TechSpot

Path not found to taskmgr.exe

By captainiom
Mar 2, 2012
  1. I have a Vista problem which I suspect is registry related. Any attempt to start the task manager fails with a path not found error. That includes ctrl alt del, run command, navigating to \Windows\system32 and moving a copy to \temp. However, renamin the copy to fred.exe does work which suggests that there is a block on the name in the registry.
    I have followed the malware 5 steps very carefully and paste below the results as requested.

    I considered usin max reistry cleaner but it apparently 'found' so many errors on its scan that i baulked.

    If you can point me in the riht direction I would be very pleased. I have some 40 years computer experience so even in retirement I want to solve this attack.

    Kind regards from the Isle of Man, British Isles!

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.02.03

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    User :: JSM-LATOP [administrator]

    02/03/2012 16:41:46
    mbam-log-2012-03-02 (16-41-46).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 282829
    Time elapsed: 9 minute(s), 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-02 16:58:22
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005a WDC_WD16 rev.11.0
    Running: fth2ip73.exe; Driver: C:\Users\User\AppData\Local\Temp\kwrdrpow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 19/10/2009 02:31:29
    System Uptime: 02/03/2012 09:11:19 (8 hours ago)
    .
    Motherboard: MEDION | | WAM2070
    Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53 | U1 | 1700/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 130 GiB total, 57.268 GiB free.
    D: is FIXED (NTFS) - 20 GiB total, 0.002 GiB free.
    E: is CDROM ()
    G: is FIXED (NTFS) - 149 GiB total, 60.378 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player Plugin
    Adobe Reader X (10.1.1)
    Apple Application Support
    Apple Software Update
    ArcSoft Software Suite
    Bing Bar
    Britannica CD 2000
    CCleaner
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco Network Magic
    Cisco PEAP Module
    Classic Client 5.2 Patch1
    Coupon Printer for Windows
    Crossword Maestro
    Defraggler
    Dev-C++ 5 beta 9 release (4.9.9.2)
    Dynamic Report Decoder 1.04.00.02
    eSigner 3x
    FileZilla Client 3.5.3
    Fix RegCleaner v1.0
    Google Earth
    Google Update Helper
    Gpg4win (2.1.0)
    Hardware Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Deskjet 1050 J410 series Basic Device Software
    HP Deskjet 1050 J410 series Help
    HP Photo Creations
    HP Update
    IEEE 802.11a-b-g Wireless LAN Utility
    IEEE 802.11g Wireless LAN driver
    Java Auto Updater
    Java(TM) 6 Update 29
    Launch Manager V1.4.0
    Legacy 7.5
    LightScribe 1.4.124.1
    Malwarebytes Anti-Malware version 1.60.1.1000
    Max Registry Cleaner
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network Magic
    NVIDIA Drivers
    NZMapConv
    OpenOffice.org 3.3
    Opera 11.51
    Penguin Hutchinson Reference Suite
    POPFile 1.1.1
    POPFile Data (User)
    Pure Networks Platform
    QuickShadow 2.4.0.0
    QuickTime
    Ralink RT2870 Wireless LAN Card
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Sibelius 6
    Sibelius 6.2.0.88
    Skype Click to Call
    Skype™ 5.5
    Speccy
    SuyinCam
    Synaptics Pointing Device Driver
    Total Immersion D'Fusion @Home Web Plug-In
    Turnpike Six
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    WebEx
    WebEx Support Manager for Internet Explorer
    Windows Live ID Sign-in Assistant
    WinZip
    .
    ==== Event Viewer Messages From Past Week ========
    .
    29/02/2012 14:47:33, Error: Microsoft-Windows-SharedAccess_NAT [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.6. The allocator has disabled itself on the interface to avoid confusing DHCP clients.
    29/02/2012 14:42:43, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    29/02/2012 09:31:13, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    29/02/2012 09:30:45, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Deskjet 6980 series with shared resource name HP Deskjet 6980 series. Error 2114. The printer cannot be used by others on the network.
    29/02/2012 09:30:30, Error: EventLog [6008] - The previous system shutdown at 09:15:55 on 29/02/2012 was unexpected.
    29/02/2012 09:28:36, Error: Service Control Manager [7023] -
    28/02/2012 11:11:46, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    28/02/2012 11:01:32, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    02/03/2012 17:02:07, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume BOOT.
    02/03/2012 17:00:19, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    02/03/2012 16:58:58, Error: Microsoft-Windows-SharedAccess_NAT [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from a client. The data is the error code.
    02/03/2012 16:58:58, Error: Microsoft-Windows-SharedAccess_NAT [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.3. The allocator has disabled itself on the interface to avoid confusing DHCP clients.
    02/03/2012 16:58:53, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 0016D383F625 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    02/03/2012 12:09:15, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 0060B3384B84 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    02/03/2012 10:02:01, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    02/03/2012 09:12:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mailKmd
    02/03/2012 09:12:36, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    02/03/2012 09:11:56, Error: EventLog [6008] - The previous system shutdown at 08:48:43 on 02/03/2012 was unexpected.
    01/03/2012 10:34:16, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    01/03/2012 10:33:39, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 0016D383F625 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    01/03/2012 10:33:35, Error: EventLog [6008] - The previous system shutdown at 10:23:33 on 01/03/2012 was unexpected.
    .
    ==== End Of File ===========================


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by User at 17:00:46 on 2012-03-02
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.565 [GMT 0:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\QuicklyTech\QuickShadow.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\atashost.exe
    C:\Program Files\GNU\GnuPG\dirmngr.exe
    C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Ralink\Common\RaRegistry.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSD.exe
    C:\Program Files\Launch Manager\WButton.exe
    C:\Program Files\Launch Manager\WisLMSvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Synaptics\SynTP\SynMedion.exe
    C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\PHRS\LibMan.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\PROGRA~1\POPFile\popfileib.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Max Registry Cleaner\RCVistaService.exe
    C:\temp\fred.exe
    C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.manx.net/
    uDefault_Page_URL = hxxp://www.msn.com
    mDefault_Page_URL = hxxp://www.medion.com/
    uInternet Settings,ProxyOverride = hxxp://localhost;
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [LaunchAp] "c:\program files\launch manager\LaunchAp.exe"
    mRun: [HotkeyApp] "c:\program files\launch manager\HotkeyApp.exe"
    mRun: [LMgrOSD] "c:\program files\launch manager\OSD.exe"
    mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [RegTool] c:\program files\gemalto\classic client\bin\RegTool.exe
    mRun: [TaskTray]
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    mRun: [RCAutoLiveUpdate] c:\program files\max registry cleaner\MaxLURC.exe -AUTO
    mRun: [RCSystemTray] c:\program files\max registry cleaner\MaxRCSystemTray.exe
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAxADMAOQA3ADgAMgAyADMALQBCADMALQBUAEIAOQArADIALQBGAEwAKwA5AC0ARgA5AE0ANwBCACsANQA"&"prod=90"&"ver=9.0.872
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\runpop~1.lnk - c:\program files\popfile\runpopfile.exe
    StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wplink~1.lnk - c:\program files\phrs\LibMan.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Trusted Zone: barclayswealth.com\www
    Trusted Zone: bacs.co.uk\paymentservices
    Trusted Zone: barclays.com\ams
    Trusted Zone: barclays.com\ibank1.bib
    Trusted Zone: barclays.com\www.iceb
    Trusted Zone: iplservices.voca.com
    Trusted Zone: paymentservices.fpsdca.co.uk
    Trusted Zone: tradeonlineservices.com\europe
    DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.hodder.co.uk/paintedcavesar/plugin/DFusionHomeWebPlugIn.Installer.exe
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{C61D10ED-25E2-4D77-B092-B6662874A5EF} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{F254966D-B4BC-43CF-BDFD-844E16CE01A1} : DhcpNameServer = 192.168.0.1
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IFEO: taskmgr.exe - "c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\nmi62ys7\PROCEXP.EXE"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 64952]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-4-20 20376]
    R2 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2011-3-2 224256]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-11-12 21504]
    R2 GslShmSrvc;GSL Share Memory;c:\program files\gemalto\classic client\bin\GslShmSrvc.exe [2009-2-26 69632]
    R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2011-10-21 185632]
    R2 RCVistaSvc;RCVistaSvc;c:\program files\max registry cleaner\RCVistaService.exe [2012-3-2 1076880]
    R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
    R3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2009-8-10 89600]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    R3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2007-7-17 118784]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-3 136176]
    S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athru6.sys [2011-5-1 871936]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-3 136176]
    S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2011-10-21 822272]
    S3 NtiEnc;NtiEnc;c:\windows\system32\drivers\NtiEnc.sys [2010-3-30 156928]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-03-02 16:59:53 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b43508cc-eed2-46bb-a153-acc7a6285b7f}\mpengine.dll
    2012-03-02 16:39:40 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
    2012-03-02 16:39:25 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-02 16:39:23 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-02 16:39:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-02 12:11:44 -------- d-----w- c:\programdata\Max Secure
    2012-03-02 12:11:18 151472 ----a-w- c:\windows\system32\GetHardDiskNo.dll
    2012-03-02 12:11:07 -------- d-----w- c:\windows\MaxSecureBackup
    2012-03-02 12:11:07 -------- d-----w- c:\program files\Max Registry Cleaner
    2012-03-02 11:39:59 -------- d-----w- c:\program files\Fix RegCleaner
    2012-02-28 13:22:11 -------- d-----w- c:\program files\Pure Networks
    2012-02-28 13:17:48 8892928 ----a-w- c:\programdata\atscie.msi
    2012-02-28 13:16:22 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys
    2012-02-28 13:15:09 27696 ----a-w- c:\windows\system32\drivers\purendis.sys
    2012-02-28 13:14:35 -------- d-----w- c:\program files\common files\Pure Networks Shared
    2012-02-28 13:14:11 -------- d-----w- c:\programdata\Pure Networks
    2012-02-25 09:02:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2012-02-25 09:02:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2012-02-25 09:02:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2012-02-25 09:02:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2012-02-25 09:02:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2012-02-25 09:02:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2012-02-25 09:02:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2012-02-15 07:09:46 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-15 07:09:44 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-02-15 07:09:42 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-02-10 09:55:32 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{eab30799-6846-4a5f-bd52-ac0c2f90e658}\gapaengine.dll
    2012-02-06 19:23:19 784144 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
    .
    ==================== Find3M ====================
    .
    2012-02-20 09:52:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
    2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
    2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 17:01:38.70 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    Don't.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ====================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. captainiom

    captainiom TS Rookie Topic Starter Posts: 21

    BSOD running aswMBR

    Following instructions downloaded from AVAST, updated virus definitions and scan. After approx 3 minutes BSOD with restart data as follows:-

