows Vista®
File Description : Intel Graphics Kernel Mode Driver
File Version : 8.14.10.1930
Company : Intel Corporation
Full Path : C:\Windows\system32\drivers\igdkmd32.sys
==================================================

==================================================
Filename : dxgkrnl.sys
Address In Stack :
From Address : 0x91933000
To Address : 0x919ea000
Size : 0x000b7000
Time Stamp : 0x4ce78ffe
Time String : 11/20/2010 10:08:14 AM
Product Name : Microsoft® Windows® Operating System
File Description : DirectX Graphics Kernel
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\dxgkrnl.sys
==================================================

==================================================
Filename : dxgmms1.sys
Address In Stack :
From Address : 0x919ea000
To Address : 0x91a23000
Size : 0x00039000
Time Stamp : 0x4d4a24c1
Time String : 2/3/2011 4:45:05 AM
Product Name : Microsoft® Windows® Operating System
File Description : DirectX Graphics MMS
File Version : 6.1.7601.17554 (win7sp1_gdr.110202-1504)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\dxgmms1.sys
==================================================

==================================================
Filename : usbuhci.sys
Address In Stack :
From Address : 0x91a23000
To Address : 0x91a2e000
Size : 0x0000b000
Time Stamp : 0x4d8c04b4
Time String : 3/25/2011 3:57:56 AM
Product Name : Microsoft® Windows® Operating System
File Description : UHCI USB Miniport Driver
File Version : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbuhci.sys
==================================================

==================================================
Filename : USBPORT.SYS
Address In Stack :
From Address : 0x91a2e000
To Address : 0x91a79000
Size : 0x0004b000
Time Stamp : 0x4d8c04bd
Time String : 3/25/2011 3:58:05 AM
Product Name : Microsoft® Windows® Operating System
File Description : USB 1.1 & 2.0 Port Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\USBPORT.SYS
==================================================

==================================================
Filename : usbehci.sys
Address In Stack :
From Address : 0x91a79000
To Address : 0x91a88000
Size : 0x0000f000
Time Stamp : 0x4d8c04b6
Time String : 3/25/2011 3:57:58 AM
Product Name : Microsoft® Windows® Operating System
File Description : EHCI eUSB Miniport Driver
File Version : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbehci.sys
==================================================

==================================================
Filename : HDAudBus.sys
Address In Stack :
From Address : 0x91a88000
To Address : 0x91aa7000
Size : 0x0001f000
Time Stamp : 0x4ce79c00
Time String : 11/20/2010 10:59:28 AM
Product Name : Microsoft® Windows® Operating System
File Description : High Definition Audio Bus Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HDAudBus.sys
==================================================

==================================================
Filename : b57nd60x.sys
Address In Stack :
From Address : 0x91aa7000
To Address : 0x91aff000
Size : 0x00058000
Time Stamp : 0x4d59fa28
Time String : 2/15/2011 4:59:36 AM
Product Name : Broadcom NetXtreme Gigabit Ethernet Driver
File Description : Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.
File Version : 14.6.1.0 (cbuild.02142011-1956,b57nd6x-rel_14.6-lhdepot1106.CL-135337)
Company : Broadcom Corporation
Full Path : C:\Windows\system32\drivers\b57nd60x.sys
==================================================

==================================================
Filename : NETwLv32.sys
Address In Stack :
From Address : 0x9381c000
To Address : 0x93e7b000
Size : 0x0065f000
Time Stamp : 0x4cadb8da
Time String : 10/7/2010 1:11:06 PM
Product Name : Intel® Wireless WiFi Link Adapter
File Description : Intel® Wireless WiFi Link Driver
File Version : 13.4.0.139
Company : Intel Corporation
Full Path : C:\Windows\system32\drivers\NETwLv32.sys
==================================================

==================================================
Filename : 1394ohci.sys
Address In Stack :
From Address : 0x93e7b000
To Address : 0x93ea8000
Size : 0x0002d000
Time Stamp : 0x4ce79c67
Time String : 11/20/2010 11:01:11 AM
Product Name : Microsoft® Windows® Operating System
File Description : 1394 OpenHCI Port Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\1394ohci.sys
==================================================

==================================================
Filename : sdbus.sys
Address In Stack :
From Address : 0x93ea8000
To Address : 0x93ec1000
Size : 0x00019000
Time Stamp : 0x4ce78caa
Time String : 11/20/2010 9:54:02 AM
Product Name : Microsoft® Windows® Operating System
File Description : SecureDigital Bus Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\sdbus.sys
==================================================

==================================================
Filename : rimmptsk.sys
Address In Stack :
From Address : 0x93ec1000
To Address : 0x93ed2000
Size : 0x00011000
Time Stamp : 0x4a432e11
Time String : 6/25/2009 8:58:09 AM
Product Name : RICOH SD/MMC Driver
File Description : RICOH SD/MMC Driver
File Version : 6.10.01.03
Company : REDC
Full Path : C:\Windows\system32\drivers\rimmptsk.sys
==================================================