    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.0.6002.2.2.0.768.3
    Locale ID: 2057

    Additional information about the problem:
    BCCode: d1
    BCP1: 00000000
    BCP2: 000000FF
    BCP3: 00000008
    BCP4: 00000000
    OS Version: 6_0_6002
    Service Pack: 2_0
    Product: 768_1

    Files that help describe the problem:
    C:\Windows\Minidump\Mini030312-01.dmp
    C:\Users\User\AppData\Local\Temp\WER-110448-0.sysdata.xml
    C:\Users\User\AppData\Local\Temp\WER3A12.tmp.version.txt

    Read our privacy statement:
    http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409



    After restart tried again and now BSOD after 1 minute while scanning sfloppy.sys I think. Data after restart in safe mode:-
    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.0.6002.2.2.0.768.3
    Locale ID: 2057

    Additional information about the problem:
    BCCode: 7a
    BCP1: C0408090
    BCP2: C000000E
    BCP3: 393508C0
    BCP4: 81012000
    OS Version: 6_0_6002
    Service Pack: 2_0
    Product: 768_1

    Files that help describe the problem:
    C:\Windows\Minidump\Mini030312-02.dmp
    C:\Users\User\AppData\Local\Temp\WER-79045-0.sysdata.xml
    C:\Users\User\AppData\Local\Temp\WER3BA8.tmp.version.txt

    Read our privacy statement:
    http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409



    tried running asw in safe mode but failed because (of course) no driver loaded.



    Do you wish me to forward any of the data files collected in the crashes?
    Do you wish me to uninstall the regcleaner?
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Yes.

    Go ahead with Bootkit Remover.
     
  5. captainiom

    captainiom TS Rookie Topic Starter Posts: 21

    bootkit

    reg cleaner uninstalled and rebooted laptop

    downloaded boot_cleaner

    suspended non important apps such as skype

    ran boot_cleaner with output as follows:-

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. captainiom

    captainiom TS Rookie Topic Starter Posts: 21

    combofix run

    instructions followed precisely. only problem was on rebootin after completion to brin back all programs. First reboot had no sound so skype did not work. Rebooted aain and OK. task manaer now starts from ctr alt del.
    Output of txt file follows. However, I would really like to know what was the infection and any pointers as to how it ot past MSE and firewall (and my hardware netgear firewall). It worries me that standard protection does not seem to be adequate ):

    ComboFix 12-03-02.01 - User 03/03/2012 19:00:58.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.1044 [GMT 0:00]
    Running from: c:\users\User\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\SPL1C4.tmp
    c:\programdata\SPL1CC2.tmp
    c:\programdata\SPL4F01.tmp
    c:\programdata\SPL8BAB.tmp
    c:\programdata\SPLA755.tmp
    c:\programdata\SPLA75B.tmp
    c:\programdata\SPLC89E.tmp
    c:\programdata\SPLCD0E.tmp
    c:\programdata\SPLEB57.tmp
    c:\programdata\SPLEDAA.tmp
    c:\users\User\11n.pdf
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\oobe\audit.exe
    c:\windows\system32\oobe\msoobe.exe
    c:\windows\system32\oobe\oobeldr.exe
    c:\windows\system32\oobe\Setup.exe
    c:\windows\system32\oobe\windeploy.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-03 19:09 . 2012-03-03 19:09 -------- d-----w- c:\users\personal\AppData\Local\temp
    2012-03-03 19:09 . 2012-03-03 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-03 19:09 . 2012-03-03 19:09 -------- d-----w- c:\users\mannin\AppData\Local\temp
    2012-03-03 19:09 . 2012-03-03 19:09 -------- d-----w- c:\users\group\AppData\Local\temp
    2012-03-03 19:09 . 2012-03-03 19:09 -------- d-----w- c:\users\estates\AppData\Local\temp
    2012-03-03 19:09 . 2012-03-03 19:09 -------- d-----w- c:\users\dollar\AppData\Local\temp
    2012-03-03 19:09 . 2012-03-03 19:09 -------- d-----w- c:\users\consultancy\AppData\Local\temp
    2012-03-03 18:36 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CAD81826-92B0-46A0-894D-CBA234AF1882}\mpengine.dll
    2012-03-03 08:06 . 2011-07-18 18:34 0 ----a-w- c:\windows\system\SysRegC.dll
    2012-03-02 16:39 . 2012-03-02 16:39 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
    2012-03-02 16:39 . 2012-03-02 16:39 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-02 12:11 . 2012-03-02 12:11 -------- d-----w- c:\programdata\Max Secure
    2012-03-02 12:11 . 2011-07-18 18:34 151472 ----a-w- c:\windows\system32\GetHardDiskNo.dll
    2012-03-02 12:11 . 2012-03-03 18:21 -------- d-----w- c:\program files\Max Registry Cleaner
    2012-03-02 11:39 . 2012-03-02 11:56 -------- d-----w- c:\program files\Fix RegCleaner
    2012-02-28 13:22 . 2012-02-28 13:22 -------- d-----w- c:\program files\Pure Networks
    2012-02-28 13:17 . 2012-02-28 13:17 8892928 ----a-w- c:\programdata\atscie.msi
    2012-02-28 13:16 . 2009-07-07 14:48 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys
    2012-02-28 13:15 . 2012-02-28 13:16 -------- dc----w- c:\windows\system32\DRVSTORE
    2012-02-28 13:15 . 2009-07-07 14:48 27696 ----a-w- c:\windows\system32\drivers\purendis.sys
    2012-02-28 13:14 . 2012-02-28 13:14 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
    2012-02-28 13:14 . 2012-02-28 13:25 -------- d-----w- c:\programdata\Pure Networks
    2012-02-28 09:52 . 2012-02-28 09:54 -------- d-----w- c:\users\User\AppData\Roaming\Ahead
    2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2012-02-25 09:02 . 2012-02-25 09:02 -------- d-----w- c:\programdata\Apple Computer
    2012-02-15 07:09 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-15 07:09 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-02-15 07:09 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-02-10 09:55 . 2012-02-10 09:54 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAB30799-6846-4A5F-BD52-AC0C2F90E658}\gapaengine.dll
    2012-02-06 19:23 . 2012-02-06 19:23 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-20 09:52 . 2011-05-22 09:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-08 06:03 . 2010-12-05 02:25 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-01-31 12:44 . 2009-11-11 18:22 237072 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-12 17351304]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
    "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
    "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-04-16 192512]
    "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
    "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-06-19 195072]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "RegTool"="c:\program files\Gemalto\Classic Client\BIN\RegTool.exe" [2009-06-18 885760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
    "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAAxADMAOQA3ADgAMgAyADMALQBCADMALQBUAEIAOQArADIALQBGAEwAKwA5AC0ARgA5AE0ANwBCACsANQA&prod=90&ver=9.0.872" [?]
    .
    c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    Run POPFile.lnk - c:\program files\POPFile\runpopfile.exe [2009-7-16 71822]
    wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-8-18 21504]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2011-10-21 1643808]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-1-15 122880]
    WP Link.lnk - c:\program files\PHRS\LibMan.exe [2010-7-1 250368]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-03 15:45]
    .
    2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-03 15:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.manx.net/
    uInternet Settings,ProxyOverride = hxxp://localhost;
    Trusted Zone: barclayswealth.com\www
    Trusted Zone: bacs.co.uk\paymentservices
    Trusted Zone: barclays.com\ams
    Trusted Zone: barclays.com\ibank1.bib
    Trusted Zone: barclays.com\www.iceb
    Trusted Zone: iplservices.voca.com
    Trusted Zone: paymentservices.fpsdca.co.uk
    Trusted Zone: tradeonlineservices.com\europe
    TCP: DhcpNameServer = 192.168.0.1
    DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
    DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.hodder.co.uk/paintedcavesar/plugin/DFusionHomeWebPlugIn.Installer.exe
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-TaskTray - (no file)
    HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-03 19:10
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H?M???????M???I?ze w????????H???0???$???????d??????w?????????s w?s w??????M???M?Cb?v????4???F??u??M???????M?t?????A???M???????A?f?o`Cb?v|????????e@?H???????????0?A?jl?`??????A???@???M??|@???M???o`??@???M????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-03-03 19:13:37
    ComboFix-quarantined-files.txt 2012-03-03 19:13
    .
    Pre-Run: 84,736,757,760 bytes free
    Post-Run: 85,112,156,160 bytes free
    .
    - - End Of File - - D0F7AF4E9D85488781DF6A5184FAD6DA
    Kind regards from Isle of Man and your efforts are REALLY appreciated.

    Stuart McKenzie
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good news :)

    To answer your question there is no perfect security program.
    A lot depends on your computing habits and....bad guys will always figure some new ways to mess with your computer.

    I can see two registry cleaners:
    Max Registry Cleaner
    Fix RegCleaner v1.0

    Did you uninstall both?

    =================================================================

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system\SysRegC.dll
    c:\windows\system32\GetHardDiskNo.dll
    c:\programdata\atscie.msi
    
    
    Folder::
    c:\programdata\Max Secure
    c:\program files\Max Registry Cleaner
    c:\program files\Fix RegCleaner
    
    
    DDS::
    uInternet Settings,ProxyOverride = hxxp://localhost;
    Trusted Zone: barclayswealth.com\www
    Trusted Zone: bacs.co.uk\paymentservices
    Trusted Zone: barclays.com\ams
    Trusted Zone: barclays.com\ibank1.bib
    Trusted Zone: barclays.com\www.iceb
    Trusted Zone: iplservices.voca.com
    Trusted Zone: paymentservices.fpsdca.co.uk
    Trusted Zone: tradeonlineservices.com\europe
    
    Registry::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  9. captainiom

    captainiom TS Rookie Topic Starter Posts: 21

    combofix 2nd run

    please excuse the missing g's - there is a kb problem......


    2nd run successful but note stage 5 took as lon to run as the other 45 stages combined

    task manager still starting from ctrl alt del.

    My concern for the security measures in place and why I would like to know which infection has been the cause of the problem is that this is my wife's computer and, at 73, she is unlikely to have been visitin porn sites even if she knew how! I have quizzed her over any funnies she miht have encountered in the past few weeks but apart from emails and skype the only IE work has been searching for 'loose covers' for the settee :)

    Anyway here is the txt file:-

    ComboFix 12-03-02.01 - User 03/03/2012 21:45:59.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.1026 [GMT 0:00]
    Running from: c:\users\User\Downloads\ComboFix.exe
    Command switches used :: c:\users\User\Downloads\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\programdata\atscie.msi"
    "c:\windows\system\SysRegC.dll"
    "c:\windows\system32\GetHardDiskNo.dll"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Max Registry Cleaner
    c:\program files\Max Registry Cleaner\Liveupdate\ServerVersion.txt
    c:\program files\Max Registry Cleaner\Log\RCLiveupdateLog.txt
    c:\program files\Max Registry Cleaner\Log\ScanLog.txt
    c:\program files\Max Registry Cleaner\Log\VoucherLog.txt
    c:\programdata\Max Secure
    c:\programdata\Max Secure\Max Registry Cleaner\SYSRegC.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-03 22:21 . 2012-03-03 22:21 -------- d-----w- c:\users\personal\AppData\Local\temp
    2012-03-03 22:21 . 2012-03-03 22:21 -------- d-----w- c:\users\mannin\AppData\Local\temp
    2012-03-03 22:21 . 2012-03-03 22:21 -------- d-----w- c:\users\group\AppData\Local\temp
    2012-03-03 22:21 . 2012-03-03 22:21 -------- d-----w- c:\users\estates\AppData\Local\temp
    2012-03-03 22:21 . 2012-03-03 22:21 -------- d-----w- c:\users\dollar\AppData\Local\temp
    2012-03-03 22:21 . 2012-03-03 22:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-03 22:21 . 2012-03-03 22:21 -------- d-----w- c:\users\consultancy\AppData\Local\temp
    2012-03-03 19:21 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95635104-B1DD-41C9-B9AC-1CDFC1E07D5C}\mpengine.dll
    2012-03-03 08:06 . 2011-07-18 18:34 0 ----a-w- c:\windows\system\SysRegC.dll
    2012-03-02 16:39 . 2012-03-02 16:39 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
    2012-03-02 16:39 . 2012-03-02 16:39 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-02 12:11 . 2011-07-18 18:34 151472 ----a-w- c:\windows\system32\GetHardDiskNo.dll
    2012-02-28 13:22 . 2012-02-28 13:22 -------- d-----w- c:\program files\Pure Networks
    2012-02-28 13:17 . 2012-02-28 13:17 8892928 ----a-w- c:\programdata\atscie.msi
    2012-02-28 13:16 . 2009-07-07 14:48 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys
    2012-02-28 13:15 . 2012-02-28 13:16 -------- dc----w- c:\windows\system32\DRVSTORE
    2012-02-28 13:15 . 2009-07-07 14:48 27696 ----a-w- c:\windows\system32\drivers\purendis.sys
    2012-02-28 13:14 . 2012-02-28 13:14 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
    2012-02-28 13:14 . 2012-02-28 13:25 -------- d-----w- c:\programdata\Pure Networks
    2012-02-28 09:52 . 2012-02-28 09:54 -------- d-----w- c:\users\User\AppData\Roaming\Ahead
    2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2012-02-25 09:02 . 2012-02-25 09:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2012-02-25 09:02 . 2012-02-25 09:02 -------- d-----w- c:\programdata\Apple Computer
    2012-02-15 07:09 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-15 07:09 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-02-15 07:09 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-02-10 09:55 . 2012-02-10 09:54 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAB30799-6846-4A5F-BD52-AC0C2F90E658}\gapaengine.dll
    2012-02-06 19:23 . 2012-02-06 19:23 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-20 09:52 . 2011-05-22 09:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-08 06:03 . 2010-12-05 02:25 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-01-31 12:44 . 2009-11-11 18:22 237072 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-12 17351304]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
    "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
    "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-04-16 192512]
    "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
    "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-06-19 195072]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "RegTool"="c:\program files\Gemalto\Classic Client\BIN\RegTool.exe" [2009-06-18 885760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
    "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAAxADMAOQA3ADgAMgAyADMALQBCADMALQBUAEIAOQArADIALQBGAEwAKwA5AC0ARgA5AE0ANwBCACsANQA&prod=90&ver=9.0.872" [?]
    .
    c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    Run POPFile.lnk - c:\program files\POPFile\runpopfile.exe [2009-7-16 71822]
    wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-8-18 21504]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2011-10-21 1643808]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-1-15 122880]
    WP Link.lnk - c:\program files\PHRS\LibMan.exe [2010-7-1 250368]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-03 15:45]
    .
    2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-03 15:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.manx.net/
    Trusted Zone: iplservices.voca.com
    TCP: DhcpNameServer = 192.168.0.1
    DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
    DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.hodder.co.uk/paintedcavesar/plugin/DFusionHomeWebPlugIn.Installer.exe
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-03 22:21
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-03-03 22:23:37
    ComboFix-quarantined-files.txt 2012-03-03 22:23
    ComboFix2.txt 2012-03-03 19:13
    .
    Pre-Run: 80,574,189,568 bytes free
    Post-Run: 80,587,694,080 bytes free
    .
    - - End Of File - - 4AADFB0D89FEB37CFD3FB7732EF61EC1
    Regards

    stuart mckenzie
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    At the end of this topic I'll post some security hints.

    Combofix log looks good.

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. captainiom

    captainiom TS Rookie Topic Starter Posts: 21

    running otl

    otl took 32 mins to run output files below.

    taskmgr starts ok

    outstanding is some problem with network in that it appears half the network is chained to wifi connection with netgear router (even thouh wifi switched off on Medion) while rest includin internet is via ethernet. The online backup quickshadow backs up constantly to a nasduo on 192.168.0.199 and only connects via the second route (apparently). Weird ):

    Output:
    OTL logfile created on: 04/03/2012 09:51:49 - Run 1
    OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\User\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 46.62% Memory free
    3.98 Gb Paging File | 1.49 Gb Available in Paging File | 37.54% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 129.52 Gb Total Space | 75.40 Gb Free Space | 58.22% Space Free | Partition Type: NTFS
    Drive D: | 19.53 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
    Drive G: | 149.05 Gb Total Space | 59.05 Gb Free Space | 39.62% Space Free | Partition Type: NTFS