==================================================
Filename : rimsptsk.sys
Address In Stack :
From Address : 0x93ed2000
To Address : 0x93ee6000
Size : 0x00014000
Time Stamp : 0x4a4322f6
Time String : 6/25/2009 8:10:46 AM
Product Name : Ricoh Memorystick Controller
File Description : RICOH MS Driver
File Version : 6.10.01.03
Company : REDC
Full Path : C:\Windows\system32\drivers\rimsptsk.sys
==================================================

==================================================
Filename : rixdptsk.sys
Address In Stack :
From Address : 0x93ee6000
To Address : 0x93f38000
Size : 0x00052000
Time Stamp : 0x4a432685
Time String : 6/25/2009 8:25:57 AM
Product Name : R5C852 Ricoh xD Controller
File Description : RICOH XD SM Driver
File Version : 6.10.01.04
Company : REDC
Full Path : C:\Windows\system32\drivers\rixdptsk.sys
==================================================

==================================================
Filename : i8042prt.sys
Address In Stack :
From Address : 0x93f38000
To Address : 0x93f50000
Size : 0x00018000
Time Stamp : 0x4a5bbf1b
Time String : 7/14/2009 12:11:23 AM
Product Name : Microsoft® Windows® Operating System
File Description : i8042 Port Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\i8042prt.sys
==================================================

==================================================
Filename : kbdclass.sys
Address In Stack :
From Address : 0x93f50000
To Address : 0x93f5d000
Size : 0x0000d000
Time Stamp : 0x4a5bbf13
Time String : 7/14/2009 12:11:15 AM
Product Name : Microsoft® Windows® Operating System
File Description : Keyboard Class Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\kbdclass.sys
==================================================

==================================================
Filename : SynTP.sys
Address In Stack :
From Address : 0x93f5d000
To Address : 0x93f89080
Size : 0x0002c080
Time Stamp : 0x4643ce79
Time String : 5/11/2007 3:01:29 AM
Product Name : Synaptics Pointing Device Driver
File Description : Synaptics Touchpad Driver
File Version : 9.2.5 10May07
Company : Synaptics, Inc.
Full Path : C:\Windows\system32\drivers\SynTP.sys
==================================================

==================================================
Filename : USBD.SYS
Address In Stack :
From Address : 0x93f8a000
To Address : 0x93f8b700
Size : 0x00001700
Time Stamp : 0x4d8c04b1
Time String : 3/25/2011 3:57:53 AM
Product Name : Microsoft® Windows® Operating System
File Description : Universal Serial Bus Driver
File Version : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\USBD.SYS
==================================================

==================================================
Filename : mouclass.sys
Address In Stack :
From Address : 0x93f8c000
To Address : 0x93f99000
Size : 0x0000d000
Time Stamp : 0x4a5bbf13
Time String : 7/14/2009 12:11:15 AM
Product Name : Microsoft® Windows® Operating System
File Description : Mouse Class Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mouclass.sys
==================================================

==================================================
Filename : CmBatt.sys
Address In Stack :
From Address : 0x93f99000
To Address : 0x93f9c700
Size : 0x00003700
Time Stamp : 0x4a5bc0f6
Time String : 7/14/2009 12:19:18 AM
Product Name : Microsoft® Windows® Operating System
File Description : Control Method Battery Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\CmBatt.sys
==================================================

==================================================
Filename : enecir.sys
Address In Stack :
From Address : 0x93f9d000
To Address : 0x93fb6000
Size : 0x00019000
Time Stamp : 0x4a482429
Time String : 6/29/2009 3:17:13 AM
Product Name : ENE Consumer IR Driver for eHome
File Description : ENE CIR Driver for eHome
File Version : 2.7.4.0
Company : ENE TECHNOLOGY INC.
Full Path : C:\Windows\system32\drivers\enecir.sys
==================================================

==================================================
Filename : wmiacpi.sys
Address In Stack :
From Address : 0x93fb6000
To Address : 0x93fbf000
Size : 0x00009000
Time Stamp : 0x4a5bc0f4
Time String : 7/14/2009 12:19:16 AM
Product Name : Microsoft® Windows® Operating System
File Description : Windows Management Interface for ACPI
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\wmiacpi.sys
==================================================

==================================================
Filename : CompositeBus.sys
Address In Stack :
From Address : 0x93fbf000
To Address : 0x93fcc000
Size : 0x0000d000
Time Stamp : 0x4ce799dd
Time String : 11/20/2010 10:50:21 AM
Product Name : Microsoft® Windows® Operating System
File Description : Multi-Transport Composite Bus Enumerator
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\CompositeBus.sys
==================================================