    Computer Name: JSM-LATOP | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/04 09:43:10 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
    PRC - [2012/02/20 09:52:44 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe
    PRC - [2012/01/30 08:18:24 | 004,136,584 | ---- | M] (QuicklyTech Pty Ltd) -- C:\Program Files\QuicklyTech\QuickShadow.exe
    PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2011/04/20 13:22:54 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
    PRC - [2011/03/02 15:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files\GNU\GnuPG\dirmngr.exe
    PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/12/14 14:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
    PRC - [2009/12/10 10:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaRegistry.exe
    PRC - [2009/08/16 21:33:26 | 000,106,582 | ---- | M] (The POPFile Project) -- C:\Program Files\POPFile\popfileib.exe
    PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2009/06/19 11:44:02 | 000,195,072 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2009/06/18 11:46:00 | 000,885,760 | ---- | M] () -- C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe
    PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/26 14:45:34 | 000,069,632 | ---- | M] (Gemalto) -- C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe
    PRC - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2007/04/16 22:24:10 | 000,192,512 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
    PRC - [2007/02/15 18:52:16 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynMedion.exe
    PRC - [2007/02/15 15:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2006/12/26 18:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
    PRC - [2006/11/18 03:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
    PRC - [2006/11/09 21:37:52 | 000,086,016 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe
    PRC - [2005/10/28 10:00:00 | 000,122,880 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
    PRC - [2005/07/25 20:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe
    PRC - [1998/09/04 12:11:50 | 000,250,368 | ---- | M] () -- C:\Program Files\PHRS\LibMan.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/08 13:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2011/04/27 02:30:48 | 000,061,192 | ---- | M] () -- C:\Program Files\QuicklyTech\QSVSSServer32C.dll
    MOD - [2011/03/01 20:13:18 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
    MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
    MOD - [2009/06/18 11:46:00 | 000,885,760 | ---- | M] () -- C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe
    MOD - [2009/06/03 20:51:24 | 000,409,706 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\DBD\SQLite\SQLite.dll
    MOD - [2009/06/03 20:51:24 | 000,094,298 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\DBI\DBI.dll
    MOD - [2009/06/03 20:51:24 | 000,032,878 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\List\Util\Util.dll
    MOD - [2009/05/24 08:26:14 | 000,020,587 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\Sys\Hostname\Hostname.dll
    MOD - [2009/05/24 08:26:00 | 000,032,867 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\Socket\Socket.dll
    MOD - [2009/05/24 08:25:26 | 000,077,921 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\POSIX\POSIX.dll
    MOD - [2009/05/24 08:25:10 | 000,020,584 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\MIME\Base64\Base64.dll
    MOD - [2009/05/24 08:24:56 | 000,024,667 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\IO\IO.dll
    MOD - [2009/05/24 08:24:38 | 000,024,676 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\File\Glob\Glob.dll
    MOD - [2009/05/24 08:24:32 | 000,024,673 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\Fcntl\Fcntl.dll
    MOD - [2009/05/24 08:22:48 | 000,024,676 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\Digest\MD5\MD5.dll
    MOD - [2009/05/24 08:22:16 | 000,020,573 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\Cwd\Cwd.dll
    MOD - [2009/04/12 13:14:56 | 000,041,055 | ---- | M] () -- C:\Program Files\POPFile\lib\auto\Win32\Win32.dll
    MOD - [2006/11/09 21:37:52 | 000,086,016 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe
    MOD - [2005/07/25 20:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe
    MOD - [1998/09/04 12:11:50 | 000,250,368 | ---- | M] () -- C:\Program Files\PHRS\LibMan.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/04/20 13:22:54 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
    SRV - [2011/03/02 15:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Program Files\GNU\GnuPG\dirmngr.exe -- (DirMngr)
    SRV - [2009/12/10 10:16:10 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
    SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009/02/26 14:45:34 | 000,069,632 | ---- | M] (Gemalto) [Auto | Running] -- C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe -- (GslShmSrvc)
    SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006/11/18 03:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | System | Stopped] -- -- (mailKmd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GemPCExp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
    DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2010/11/04 09:52:05 | 000,156,928 | ---- | M] (NewTech Infosystems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NtiEnc.sys -- (NtiEnc)
    DRV - [2009/12/10 10:15:58 | 000,822,272 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
    DRV - [2009/08/10 12:07:32 | 000,089,600 | ---- | M] (Gemalto) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GemCCID.sys -- (GemCCID)
    DRV - [2009/07/07 14:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
    DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
    DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/07/29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
    DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2007/05/16 17:43:14 | 000,871,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athru6.sys -- (athrusb6)
    DRV - [2007/02/08 01:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2007/01/13 08:40:00 | 004,452,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007/01/09 09:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
    DRV - [2006/11/15 15:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/15 10:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/15 08:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
    DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/09/15 06:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2003/04/28 18:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-957390550-3172770688-424660018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.manx.net/
    IE - HKU\S-1-5-21-957390550-3172770688-424660018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\..\SearchScopes,DefaultScope = {AB40B303-B74C-4256-91B6-2BA9F09E862A}
    IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\..\SearchScopes\{AB40B303-B74C-4256-91B6-2BA9F09E862A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-957390550-3172770688-424660018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    O1 HOSTS File: ([2012/03/03 22:21:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
    O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
    O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [RegTool] C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe ()
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe (The POPFile Project)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-957390550-3172770688-424660018-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-957390550-3172770688-424660018-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O12 - Plugin for: .csd - C:\Program Files\Gemalto\eSigner\plugin\Npcsig.dll (Gemplus)
    O15 - HKLM\..Trusted Domains: iplservices.voca.com ([]https in Trusted sites)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.hodder.co.uk/paintedcavesar/plugin/DFusionHomeWebPlugIn.Installer.exe (CDFusionActiveXCtl Object)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C61D10ED-25E2-4D77-B092-B6662874A5EF}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F254966D-B4BC-43CF-BDFD-844E16CE01A1}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\User\Pictures\2010-12-07 europa up to cork\europa up to cork 080.JPG
    O24 - Desktop BackupWallPaper: C:\Users\User\Pictures\2010-12-07 europa up to cork\europa up to cork 080.JPG
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.IV31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
    Drivers32: VIDC.IV32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
    Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.dll (Intel(R) Corporation)
    Drivers32: VIDC.YVU9 - C:\Windows\System32\IYVU9_32.DLL ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/03 22:23:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/03/03 18:58:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/03 18:58:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/03 18:58:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/03 18:58:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/03/03 18:58:32 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/02 16:39:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
    [2012/03/02 16:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/03/02 12:11:18 | 000,151,472 | ---- | C] (MaxSecure Software) -- C:\Windows\System32\GetHardDiskNo.dll
    [2012/02/28 13:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
    [2012/02/28 13:15:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
    [2012/02/28 13:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
    [2012/02/28 13:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
    [2012/02/28 09:52:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ahead
    [2012/02/25 09:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/02/25 09:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2012/02/20 10:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuicklyTech
    [2012/02/06 19:20:27 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/04 09:21:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/04 08:27:39 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/04 08:27:39 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/03 22:35:22 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/03/03 22:35:22 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/03/03 22:28:16 | 000,012,978 | ---- | M] () -- C:\Users\User\AppData\Roaming\nvModes.001
    [2012/03/03 22:28:08 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
    [2012/03/03 22:27:53 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
    [2012/03/03 22:27:44 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/03 22:27:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/03 22:27:28 | 2011,873,280 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/03 22:21:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/03/03 18:36:11 | 000,000,796 | ---- | M] () -- C:\Users\User\Desktop\bootkitscreen.rtf
    [2012/03/03 18:24:31 | 000,330,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/03/03 08:15:09 | 266,130,871 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/03/03 08:08:05 | 000,001,090 | ---- | M] () -- C:\Users\User\Desktop\crashdurinaswmbr.rtf
    [2012/03/02 11:36:50 | 000,056,010 | ---- | M] () -- C:\Users\User\Documents\cc_20120302_113638.reg
    [2012/03/02 11:35:42 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/02/28 13:22:51 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Network Magic.lnk
    [2012/02/28 13:17:50 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
    [2012/02/28 11:11:47 | 000,012,978 | ---- | M] () -- C:\Users\User\AppData\Roaming\nvModes.dat
    [2012/02/20 10:02:55 | 000,001,722 | ---- | M] () -- C:\Users\User\Desktop\QuickShadow.lnk
    [2012/02/16 12:27:41 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
    [2012/02/15 16:01:37 | 000,013,824 | ---- | M] () -- C:\Users\User\Documents\BM Government paymentsUntitled Document.wps
    [2012/02/15 16:01:37 | 000,002,916 | ---- | M] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/03 19:57:43 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
    [2012/03/03 18:58:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/03 18:58:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/03 18:58:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/03 18:58:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/03 18:58:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/03 18:36:11 | 000,000,796 | ---- | C] () -- C:\Users\User\Desktop\bootkitscreen.rtf
    [2012/03/03 08:26:18 | 2011,873,280 | -HS- | C] () -- C:\hiberfil.sys
    [2012/03/03 08:08:04 | 000,001,090 | ---- | C] () -- C:\Users\User\Desktop\crashdurinaswmbr.rtf
    [2012/03/03 08:06:17 | 000,000,000 | ---- | C] () -- C:\Windows\System\SysRegC.dll
    [2012/03/02 11:36:43 | 000,056,010 | ---- | C] () -- C:\Users\User\Documents\cc_20120302_113638.reg
    [2012/02/28 13:22:51 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Network Magic.lnk
    [2012/02/28 13:22:50 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Magic.lnk
    [2012/02/28 13:17:48 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
    [2012/02/20 10:02:55 | 000,001,722 | ---- | C] () -- C:\Users\User\Desktop\QuickShadow.lnk
    [2012/02/16 12:27:41 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
    [2012/01/08 20:18:35 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{23190CC8-9C61-4A65-A413-33C0A71A1976}
    [2012/01/08 07:16:43 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{A77BEDC7-E80F-40D0-A8CC-F219B755DCC9}
    [2011/10/26 00:15:00 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{943AB5EE-FA02-4C7D-880D-963F63F09754}
    [2011/10/21 11:48:26 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
    [2011/07/17 09:25:32 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{44A04786-641A-44DF-97AB-0E9004F29A15}
    [2011/07/16 22:00:00 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{983B0C05-EB79-45C1-967D-B721EAB3DD74}
    [2011/06/04 22:00:00 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{21F41288-E3C4-4877-8271-8E20D38251D8}
    [2011/05/30 10:11:00 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{D5F01DD9-E485-4E89-82AF-6B5BB04F3F2B}
    [2011/05/29 15:55:00 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{B28857BB-429F-43F3-BB12-636BD3C48F67}
    [2011/05/28 19:32:31 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{32BF1FAC-443E-4618-93DF-BE0B5B2D244C}
    [2011/05/25 20:51:26 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{33149CAA-6E74-49FF-94A4-B9BC35E51810}
    [2011/02/14 10:59:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2011/02/14 10:59:23 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2011/02/14 10:59:23 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2011/02/14 10:59:23 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2011/02/14 10:59:23 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2011/02/14 10:59:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2011/02/14 10:59:23 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2011/02/14 10:59:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2011/02/14 10:59:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2011/02/14 10:59:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
    [2011/02/14 10:59:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2011/02/14 10:59:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2011/02/14 10:59:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2011/02/14 10:59:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2011/02/14 10:59:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2011/02/14 10:59:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
    [2011/02/14 10:59:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
    [2011/02/14 10:59:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2011/02/14 10:59:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2011/01/14 17:28:22 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
    [2011/01/11 07:54:35 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
    [2010/12/08 15:37:22 | 000,056,832 | ---- | C] () -- C:\Windows\System32\IYVU9_32.DLL
    [2010/12/08 15:37:09 | 000,001,522 | ---- | C] () -- C:\Windows\AWA.INI
    [2010/12/07 11:19:27 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
    [2010/12/07 11:19:27 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
    [2010/03/30 17:53:12 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NINJA4.dll
    [2010/03/30 17:52:32 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTSHDW4.dll

    ========== LOP Check ==========

    [2011/09/11 19:28:31 | 000,000,000 | ---D | M] -- C:\Users\group\AppData\Roaming\FileZilla
    [2011/04/24 13:15:48 | 000,000,000 | ---D | M] -- C:\Users\group\AppData\Roaming\Opera
    [2011/02/17 16:03:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Claws-mail
    [2010/12/30 14:43:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\demo
    [2010/02/20 19:53:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dev-Cpp
    [2012/02/22 12:12:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
    [2011/10/18 15:26:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gnupg
    [2011/02/17 16:03:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
    [2011/05/25 20:50:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lexmark Productivity Studio
    [2009/11/25 22:01:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
    [2011/06/14 10:04:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera
    [2012/03/04 04:28:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\POPFile
    [2009/11/13 20:02:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Template
    [2012/03/03 22:26:25 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/01/16 21:50:25 | 000,000,036 | RHS- | M] () -- C:\.uid_xxx
    [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2007/07/17 01:28:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2012/03/03 22:23:38 | 000,010,275 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/03/03 22:27:28 | 2011,873,280 | -HS- | M] () -- C:\hiberfil.sys
    [2010/02/22 13:07:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/08/12 15:09:31 | 000,000,256 | ---- | M] () -- C:\lxdx.log
    [2010/02/22 13:07:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/03/03 22:27:27 | 2325,688,320 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/11/12 13:28:39 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/19 07:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/11/12 10:30:11 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
    [2010/12/07 11:19:27 | 000,000,604 | -H-- | M] () -- C:\Program Files\STLL Notifier

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 10:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/07/15 08:46:43 | 000,000,221 | -HS- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/03/03 22:27:44 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/04 09:21:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/03 22:27:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/03 22:26:25 | 000,032,626 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/10/18 17:41:31 | 000,000,402 | -HS- | M] () -- C:\Users\User\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/02/28 13:17:50 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
    [2011/05/26 19:51:00 | 000,000,252 | ---- | M] () -- C:\ProgramData\FastPics.log
    [2010/12/07 11:19:27 | 000,000,608 | -H-- | M] () -- C:\ProgramData\T2
    [2011/05/26 13:14:27 | 000,000,000 | ---- | M] () -- C:\ProgramData\UpdaterLog.txt

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >



    regards
    stuart mckenzie
     
  12. captainiom

    captainiom TS Rookie Topic Starter Posts: 21

    extras

    OTL Extras logfile created on: 04/03/2012 09:51:49 - Run 1
    OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\User\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 46.62% Memory free
    3.98 Gb Paging File | 1.49 Gb Available in Paging File | 37.54% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 129.52 Gb Total Space | 75.40 Gb Free Space | 58.22% Space Free | Partition Type: NTFS
    Drive D: | 19.53 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
    Drive G: | 149.05 Gb Total Space | 59.05 Gb Free Space | 39.62% Space Free | Partition Type: NTFS

    Computer Name: JSM-LATOP | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00B438FF-3E9D-42C7-8323-CD13A5D95355}" = lport=137 | protocol=17 | dir=in | app=system |
    "{07B6CCC5-39B5-408D-B0F2-5FE0E6A750AA}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{16EA5DEE-131D-4D80-9990-1A3DF0DDA9A1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{275FFFA5-2A3A-4F33-A5C2-B0A0F10B2225}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{2E667C24-C124-47D8-8221-FE45AE7A61E8}" = rport=138 | protocol=17 | dir=out | app=system |
    "{3BAC702A-07BA-4807-B253-CD3C2CD47114}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{3F4F4E1E-F165-4EB3-9A7C-0B0C7A237113}" = lport=139 | protocol=6 | dir=in | app=system |
    "{4C23AF53-A477-4B83-B943-D50BC6D5DF50}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{510A7C1C-0DBE-41E9-91BF-C068A6060BB6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{600B2801-F9BF-4411-BBBA-F3A227D92FE6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{60482A55-B6A2-4B04-9EAE-5F262C2E6056}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{609A9ABD-799B-4EAD-AC87-37F81C82EB50}" = lport=445 | protocol=6 | dir=in | app=system |
    "{622DEC71-5007-43D1-9D3C-FEBE7C08918B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6C1C4C49-65BE-4CB8-AB1F-E8F17855FF6E}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{912F7132-D2EC-4132-9D6E-92CEEFDC7BB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{92AD280B-ABDF-4578-8036-458976093AB9}" = rport=139 | protocol=6 | dir=out | app=system |
    "{95FCA3C1-534A-4E65-BD66-C38BF2B2F2C0}" = rport=137 | protocol=17 | dir=out | app=system |
    "{BB552E9A-B195-48FC-888F-2FFDE08D70CE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{C835FE33-B3B6-4D44-AA31-6961DEB05817}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CC2BCE3E-6C6D-4D6D-9427-99C94F3D3B6A}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
    "{CD75FDA0-F37C-492A-8E10-4BD36A454480}" = rport=445 | protocol=6 | dir=out | app=system |
    "{D0687BAA-E13A-41C2-99A1-5A1C030F26E9}" = lport=138 | protocol=17 | dir=in | app=system |
    "{D06B1473-9C5E-4434-93FF-D4412BA5AE3D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{E1985C29-DC5A-4239-94F2-26F14EF7EA5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{EE9F051A-DA25-4A0D-B846-029756B2FCAA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{F4F3021D-0B01-40B0-A301-098FE6635C69}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F6374CFD-1B36-47EE-B842-B75DF92C092F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02797C8E-E54E-4B4A-880F-15D357F5E222}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "{02CA260F-1647-4D02-895E-D10BA16C0043}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{081551D3-405E-4BC2-814B-8BBC925F9C9C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{0BA25ED8-3FE7-49F0-B74E-4731475013B5}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{153AEBC0-F089-4CB0-84BC-2A7340BC36EB}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{1FAA4737-7B7E-4C84-A071-8E780475D29C}" = protocol=17 | dir=in | app=c:\program files\quicklytech\quickshadow.exe |
    "{41B73224-9404-4D0A-B1F7-96E2869F3EF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{42C2F00B-0055-42C9-BC77-E694E60131D5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{68BE87C8-13C6-4951-82FB-FC8273F66E2C}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
    "{756AF856-DF04-409F-B90C-7222551C9DAB}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{7B2BFAB3-7D07-4F5F-BE93-60629D8A9A46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7DB340A4-A8C7-43D2-9687-2E93B785243E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{82A9B509-BAB8-460C-B7E5-A6721AE7B060}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{8B8FC581-2B1C-4B23-A7CE-EC9E7FA1DF09}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{A1E79FC4-292E-40A5-ABAE-E779F9FC893B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{A332723C-82CC-447B-8C72-F104AA16E446}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{AEBC517C-0DBD-458B-AC36-7EB588703712}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{CC672E1D-4B0B-4CA8-820F-C1687355F76A}" = protocol=6 | dir=in | app=c:\program files\quicklytech\quickshadow.exe |
    "{E842921F-7379-4476-A2C7-03279F536DC2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{EEB35E55-7E5F-4E44-AD92-9E573EEB177E}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "{EFE3352C-26CE-4B8B-B1F2-C4E7230F7969}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "TCP Query User{699F73E3-CB36-4852-85FF-81E1863F7A4C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "TCP Query User{6D7E2CC0-4AB4-4506-8A9C-3B0419A51332}C:\users\user\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\cprogram filesopera\operaupgrader.exe |
    "TCP Query User{FC34815B-DA40-488E-81AE-CB44DB9E155C}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "TCP Query User{FE58B7C2-6E17-47E6-BC7D-FC1D30549C8C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{10DEE4E7-8878-4879-8B2B-B6A442E0526A}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "UDP Query User{3BA79967-2283-4696-A26E-165B197F4A55}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{8ACE9E91-0D5A-423A-AB38-4C1A4EFEFCC2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{B84C9FB4-3573-45FC-88FE-EED77B67E1BB}C:\users\user\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\cprogram filesopera\operaupgrader.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
    "{1EDFA38A-2FEB-4E62-82C9-DA415C0EEF33}" = IEEE 802.11g Wireless LAN driver
    "{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}" = HP Deskjet 1050 J410 series Basic Device Software
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
    "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
    "{312B0A22-CF24-11D3-AB8B-00C04FCF5090}" = Turnpike Six
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = SuyinCam
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78D295FC-9373-400D-A304-4C0985BE3A09}" = NZMapConv
    "{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
    "{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{997698d0-7007-11db-9fe1-0800200c9a66}}_is1" = Dynamic Report Decoder 1.04.00.02
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A05997D5-C080-49E3-93E6-ADE04B272B4F}" = eSigner 3x
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.0
    "{D7D8623B-00E8-496C-BAAF-822FBE33A46B}" = Classic Client 5.2 Patch1
    "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F627582C-B411-47EE-A8F8-0D14A91B2303}" = IEEE 802.11a-b-g Wireless LAN Utility
    "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player Plugin
    "Britannica CD 2000" = Britannica CD 2000
    "CCleaner" = CCleaner
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Crossword Maestro" = Crossword Maestro
    "Defraggler" = Defraggler
    "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
    "D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
    "FileZilla Client" = FileZilla Client 3.5.3
    "GPG4Win" = Gpg4win (2.1.0)
    "Hardware Helper_is1" = Hardware Helper
    "HP Photo Creations" = HP Photo Creations
    "Legacy 7.5" = Legacy 7.5
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Network MagicUninstall" = Network Magic
    "NVIDIA Drivers" = NVIDIA Drivers
    "Opera 11.51.1087" = Opera 11.51
    "Penguin Hutchinson Reference Suite" = Penguin Hutchinson Reference Suite
    "QuicklyTech_QuickShadow_is1" = QuickShadow 2.4.0.0
    "Sibelius 6_is1" = Sibelius 6.2.0.88
    "Speccy" = Speccy
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinZip" = WinZip

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-957390550-3172770688-424660018-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "ActiveTouchMeetingClient" = WebEx
    "POPFile" = POPFile 1.1.1
    "POPFile_Data" = POPFile Data (User)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 04/03/2012 05:41:06 | Computer Name = jsm-latop | Source = VSS | ID = 12289
    Description =

    Error - 04/03/2012 05:41:06 | Computer Name = jsm-latop | Source = VSS | ID = 12289
    Description =

    Error - 04/03/2012 05:41:41 | Computer Name = jsm-latop | Source = VSS | ID = 12289
    Description =

    Error - 04/03/2012 05:41:42 | Computer Name = jsm-latop | Source = VSS | ID = 12289
    Description =

    Error - 04/03/2012 05:58:04 | Computer Name = jsm-latop | Source = VSS | ID = 12289
    Description =

    Error - 04/03/2012 05:58:04 | Computer Name = jsm-latop | Source = VSS | ID = 12289
    Description =

    Error - 04/03/2012 05:58:04 | Computer Name = jsm-latop | Source = VSS | ID = 12289
    Description =

    Error - 04/03/2012 05:58:04 | Computer Name = jsm-latop | Source = VSS | ID = 12289
    Description =

    Error - 04/03/2012 05:58:34 | Computer Name = jsm-latop | Source = VSS | ID = 12289
    Description =

    Error - 04/03/2012 05:58:43 | Computer Name = jsm-latop | Source = VSS | ID = 12289
    Description =

    [ System Events ]
    Error - 03/03/2012 18:40:12 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
    Description = The ICS_IPV6 failed to configure IPv6 stack.