==================================================
Filename : AgileVpn.sys
Address In Stack :
From Address : 0x93fcc000
To Address : 0x93fde000
Size : 0x00012000
Time Stamp : 0x4a5bc954
Time String : 7/14/2009 12:55:00 AM
Product Name : Microsoft® Windows® Operating System
File Description : RAS Agile Vpn Miniport Call Manager
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\AgileVpn.sys
==================================================

==================================================
Filename : rasl2tp.sys
Address In Stack :
From Address : 0x93fde000
To Address : 0x93ff6000
Size : 0x00018000
Time Stamp : 0x4a5bc939
Time String : 7/14/2009 12:54:33 AM
Product Name : Microsoft® Windows® Operating System
File Description : RAS L2TP mini-port/call-manager driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rasl2tp.sys
==================================================

==================================================
Filename : ndistapi.sys
Address In Stack :
From Address : 0x93800000
To Address : 0x9380b000
Size : 0x0000b000
Time Stamp : 0x4a5bc930
Time String : 7/14/2009 12:54:24 AM
Product Name : Microsoft® Windows® Operating System
File Description : NDIS 3.0 connection wrapper driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndistapi.sys
==================================================

==================================================
Filename : ndiswan.sys
Address In Stack :
From Address : 0x91aff000
To Address : 0x91b21000
Size : 0x00022000
Time Stamp : 0x4ce79df4
Time String : 11/20/2010 11:07:48 AM
Product Name : Microsoft® Windows® Operating System
File Description : MS PPP Framing Driver (Strong Encryption)
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndiswan.sys
==================================================

==================================================
Filename : raspppoe.sys
Address In Stack :
From Address : 0x91b21000
To Address : 0x91b39000
Size : 0x00018000
Time Stamp : 0x4a5bc94d
Time String : 7/14/2009 12:54:53 AM
Product Name : Microsoft® Windows® Operating System
File Description : RAS PPPoE mini-port/call-manager driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\raspppoe.sys
==================================================

==================================================
Filename : raspptp.sys
Address In Stack :
From Address : 0x91b39000
To Address : 0x91b50000
Size : 0x00017000
Time Stamp : 0x4a5bc947
Time String : 7/14/2009 12:54:47 AM
Product Name : Microsoft® Windows® Operating System
File Description : Peer-to-Peer Tunneling Protocol
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\raspptp.sys
==================================================

==================================================
Filename : rassstp.sys
Address In Stack :
From Address : 0x91b50000
To Address : 0x91b67000
Size : 0x00017000
Time Stamp : 0x4a5bc951
Time String : 7/14/2009 12:54:57 AM
Product Name : Microsoft® Windows® Operating System
File Description : RAS SSTP Miniport Call Manager
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rassstp.sys
==================================================

==================================================
Filename : rdpbus.sys
Address In Stack :
From Address : 0x9380b000
To Address : 0x93815000
Size : 0x0000a000
Time Stamp : 0x4a5bcb20
Time String : 7/14/2009 1:02:40 AM
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft RDP Bus Device driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdpbus.sys
==================================================

==================================================
Filename : swenum.sys
Address In Stack :
From Address : 0x93815000
To Address : 0x93816380
Size : 0x00001380
Time Stamp : 0x4a5bc704
Time String : 7/14/2009 12:45:08 AM
Product Name : Microsoft® Windows® Operating System
File Description : Plug and Play Software Device Enumerator
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\swenum.sys
==================================================

==================================================
Filename : ks.sys
Address In Stack :
From Address : 0x91b67000
To Address : 0x91b9b000
Size : 0x00034000
Time Stamp : 0x4ce799d9
Time String : 11/20/2010 10:50:17 AM
Product Name : Microsoft® Windows® Operating System
File Description : Kernel CSA Library
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ks.sys
==================================================

==================================================
Filename : circlass.sys
Address In Stack :
From Address : 0x91b9b000
To Address : 0x91ba9000
Size : 0x0000e000
Time Stamp : 0x4a5bc875
Time String : 7/14/2009 12:51:17 AM
Product Name : Microsoft® Windows® Operating System
File Description : Consumer IR Class Driver for eHome
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\circlass.sys
==================================================

==================================================
Filename : umbus.sys
Address In Stack :
From Address : 0x91ba9000
To Address : 0x91bb7000
Size : 0x0000e000
Time Stamp : 0x4ce79c37
Time String : 11/20/2010 11:00:23 AM
Product Name : Microsoft® Windows® Operating System
File Description : User-Mode Bus Enumerator
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\umbus.sys
==================================================