    Error - 03/03/2012 19:02:19 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
    Description = The ICS_IPV6 failed to configure IPv6 stack.

    Error - 03/03/2012 20:25:28 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
    Description = The ICS_IPV6 failed to configure IPv6 stack.

    Error - 03/03/2012 20:59:42 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
    Description = The ICS_IPV6 failed to configure IPv6 stack.

    Error - 03/03/2012 22:22:25 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
    Description = The ICS_IPV6 failed to configure IPv6 stack.

    Error - 03/03/2012 23:20:53 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
    Description = The ICS_IPV6 failed to configure IPv6 stack.

    Error - 04/03/2012 00:43:35 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
    Description = The ICS_IPV6 failed to configure IPv6 stack.

    Error - 04/03/2012 02:42:39 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
    Description = The ICS_IPV6 failed to configure IPv6 stack.

    Error - 04/03/2012 03:41:07 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
    Description = The ICS_IPV6 failed to configure IPv6 stack.

    Error - 04/03/2012 04:03:14 | Computer Name = jsm-latop | Source = ipnathlp | ID = 34001
    Description = The ICS_IPV6 failed to configure IPv6 stack.


    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O15 - HKLM\..Trusted Domains: iplservices.voca.com ([]https in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. captainiom

    captainiom TS Rookie Topic Starter Posts: 21

    overnight bsod

    Not such good news this morning. 0500 woke up to find BSOD with D1 stop and pointer to athrusb.sys which I think is the Atheros built in wifi driver by Medion. On restart there is a constant attempt by O/S to install some driver for unidentified device which fails. Round and round.
    Nevertheless I will continue with latest instructions in the hope that it is mended within the fixes.
     
  15. captainiom

    captainiom TS Rookie Topic Starter Posts: 21

    final scans

    All scans run as instructed, output files follow. O/S continued to try and install a driver to an unidentified unplued device until about 10 minutes before eset completed.

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\iplservices.voca.com\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    File oft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: consultancy
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: dollar
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    User: estates
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    User: group
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Opera cache emptied: 1171080 bytes

    User: mannin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 4581104 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 57064 bytes

    User: personal
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: User
    ->Temp folder emptied: 5708961 bytes
    ->Temporary Internet Files folder emptied: 266915547 bytes
    ->Java cache emptied: 0 bytes
    ->Opera cache emptied: 3390630 bytes
    ->Flash cache emptied: 1548 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 22687 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 269.00 mb


    [EMPTYJAVA]

    User: All Users

    User: consultancy
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: dollar
    ->Java cache emptied: 0 bytes

    User: estates
    ->Java cache emptied: 0 bytes

    User: group
    ->Java cache emptied: 0 bytes

    User: mannin
    ->Java cache emptied: 0 bytes

    User: personal
    ->Java cache emptied: 0 bytes

    User: Public

    User: User
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: consultancy
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: dollar
    ->Flash cache emptied: 0 bytes

    User: estates
    ->Flash cache emptied: 0 bytes

    User: group

    User: mannin
    ->Flash cache emptied: 0 bytes

    User: personal
    ->Flash cache emptied: 0 bytes

    User: Public

    User: User
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.35.0 log created on 03052012_101612

    Files\Folders moved on Reboot...
    C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PLZ8WA00\ads[11].htm moved successfully.
    C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KVI9T78S\bizo_multi[1].htm moved successfully.
    C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4C5HGKSP\918[1].htm moved successfully.
    C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4C5HGKSP\partner[3].htm moved successfully.
    C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4C5HGKSP\partner[4].htm moved successfully.
    C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3QHQGHXA\partner[1].htm moved successfully.
    C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    File move failed. C:\Windows\temp\WebEx\Log\35\atashost.log scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    java updated and old files deleted

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    CCleaner
    Java(TM) 6 Update 31
    Adobe Flash Player ( 9.0.45.0) Flash Player Out of Date!
    Adobe Reader X (10.1.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Gemalto Classic Client BIN GslShmSrvc.exe
    Microsoft Security Client Antimalware NisSrv.exe
    Gemalto Classic Client BIN RegTool.exe
    ``````````End of Log````````````


    Farbar Service Scanner Version: 01-03-2012
    Ran by User (administrator) on 05-03-2012 at 10:43:20
    Running from "C:\Users\User\Downloads"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2011-11-15 11:31] - [2011-09-20 21:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****

    TFC ran OK no log

    eset ran for 2hrs 10 mins, 172466 files no threats found so no log.

    Phew..................
    regards


    stuart mckenzie
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    1. Download BlueScreenView
    No installation required.
    Double click on BlueScreenView.exe file to run the program.
    When scanning is done, go Edit>Select All.
    Go File>Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

    2. Please download MiniToolBox and run it.

    Checkmark following boxes:
    • List Devices (do NOT change any settings)
    Click Go and post the result.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I asked:
    List Devices (do NOT change any settings), so only troubled devices are shown.
    Please redo.
     
  18. captainiom

    captainiom TS Rookie Topic Starter Posts: 21

    re run of toolbox list devices

    That is exactly what I did. Download and click list devices leavin optins unicked. I have redone and lo is exactly same as I sent o you previous post. I confirm that only radio button shwin was that for troubled devices. Herewith:-

    MiniToolBox by Farbar Version: 18-01-2012
    Ran by User (administrator) on 06-03-2012 at 08:48:29
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Devices: ================================


    **** End of log ****
    Regards
    jsm
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I still need BlueScreenView log.

    Also, do you have any errors listed in Device Manager?
     
  20. captainiom

    captainiom TS Rookie Topic Starter Posts: 21

    bluescreenview log sent in three parts due size two days ago
    no errors showing in device manager
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I don't see any log.
     
  22. captainiom

    captainiom TS Rookie Topic Starter Posts: 21

    Filename : athrusb.sys
    Address In Stack : athrusb.sys+5f99f
    From Address : 0x8c2bf000
    To Address : 0x8c3a0000
    Size : 0x000e1000
    Time Stamp : 0x488f10de
    Time String : 29/07/2008 12:45:18
    Product Name : Driver for Atheros Wireless USB Network Adapter
    File Description : Atheros Extensible Wireless LAN device driver
    File Version : 2.2.0.27 built by: WinDDK
    Company : Atheros Communications, Inc.
    Full Path : C:\Windows\system32\drivers\athrusb.sys
    ==================================================

    ==================================================
    Filename : ndis.sys
    Address In Stack : ndis.sys+3743
    From Address : 0x82679000
    To Address : 0x82784000
    Size : 0x0010b000
    Time Stamp : 0x49e02080
    Time String : 11/04/2009 04:45:52
    Product Name : Microsoft® Windows® Operating System
    File Description : NDIS 6.0 wrapper driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\ndis.sys
    ==================================================

    ==================================================
    Filename : ntkrnlpa.exe
    Address In Stack : ntkrnlpa.exe+fe39bbf4
    From Address : 0x82051000
    To Address : 0x8240b000
    Size : 0x003ba000
    Time Stamp : 0x4ea6b87e
    Time String : 25/10/2011 13:24:14
    Product Name : Microsoft® Windows® Operating System
    File Description : NT Kernel & System
    File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\ntkrnlpa.exe
    ==================================================

    ==================================================
    Filename : nwifi.sys
    Address In Stack : nwifi.sys+5035
    From Address : 0x9d6c4000
    To Address : 0x9d6ee000
    Size : 0x0002a000
    Time Stamp : 0x49e01fef
    Time String : 11/04/2009 04:43:27
    Product Name : Microsoft® Windows® Operating System
    File Description : NativeWiFi Miniport Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\nwifi.sys
    ==================================================

    ==================================================
    Filename : USBPORT.SYS
    Address In Stack : USBPORT.SYS+f4ce8c64
    From Address : 0x8b704000
    To Address : 0x8b742000
    Size : 0x0003e000
    Time Stamp : 0x49e01fcf
    Time String : 11/04/2009 04:42:55
    Product Name : Microsoft® Windows® Operating System
    File Description : USB 1.1 & 2.0 Port Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\USBPORT.SYS
    ==================================================

    ==================================================
    Filename : Wdf01000.sys
    Address In Stack : Wdf01000.sys+ffe9cba4
    From Address : 0x80550000
    To Address : 0x805cc000
    Size : 0x0007c000
    Time Stamp : 0x47919015
    Time String : 19/01/2008 05:52:21
    Product Name : Microsoft® Windows® Operating System
    File Description : WDF Dynamic
    File Version : 1.7.6001.0 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\Wdf01000.sys
    ==================================================