==================================================
Filename : usbhub.sys
Address In Stack :
From Address : 0x91bb7000
To Address : 0x91bfb000
Size : 0x00044000
Time Stamp : 0x4d8c04da
Time String : 3/25/2011 3:58:34 AM
Product Name : Microsoft® Windows® Operating System
File Description : Default Hub Driver for USB
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbhub.sys
==================================================

==================================================
Filename : NDProxy.SYS
Address In Stack :
From Address : 0x91400000
To Address : 0x91411000
Size : 0x00011000
Time Stamp : 0x4ce79deb
Time String : 11/20/2010 11:07:39 AM
Product Name : Microsoft® Windows® Operating System
File Description : NDIS Proxy
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\NDProxy.SYS
==================================================

==================================================
Filename : RTKVHDA.sys
Address In Stack :
From Address : 0x82008000
To Address : 0x823683c0
Size : 0x003603c0
Time Stamp : 0x4e9d6673
Time String : 10/18/2011 12:43:47 PM
Product Name : Realtek® High Definition Audio Function Driver
File Description : Realtek® High Definition Audio Function Driver
File Version : 6.0.1.6482 built by: WinDDK
Company : Realtek Semiconductor Corp.
Full Path : C:\Windows\system32\drivers\RTKVHDA.sys
==================================================

==================================================
Filename : portcls.sys
Address In Stack :
From Address : 0x82369000
To Address : 0x82398000
Size : 0x0002f000
Time Stamp : 0x4a5bc864
Time String : 7/14/2009 12:51:00 AM
Product Name : Microsoft® Windows® Operating System
File Description : Port Class (Class Driver for Port/Miniport Devices)
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\portcls.sys
==================================================

==================================================
Filename : drmk.sys
Address In Stack :
From Address : 0x82398000
To Address : 0x823b1000
Size : 0x00019000
Time Stamp : 0x4a5bd2f5
Time String : 7/14/2009 1:36:05 AM
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Trusted Audio Drivers
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\drmk.sys
==================================================

==================================================
Filename : HSXHWAZL.sys
Address In Stack :
From Address : 0x823b1000
To Address : 0x823ee000
Size : 0x0003d000
Time Stamp : 0x4995dee7
Time String : 2/13/2009 9:58:15 PM
Product Name : SoftK56 Modem Driver
File Description : HSF_HWAZL WDM driver
File Version : 7.80.4.0 built by: WinDDK
Company : Conexant Systems, Inc.
Full Path : C:\Windows\system32\drivers\HSXHWAZL.sys
==================================================

==================================================
Filename : HSX_DPV.sys
Address In Stack :
From Address : 0x90580000
To Address : 0x90682000
Size : 0x00102000
Time Stamp : 0x4995df61
Time String : 2/13/2009 10:00:17 PM
Product Name : SoftK56 Modem Driver
File Description : HSF_DP driver
File Version : 7.80.4.0 built by: WinDDK
Company : Conexant Systems, Inc.
Full Path : C:\Windows\system32\drivers\HSX_DPV.sys
==================================================

==================================================
Filename : HSX_CNXT.sys
Address In Stack :
From Address : 0x90682000
To Address : 0x90737000
Size : 0x000b5000
Time Stamp : 0x4995deb5
Time String : 2/13/2009 9:57:25 PM
Product Name : SoftK56 Modem Driver
File Description : HSF_CNXT driver
File Version : 7.80.4.0 built by: WinDDK
Company : Conexant Systems, Inc.
Full Path : C:\Windows\system32\drivers\HSX_CNXT.sys
==================================================

==================================================
Filename : modem.sys
Address In Stack :
From Address : 0x823ee000
To Address : 0x823fb000
Size : 0x0000d000
Time Stamp : 0x4a5bc96c
Time String : 7/14/2009 12:55:24 AM
Product Name : Microsoft® Windows® Operating System
File Description : Modem Device Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\modem.sys
==================================================

==================================================
Filename : hidir.sys
Address In Stack :
From Address : 0x91411000
To Address : 0x91420000
Size : 0x0000f000
Time Stamp : 0x4a5bc868
Time String : 7/14/2009 12:51:04 AM
Product Name : Microsoft® Windows® Operating System
File Description : Infrared Miniport Driver for Input Devices
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\hidir.sys
==================================================

==================================================
Filename : HIDCLASS.SYS
Address In Stack :
From Address : 0x90737000
To Address : 0x9074a000
Size : 0x00013000
Time Stamp : 0x4ce79c09
Time String : 11/20/2010 10:59:37 AM
Product Name : Microsoft® Windows® Operating System
File Description : Hid Class Library
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HIDCLASS.SYS
==================================================

==================================================
Filename : HIDPARSE.SYS
Address In Stack :
From Address : 0x82000000
To Address : 0x82006480
Size : 0x00006480
Time Stamp : 0x4a5bc863
Time String : 7/14/2009 12:50:59 AM
Product Name : Microsoft® Windows® Operating System
File Description : Hid Parsing Library
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HIDPARSE.SYS
==================================================

==================================================
Filename : kbdhid.sys
Address In Stack :
From Address : 0x9074a000
To Address : 0x90756000
Size : 0x0000c000
Time Stamp : 0x4ce799d2
Time String : 11/20/2010 10:50:10 AM
Product Name : Microsoft® Windows® Operating System
File Description : HID Keyboard Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\kbdhid.sys
==================================================

==================================================
Filename : mouhid.sys
Address In Stack :
From Address : 0x90756000
To Address : 0x90761000
Size : 0x0000b000
Time Stamp : 0x4a5bc704
Time String : 7/14/2009 12:45:08 AM
Product Name : Microsoft® Windows® Operating System
File Description : HID Mouse Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mouhid.sys
==================================================

==================================================
Filename : win32k.sys
Address In Stack :
From Address : 0x950f0000
To Address : 0x95340000
Size : 0x00250000
Time Stamp : 0x4ecdc722
Time String : 11/24/2011 5:25:06 AM
Product Name : Microsoft® Windows® Operating System
File Description : Multi-User Win32 Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\win32k.sys
==================================================

==================================================
Filename : Dxapi.sys
Address In Stack :
From Address : 0x93ff6000
To Address : 0x94000000
Size : 0x0000a000
Time Stamp : 0x4a5bc265
Time String : 7/14/2009 12:25:25 AM
Product Name : Microsoft® Windows® Operating System
File Description : DirectX API Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Dxapi.sys
==================================================

==================================================
Filename : usbccgp.sys
Address In Stack :
From Address : 0x9078a000
To Address : 0x907a1000
Size : 0x00017000
Time Stamp : 0x4d8c04be
Time String : 3/25/2011 3:58:06 AM
Product Name : Microsoft® Windows® Operating System
File Description : USB Common Class Generic Parent Driver
File Version : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbccgp.sys
==================================================

==================================================
Filename : ZTEusbser6k.sys
Address In Stack :
From Address : 0x907a1000
To Address : 0x907baa80
Size : 0x00019a80
Time Stamp : 0x4aceb1af
Time String : 10/9/2009 4:44:47 AM
Product Name : ZTE USB Modem/Serial Device Driver
File Description : USB Modem/Serial Device Driver
File Version : 1.2059.0.8
Company : ZTE Incorporated
Full Path : C:\Windows\system32\drivers\ZTEusbser6k.sys
==================================================

==================================================
Filename : ZTEusbnmea.sys
Address In Stack :
From Address : 0x907bb000
To Address : 0x907d4a80
Size : 0x00019a80
Time Stamp : 0x4aceb1af
Time String : 10/9/2009 4:44:47 AM
Product Name : ZTE USB Modem/Serial Device Driver
File Description : USB Modem/Serial Device Driver
File Version : 1.2059.0.8
Company : ZTE Incorporated
Full Path : C:\Windows\system32\drivers\ZTEusbnmea.sys
==================================================

==================================================
Filename : USBSTOR.SYS
Address In Stack :
From Address : 0x907d5000
To Address : 0x907ec000
Size : 0x00017000
Time Stamp : 0x4d799e88
Time String : 3/11/2011 5:01:12 AM
Product Name : Microsoft® Windows® Operating System
File Description : USB Mass Storage Class Driver
File Version : 6.1.7601.17577 (win7sp1_gdr.110310-1504)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\USBSTOR.SYS
==================================================

==================================================
Filename : ZTEusbmdm6k.sys
Address In Stack :
From Address : 0x89e9a000
To Address : 0x89eb3a80
Size : 0x00019a80
Time Stamp : 0x4aceb1af
Time String : 10/9/2009 4:44:47 AM
Product Name : ZTE USB Modem/Serial Device Driver
File Description : USB Modem/Serial Device Driver
File Version : 1.2059.0.8
Company : ZTE Incorporated
Full Path : C:\Windows\system32\drivers\ZTEusbmdm6k.sys
==================================================

==================================================
Filename : monitor.sys
Address In Stack :
From Address : 0x907ec000
To Address : 0x907f7000
Size : 0x0000b000
Time Stamp : 0x4a5bc286
Time String : 7/14/2009 12:25:58 AM
Product Name : Microsoft® Windows® Operating System
File Description : Monitor Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\monitor.sys
==================================================

==================================================
Filename : TSDDD.dll
Address In Stack :
From Address : 0x95350000
To Address : 0x95359000
Size : 0x00009000
Time Stamp : 0x4a5bcae4
Time String : 7/14/2009 1:01:40 AM
Product Name : Microsoft® Windows® Operating System
File Description : Framebuffer Display Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\TSDDD.dll
==================================================