    ==================================================
    Filename : hal.dll
    Address In Stack :
    From Address : 0x8201e000
    To Address : 0x82051000
    Size : 0x00033000
    Time Stamp : 0x49e018d9
    Time String : 11/04/2009 04:13:13
    Product Name : Microsoft® Windows® Operating System
    File Description : Hardware Abstraction Layer DLL
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\hal.dll
    ==================================================

    ==================================================
    Filename : kdcom.dll
    Address In Stack :
    From Address : 0x8040f000
    To Address : 0x80416000
    Size : 0x00007000
    Time Stamp : 0x49e037d9
    Time String : 11/04/2009 06:25:29
    Product Name : Microsoft® Windows® Operating System
    File Description : Kernel Debugger HW Extension DLL
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\kdcom.dll
    ==================================================

    ==================================================
    Filename : PSHED.dll
    Address In Stack :
    From Address : 0x80416000
    To Address : 0x80427000
    Size : 0x00011000
    Time Stamp : 0x49e037dc
    Time String : 11/04/2009 06:25:32
    Product Name : Microsoft® Windows® Operating System
    File Description : Platform Specific Hardware Error Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\PSHED.dll
    ==================================================

    ==================================================
    Filename : BOOTVID.dll
    Address In Stack :
    From Address : 0x80427000
    To Address : 0x8042f000
    Size : 0x00008000
    Time Stamp : 0x4791a653
    Time String : 19/01/2008 07:27:15
    Product Name : Microsoft® Windows® Operating System
    File Description : VGA Boot Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\BOOTVID.dll
    ==================================================

    ==================================================
    Filename : CLFS.SYS
    Address In Stack :
    From Address : 0x8042f000
    To Address : 0x80470000
    Size : 0x00041000
    Time Stamp : 0x49e018ff
    Time String : 11/04/2009 04:13:51
    Product Name : Microsoft® Windows® Operating System
    File Description : Common Log File System Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\CLFS.SYS
    ==================================================

    ==================================================
    Filename : CI.dll
    Address In Stack :
    From Address : 0x80470000
    To Address : 0x80550000
    Size : 0x000e0000
    Time Stamp : 0x49e037d2
    Time String : 11/04/2009 06:25:22
    Product Name : Microsoft® Windows® Operating System
    File Description : Code Integrity Module
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\CI.dll
    ==================================================

    ==================================================
    Filename : WDFLDR.SYS
    Address In Stack :
    From Address : 0x805cc000
    To Address : 0x805d9000
    Size : 0x0000d000
    Time Stamp : 0x47919013
    Time String : 19/01/2008 05:52:19
    Product Name : Microsoft® Windows® Operating System
    File Description : WDFLDR
    File Version : 1.7.6001.0 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\WDFLDR.SYS
    ==================================================

    ==================================================
    Filename : acpi.sys
    Address In Stack :
    From Address : 0x8060d000
    To Address : 0x80653000
    Size : 0x00046000
    Time Stamp : 0x49e01a37
    Time String : 11/04/2009 04:19:03
    Product Name : Microsoft® Windows® Operating System
    File Description : ACPI Driver for NT
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\acpi.sys
    ==================================================

    ==================================================
    Filename : WMILIB.SYS
    Address In Stack :
    From Address : 0x80653000
    To Address : 0x8065c000
    Size : 0x00009000
    Time Stamp : 0x47919044
    Time String : 19/01/2008 05:53:08
    Product Name : Microsoft® Windows® Operating System
    File Description : WMILIB WMI support library Dll
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\WMILIB.SYS
    ==================================================

    ==================================================
    Filename : msisadrv.sys
    Address In Stack :
    From Address : 0x8065c000
    To Address : 0x80664000
    Size : 0x00008000
    Time Stamp : 0x47918b83
    Time String : 19/01/2008 05:32:51
    Product Name : Microsoft® Windows® Operating System
    File Description : ISA Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\msisadrv.sys
    ==================================================

    ==================================================
    Filename : pci.sys
    Address In Stack :
    From Address : 0x80664000
    To Address : 0x8068b000
    Size : 0x00027000
    Time Stamp : 0x49e01a44
    Time String : 11/04/2009 04:19:16
    Product Name : Microsoft® Windows® Operating System
    File Description : NT Plug and Play PCI Enumerator
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\pci.sys
    ==================================================

    ==================================================
    Filename : partmgr.sys
    Address In Stack :
    From Address : 0x8068b000
    To Address : 0x8069a000
    Size : 0x0000f000
    Time Stamp : 0x49e01ef7
    Time String : 11/04/2009 04:39:19
    Product Name : Microsoft® Windows® Operating System
    File Description : Partition Management Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\partmgr.sys
    ==================================================

    ==================================================
    Filename : compbatt.sys
    Address In Stack :
    From Address : 0x8069a000
    To Address : 0x8069c900
    Size : 0x00002900
    Time Stamp : 0x47918b7f
    Time String : 19/01/2008 05:32:47
    Product Name : Microsoft® Windows® Operating System
    File Description : Composite Battery Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\compbatt.sys
    ==================================================

    ==================================================
    Filename : BATTC.SYS
    Address In Stack :
    From Address : 0x8069d000
    To Address : 0x806a7000
    Size : 0x0000a000
    Time Stamp : 0x47918b7d
    Time String : 19/01/2008 05:32:45
    Product Name : Microsoft® Windows® Operating System
    File Description : Battery Class Driver
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\BATTC.SYS
    ==================================================

    ==================================================
    Filename : volmgr.sys
    Address In Stack :
    From Address : 0x806a7000
    To Address : 0x806b6000
    Size : 0x0000f000
    Time Stamp : 0x47918f7f
    Time String : 19/01/2008 05:49:51
    Product Name : Microsoft® Windows® Operating System
    File Description : Volume Manager Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\volmgr.sys
    ==================================================

    ==================================================
    Filename : volmgrx.sys
    Address In Stack :
    From Address : 0x806b6000
    To Address : 0x80700000
    Size : 0x0004a000
    Time Stamp : 0x49e01efd
    Time String : 11/04/2009 04:39:25
    Product Name : Microsoft® Windows® Operating System
    File Description : Volume Manager Extension Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\volmgrx.sys
    ==================================================

    ==================================================
    Filename : pciide.sys
    Address In Stack :
    From Address : 0x80700000
    To Address : 0x80707000
    Size : 0x00007000
    Time Stamp : 0x49e01eee
    Time String : 11/04/2009 04:39:10
    Product Name : Microsoft® Windows® Operating System
    File Description : Generic PCI IDE Bus Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\pciide.sys
    ==================================================

    ==================================================
    Filename : PCIIDEX.SYS
    Address In Stack :
    From Address : 0x80707000
    To Address : 0x80715000
    Size : 0x0000e000
    Time Stamp : 0x49e01eed
    Time String : 11/04/2009 04:39:09
    Product Name : Microsoft® Windows® Operating System
    File Description : PCI IDE Bus Driver Extension
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\PCIIDEX.SYS
    ==================================================

    ==================================================
    Filename : mountmgr.sys
    Address In Stack :
    From Address : 0x80715000
    To Address : 0x80725000
    Size : 0x00010000
    Time Stamp : 0x47918f59
    Time String : 19/01/2008 05:49:13
    Product Name : Microsoft® Windows® Operating System
    File Description : Mount Point Manager
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\mountmgr.sys
    ==================================================

    ==================================================
    Filename : atapi.sys
    Address In Stack :
    From Address : 0x80725000
    To Address : 0x8072d000
    Size : 0x00008000
    Time Stamp : 0x49e01eed
    Time String : 11/04/2009 04:39:09
    Product Name : Microsoft® Windows® Operating System
    File Description : ATAPI IDE Miniport Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\atapi.sys
    ==================================================

    ==================================================
    Filename : ataport.SYS
    Address In Stack :
    From Address : 0x8072d000
    To Address : 0x8074b000
    Size : 0x0001e000
    Time Stamp : 0x49e01eee
    Time String : 11/04/2009 04:39:10
    Product Name : Microsoft® Windows® Operating System
    File Description : ATAPI Driver Extension
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\ataport.SYS
    ==================================================

    ==================================================
    Filename : nvstor.sys
    Address In Stack :
    From Address : 0x8074b000
    To Address : 0x80758000
    Size : 0x0000d000
    Time Stamp : 0x458d543d
    Time String : 23/12/2006 16:07:25
    Product Name : NVIDIA nForce(TM) SATA Driver
    File Description : NVIDIA® nForce(TM) Sata Performance Driver
    File Version : 5.10.2600.0824 built by: WinDDK
    Company : NVIDIA Corporation
    Full Path : C:\Windows\system32\drivers\nvstor.sys
    ==================================================

    ==================================================
    Filename : storport.sys
    Address In Stack :
    From Address : 0x80758000
    To Address : 0x80799000
    Size : 0x00041000
    Time Stamp : 0x49e01ef7
    Time String : 11/04/2009 04:39:19
    Product Name : Microsoft® Windows® Operating System
    File Description : Microsoft Storage Port Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\storport.sys
    ==================================================

    ==================================================
    Filename : nvstor32.sys
    Address In Stack :
    From Address : 0x80799000
    To Address : 0x807b6000
    Size : 0x0001d000
    Time Stamp : 0x46bb58d8
    Time String : 09/08/2007 18:11:36
    Product Name : NVIDIA nForce(TM) SATA Driver
    File Description : NVIDIA® nForce(TM) Sata Performance Driver
    File Version : 5.10.2600.0998 built by: WinDDK
    Company : NVIDIA Corporation
    Full Path : C:\Windows\system32\drivers\nvstor32.sys
    ==================================================

    ==================================================
    Filename : fltmgr.sys
    Address In Stack :
    From Address : 0x807b6000
    To Address : 0x807e8000
    Size : 0x00032000
    Time Stamp : 0x49e01907
    Time String : 11/04/2009 04:13:59
    Product Name : Microsoft® Windows® Operating System
    File Description : Microsoft Filesystem Filter Manager
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\fltmgr.sys
    ==================================================