==================================================
Filename : cdd.dll
Address In Stack :
From Address : 0x95380000
To Address : 0x9539e000
Size : 0x0001e000
Time Stamp : 0x4ce7b773
Time String : 11/20/2010 12:56:35 PM
Product Name : Microsoft® Windows® Operating System
File Description : Canonical Display Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\cdd.dll
==================================================

==================================================
Filename : ATMFD.DLL
Address In Stack :
From Address : 0x953a0000
To Address : 0x953ed000
Size : 0x0004d000
Time Stamp : 0x4d5f486d
Time String : 2/19/2011 5:34:53 AM
Product Name : Adobe Type Manager
File Description : Windows NT OpenType/Type 1 Font Driver
File Version : 5.1 Build 234
Company : Adobe Systems Incorporated
Full Path : C:\Windows\system32\ATMFD.DLL
==================================================

==================================================
Filename : luafv.sys
Address In Stack :
From Address : 0xaa439000
To Address : 0xaa454000
Size : 0x0001b000
Time Stamp : 0x4a5bc020
Time String : 7/14/2009 12:15:44 AM
Product Name : Microsoft® Windows® Operating System
File Description : LUA File Virtualization Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\luafv.sys
==================================================

==================================================
Filename : aswMonFlt.sys
Address In Stack :
From Address : 0xaa454000
To Address : 0xaa48c000
Size : 0x00038000
Time Stamp : 0x4ed3ca46
Time String : 11/28/2011 6:52:06 PM
Product Name : avast! Antivirus System
File Description : avast! File System Minifilter for Windows 2003/Vista
File Version : 6.0.1367.0
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswMonFlt.sys
==================================================

==================================================
Filename : aswFsBlk.SYS
Address In Stack :
From Address : 0xaa48c000
To Address : 0xaa48ef00
Size : 0x00002f00
Time Stamp : 0x4ed3ca35
Time String : 11/28/2011 6:51:49 PM
Product Name : avast! Antivirus System
File Description : avast! File System Access Blocking Driver
File Version : 6.0.1367.0
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswFsBlk.SYS
==================================================

==================================================
Filename : WudfPf.sys
Address In Stack :
From Address : 0xaa48f000
To Address : 0xaa4a9000
Size : 0x0001a000
Time Stamp : 0x4ce79bdf
Time String : 11/20/2010 10:58:55 AM
Product Name : Microsoft® Windows® Operating System
File Description : Windows Driver Foundation - User-mode Driver Framework Platform Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\WudfPf.sys
==================================================

==================================================
Filename : lltdio.sys
Address In Stack :
From Address : 0xaa4a9000
To Address : 0xaa4b9000
Size : 0x00010000
Time Stamp : 0x4a5bc8ee
Time String : 7/14/2009 12:53:18 AM
Product Name : Microsoft® Windows® Operating System
File Description : Link-Layer Topology Mapper I/O Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\lltdio.sys
==================================================

==================================================
Filename : nwifi.sys
Address In Stack :
From Address : 0xaa4b9000
To Address : 0xaa4ff000
Size : 0x00046000
Time Stamp : 0x4a5bc89f
Time String : 7/14/2009 12:51:59 AM
Product Name : Microsoft® Windows® Operating System
File Description : NativeWiFi Miniport Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\nwifi.sys
==================================================

==================================================
Filename : ndisuio.sys
Address In Stack :
From Address : 0xaa4ff000
To Address : 0xaa50f000
Size : 0x00010000
Time Stamp : 0x4ce79dac
Time String : 11/20/2010 11:06:36 AM
Product Name : Microsoft® Windows® Operating System
File Description : NDIS User mode I/O driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndisuio.sys
==================================================

==================================================
Filename : rspndr.sys
Address In Stack :
From Address : 0xaa50f000
To Address : 0xaa522000
Size : 0x00013000
Time Stamp : 0x4a5bc8f0
Time String : 7/14/2009 12:53:20 AM
Product Name : Microsoft® Windows® Operating System
File Description : Link-Layer Topology Responder Driver for NDIS 6
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rspndr.sys
==================================================

==================================================
Filename : bowser.sys
Address In Stack :
From Address : 0xaa522000
To Address : 0xaa53b000
Size : 0x00019000
Time Stamp : 0x4d649164
Time String : 2/23/2011 5:47:32 AM
Product Name : Microsoft® Windows® Operating System
File Description : NT Lan Manager Datagram Receiver Driver
File Version : 6.1.7601.17565 (win7sp1_gdr.110222-1630)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\bowser.sys
==================================================

==================================================
Filename : mpsdrv.sys
Address In Stack :
From Address : 0xaa53b000
To Address : 0xaa54d000
Size : 0x00012000
Time Stamp : 0x4a5bc8d4
Time String : 7/14/2009 12:52:52 AM
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Protection Service Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mpsdrv.sys
==================================================

==================================================
Filename : mrxsmb.sys
Address In Stack :
From Address : 0xaa54d000
To Address : 0xaa570000
Size : 0x00023000
Time Stamp : 0x4db77cb0
Time String : 4/27/2011 3:17:20 AM
Product Name : Microsoft® Windows® Operating System
File Description : Windows NT SMB Minirdr
File Version : 6.1.7601.17605 (win7sp1_gdr.110426-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mrxsmb.sys
==================================================

==================================================
Filename : mrxsmb10.sys
Address In Stack :
From Address : 0xaa570000
To Address : 0xaa5ab000
Size : 0x0003b000
Time Stamp : 0x4e17bd25
Time String : 7/9/2011 3:29:57 AM
Product Name : Microsoft® Windows® Operating System
File Description : Longhorn SMB Downlevel SubRdr
File Version : 6.1.7601.17647 (win7sp1_gdr.110708-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mrxsmb10.sys
==================================================

==================================================
Filename : mrxsmb20.sys
Address In Stack :
From Address : 0xaa5ab000
To Address : 0xaa5c6000
Size : 0x0001b000
Time Stamp : 0x4db77cb6
Time String : 4/27/2011 3:17:26 AM
Product Name : Microsoft® Windows® Operating System
File Description : Longhorn SMB 2.0 Redirector
File Version : 6.1.7601.17605 (win7sp1_gdr.110426-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mrxsmb20.sys
==================================================

==================================================
Filename : cdrpdacc.sys
Address In Stack :
From Address : 0xaa5de000
To Address : 0xaa5df2c0
Size : 0x000012c0
Time Stamp : 0x3f9ed925
Time String : 10/28/2003 10:01:25 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : HTTP.sys
Address In Stack :
From Address : 0xaa5e0000
To Address : 0xaa665000
Size : 0x00085000
Time Stamp : 0x4ce78971
Time String : 11/20/2010 9:40:17 AM
Product Name : Microsoft® Windows® Operating System
File Description : HTTP Protocol Stack
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HTTP.sys
==================================================

==================================================
Filename : mdmxsdk.sys
Address In Stack :
From Address : 0xaa665000
To Address : 0xaa668180
Size : 0x00003180
Time Stamp : 0x449716a3
Time String : 6/19/2006 10:26:59 PM
Product Name : Diagnostic Interface x86 Driver
File Description : Diagnostic Interface x86 Driver
File Version : 1.0.2.012
Company : Conexant
Full Path : C:\Windows\system32\drivers\mdmxsdk.sys
==================================================

==================================================
Filename : peauth.sys
Address In Stack :
From Address : 0xaa669000
To Address : 0xaa700000
Size : 0x00097000
Time Stamp : 0x4a5bd2e0
Time String : 7/14/2009 1:35:44 AM
Product Name : Microsoft® Windows® Operating System
File Description : Protected Environment Authentication and Authorization Export Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\peauth.sys
==================================================

==================================================
Filename : secdrv.SYS
Address In Stack :
From Address : 0xaa700000
To Address : 0xaa70a000
Size : 0x0000a000
Time Stamp : 0x45080528
Time String : 9/13/2006 2:18:32 PM
Product Name : Macrovision SECURITY Driver
File Description : Macrovision SECURITY Driver
File Version : 4.03.086
Company : Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
Full Path : C:\Windows\system32\drivers\secdrv.SYS
==================================================

==================================================
Filename : srvnet.sys
Address In Stack :
From Address : 0xaa70a000
To Address : 0xaa72b000
Size : 0x00021000
Time Stamp : 0x4dba2670
Time String : 4/29/2011 3:46:08 AM
Product Name : Microsoft® Windows® Operating System
File Description : Server Network driver
File Version : 6.1.7601.17608 (win7sp1_gdr.110428-1525)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\srvnet.sys
==================================================

==================================================
Filename : tcpipreg.sys
Address In Stack :
From Address : 0xaa72b000
To Address : 0xaa738000
Size : 0x0000d000
Time Stamp : 0x4ce79dd1
Time String : 11/20/2010 11:07:13 AM
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Registry Compatibility Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tcpipreg.sys
==================================================

==================================================
Filename : XAudio32.sys
Address In Stack :
From Address : 0xaa738000
To Address : 0xaa740000
Size : 0x00008000
Time Stamp : 0x49f89a87
Time String : 4/29/2009 7:20:55 PM
Product Name : SoftK56 Modem Driver
File Description : Modem Audio Device Driver
File Version : 1.00.23.00 built by: WinDDK
Company : Conexant Systems, Inc.
Full Path : C:\Windows\system32\drivers\XAudio32.sys
==================================================