    ==================================================
    Filename : fileinfo.sys
    Address In Stack :
    From Address : 0x807e8000
    To Address : 0x807f8000
    Size : 0x00010000
    Time Stamp : 0x47918be3
    Time String : 19/01/2008 05:34:27
    Product Name : Microsoft® Windows® Operating System
    File Description : FileInfo Filter Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\fileinfo.sys
    ==================================================

    ==================================================
    Filename : ksecdd.sys
    Address In Stack :
    From Address : 0x82607000
    To Address : 0x82679000
    Size : 0x00072000
    Time Stamp : 0x4ec3c4cc
    Time String : 16/11/2011 14:12:28
    Product Name : Microsoft® Windows® Operating System
    File Description : Kernel Security Support Provider Interface
    File Version : 6.0.6002.18541 (vistasp2_gdr.111116-0305)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\ksecdd.sys
    ==================================================

    ==================================================
    Filename : msrpc.sys
    Address In Stack :
    From Address : 0x82784000
    To Address : 0x827af000
    Size : 0x0002b000
    Time Stamp : 0x00000000
    Time String :
    Product Name : Microsoft® Windows® Operating System
    File Description : Kernel Remote Procedure Call Provider
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\msrpc.sys
    ==================================================

    ==================================================
    Filename : NETIO.SYS
    Address In Stack :
    From Address : 0x827af000
    To Address : 0x827ea000
    Size : 0x0003b000
    Time Stamp : 0x4bb9fe78
    Time String : 05/04/2010 15:15:04
    Product Name : Microsoft® Windows® Operating System
    File Description : Network I/O Subsystem
    File Version : 6.0.6002.22377 (vistasp2_ldr.100405-0403)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\NETIO.SYS
    ==================================================

    ==================================================
    Filename : tcpip.sys
    Address In Stack :
    From Address : 0x82c0f000
    To Address : 0x82cfc000
    Size : 0x000ed000
    Time Stamp : 0x4e78992c
    Time String : 20/09/2011 13:46:20
    Product Name : Microsoft® Windows® Operating System
    File Description : TCP/IP Driver
    File Version : 6.0.6002.22719 (vistasp2_ldr.110920-0346)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\tcpip.sys
    ==================================================

    ==================================================
    Filename : fwpkclnt.sys
    Address In Stack :
    From Address : 0x82cfc000
    To Address : 0x82d17000
    Size : 0x0001b000
    Time Stamp : 0x49e02076
    Time String : 11/04/2009 04:45:42
    Product Name : Microsoft® Windows® Operating System
    File Description : FWP/IPsec Kernel-Mode API
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\fwpkclnt.sys
    ==================================================

    ==================================================
    Filename : Ntfs.sys
    Address In Stack :
    From Address : 0x82e00000
    To Address : 0x82f10000
    Size : 0x00110000
    Time Stamp : 0x49e0192a
    Time String : 11/04/2009 04:14:34
    Product Name : Microsoft® Windows® Operating System
    File Description : NT File System Driver
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\Ntfs.sys
    ==================================================

    ==================================================
    Filename : volsnap.sys
    Address In Stack :
    From Address : 0x82f10000
    To Address : 0x82f49000
    Size : 0x00039000
    Time Stamp : 0x49e01f09
    Time String : 11/04/2009 04:39:37
    Product Name : Microsoft® Windows® Operating System
    File Description : Volume Shadow Copy Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\volsnap.sys
    ==================================================

    ==================================================
    Filename : uagp35.sys
    Address In Stack :
    From Address : 0x82f49000
    To Address : 0x82f5a000
    Size : 0x00011000
    Time Stamp : 0x4549adbb
    Time String : 02/11/2006 08:35:07
    Product Name : Microsoft® Windows® Operating System
    File Description : MS AGPv3.5 Filter
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\uagp35.sys
    ==================================================

    ==================================================
    Filename : spldr.sys
    Address In Stack :
    From Address : 0x82f5a000
    To Address : 0x82f62000
    Size : 0x00008000
    Time Stamp : 0x467b17dd
    Time String : 22/06/2007 00:29:17
    Product Name : Microsoft® Windows® Operating System
    File Description : loader for security processor
    File Version : 6.0.6001.16606 (lh_security(sepbld-s).070621-1657)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\spldr.sys
    ==================================================

    ==================================================
    Filename : mup.sys
    Address In Stack :
    From Address : 0x82f62000
    To Address : 0x82f71000
    Size : 0x0000f000
    Time Stamp : 0x49e01914
    Time String : 11/04/2009 04:14:12
    Product Name : Microsoft® Windows® Operating System
    File Description : Multiple UNC Provider driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\mup.sys
    ==================================================

    ==================================================
    Filename : ecache.sys
    Address In Stack :
    From Address : 0x82f71000
    To Address : 0x82f98000
    Size : 0x00027000
    Time Stamp : 0x49e01f2c
    Time String : 11/04/2009 04:40:12
    Product Name : Microsoft® Windows® Operating System
    File Description : Special Memory Device Cache
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\ecache.sys
    ==================================================

    ==================================================
    Filename : disk.sys
    Address In Stack :
    From Address : 0x82f98000
    To Address : 0x82fa9000
    Size : 0x00011000
    Time Stamp : 0x49e01ef2
    Time String : 11/04/2009 04:39:14
    Product Name : Microsoft® Windows® Operating System
    File Description : PnP Disk Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\disk.sys
    ==================================================

    ==================================================
    Filename : CLASSPNP.SYS
    Address In Stack :
    From Address : 0x82fa9000
    To Address : 0x82fca000
    Size : 0x00021000
    Time Stamp : 0x49e01ee9
    Time String : 11/04/2009 04:39:05
    Product Name : Microsoft® Windows® Operating System
    File Description : SCSI Class System Dll
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\CLASSPNP.SYS
    ==================================================

    ==================================================
    Filename : crcdisk.sys
    Address In Stack :
    From Address : 0x82fca000
    To Address : 0x82fd3000
    Size : 0x00009000
    Time Stamp : 0x4549b1cb
    Time String : 02/11/2006 08:52:27
    Product Name : Microsoft® Windows® Operating System
    File Description : Disk Block Verification Filter Driver
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\crcdisk.sys
    ==================================================

    ==================================================
    Filename : tunnel.sys
    Address In Stack :
    From Address : 0x82fea000
    To Address : 0x82ff5000
    Size : 0x0000b000
    Time Stamp : 0x4b7d244d
    Time String : 18/02/2010 11:28:13
    Product Name : Microsoft® Windows® Operating System
    File Description : Microsoft Tunnel Interface Driver
    File Version : 6.0.6002.18209 (vistasp2_gdr.100218-0019)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\tunnel.sys
    ==================================================

    ==================================================
    Filename : tunmp.sys
    Address In Stack :
    From Address : 0x82ff5000
    To Address : 0x82ffe000
    Size : 0x00009000
    Time Stamp : 0x479190dc
    Time String : 19/01/2008 05:55:40
    Product Name : Microsoft® Windows® Operating System
    File Description : Microsoft Tunnel Interface Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\tunmp.sys
    ==================================================

    ==================================================
    Filename : amdk8.sys
    Address In Stack :
    From Address : 0x82d34000
    To Address : 0x82d44000
    Size : 0x00010000
    Time Stamp : 0x47918a38
    Time String : 19/01/2008 05:27:20
    Product Name : Microsoft® Windows® Operating System
    File Description : Processor Device Driver
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\amdk8.sys
    ==================================================

    ==================================================
    Filename : wmiacpi.sys
    Address In Stack :
    From Address : 0x82d44000
    To Address : 0x82d4d000
    Size : 0x00009000
    Time Stamp : 0x47918b7f
    Time String : 19/01/2008 05:32:47
    Product Name : Microsoft® Windows® Operating System
    File Description : Windows Management Interface for ACPI
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\wmiacpi.sys
    ==================================================

    ==================================================
    Filename : nvlddmkm.sys
    Address In Stack :
    From Address : 0x8b20c000
    To Address : 0x8b64afc0
    Size : 0x0043efc0
    Time Stamp : 0x45a91e5d
    Time String : 13/01/2007 18:01:01
    Product Name : NVIDIA Compatible Windows 2000 Miniport Driver, Version 97.59
    File Description : NVIDIA Compatible Windows 2000 Miniport Driver, Version 97.59
    File Version : 7.15.10.9759
    Company : NVIDIA Corporation
    Full Path : C:\Windows\system32\drivers\nvlddmkm.sys
    ==================================================

    ==================================================
    Filename : dxgkrnl.sys
    Address In Stack :
    From Address : 0x8b64b000
    To Address : 0x8b6eb000
    Size : 0x000a0000
    Time Stamp : 0x4d383dc1
    Time String : 20/01/2011 13:50:57
    Product Name : Microsoft® Windows® Operating System
    File Description : DirectX Graphics Kernel
    File Version : 7.0.6002.18107 (vistasp2_gdr_win7ip_dgt(wmbla).090924-1550)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\dxgkrnl.sys
    ==================================================

    ==================================================
    Filename : watchdog.sys
    Address In Stack :
    From Address : 0x8b6eb000
    To Address : 0x8b6f7000
    Size : 0x0000c000
    Time Stamp : 0x49e01b13
    Time String : 11/04/2009 04:22:43
    Product Name : Microsoft® Windows® Operating System
    File Description : Watchdog Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\watchdog.sys
    ==================================================

    ==================================================
    Filename : nvsmu.sys
    Address In Stack :
    From Address : 0x8b6f7000
    To Address : 0x8b6f9d00
    Size : 0x00002d00
    Time Stamp : 0x450aca51
    Time String : 15/09/2006 15:44:17
    Product Name : NVIDIA nForce(TM) PCA Driver
    File Description : NVIDIA® nForce(TM) SMU Microcontroller Driver
    File Version : 5.10.2600.0121 