==================================================
Filename : srv2.sys
Address In Stack :
From Address : 0xaa740000
To Address : 0xaa790000
Size : 0x00050000
Time Stamp : 0x4dba2675
Time String : 4/29/2011 3:46:13 AM
Product Name : Microsoft® Windows® Operating System
File Description : Smb 2.0 Server driver
File Version : 6.1.7601.17608 (win7sp1_gdr.110428-1525)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\srv2.sys
==================================================

==================================================
Filename : srv.sys
Address In Stack :
From Address : 0xaa790000
To Address : 0xaa7e2000
Size : 0x00052000
Time Stamp : 0x4dba2686
Time String : 4/29/2011 3:46:30 AM
Product Name : Microsoft® Windows® Operating System
File Description : Server driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\srv.sys
==================================================

==================================================
Filename : asyncmac.sys
Address In Stack :
From Address : 0xaa421000
To Address : 0xaa42a000
Size : 0x00009000
Time Stamp : 0x4a5bc946
Time String : 7/14/2009 12:54:46 AM
Product Name : Microsoft® Windows® Operating System
File Description : MS Remote Access serial network driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\asyncmac.sys
==================================================

==================================================
Filename : mbam.sys
Address In Stack :
From Address : 0xaa42a000
To Address : 0xaa42d780
Size : 0x00003780
Time Stamp : 0x4eb1408d
Time String : 11/2/2011 2:07:25 PM
Product Name : Malwarebytes' Anti-Malware
File Description : Malwarebytes' Anti-Malware
File Version : 1.60.0.0002 built by: WinDDK
Company : Malwarebytes Corporation
Full Path : C:\Windows\system32\drivers\mbam.sys
==================================================

==================================================
Filename : uwdirpod.sys
Address In Stack :
From Address : 0xaa7e2000
To Address : 0xaa7faa00
Size : 0x00018a00
Time Stamp : 0x4e21f298
Time String : 7/16/2011 9:20:40 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : mbamswissarmy.sys
Address In Stack :
From Address : 0xaa400000
To Address : 0xaa408000
Size : 0x00008000
Time Stamp : 0x4e807679
Time String : 9/26/2011 1:56:25 PM
Product Name : Malwarebytes' Anti-Malware
File Description : Malwarebytes' Anti-Malware
File Version : 1.60.0.0000 built by: WinDDK
Company : Malwarebytes Corporation
Full Path : C:\Windows\system32\drivers\mbamswissarmy.sys
==================================================

==================================================
Filename : crashdmp.sys
Address In Stack :
From Address : 0xd24a5000
To Address : 0xd24b2000
Size : 0x0000d000
Time Stamp : 0x4a5bc72e
Time String : 7/14/2009 12:45:50 AM
Product Name : Microsoft® Windows® Operating System
File Description : Crash Dump Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\crashdmp.sys
==================================================

==================================================
Filename : dump_pciidex.sys
Address In Stack :
From Address : 0xd24b2000
To Address : 0xd24bd000
Size : 0x0000b000
Time Stamp : 0x4a5bbf14
Time String : 7/14/2009 12:11:16 AM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : dump_msahci.sys
Address In Stack :
From Address : 0xd24bd000
To Address : 0xd24c7000
Size : 0x0000a000
Time Stamp : 0x4ce799f8
Time String : 11/20/2010 10:50:48 AM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================

==================================================
Filename : dump_dumpfve.sys
Address In Stack :
From Address : 0xd24c7000
To Address : 0xd24d8000
Size : 0x00011000
Time Stamp : 0x4a5bbf6f
Time String : 7/14/2009 12:12:47 AM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================








(Please, do not close the topic yet and still have in mind my status regarding internet and 5-day rule)

Attached Files

  • Attached File  gmer.log   68.01KB   64 downloads

Edited by Fidel Castro, 04 February 2012 - 11:26 AM.

  • 0

#6
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

Some info on the crash you experienced:

Stop 0x0000007A or KERNEL_DATA_INPAGE_ERROR

A 07A indicates that a paging (virtual memory) file could not be found or read into memory. This might be due to incompatible disk or controller drivers, firmware, or hardware.

the second parameter I/O status code determines possible cause.
0xC0000185, or STATUS_IO_DEVICE_ERROR, indicates improper termination, defective storage controller hardware, or defective disk cabling, or two devices attempting to use the same resources.


From what I see here, this looks much more like a hardware issue than a malware issue and indeed in all the logs I haven't found an indication for malware. So my recommendation would be that you repost in the hardware section and ask there, as this seems to be rather likely a hardware issue. I don't think this has to do with malware or necessarily with the virtual drives (although SPTD is known to cause issues with quite some security softwares).

regards myrti
  • 0

#7
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP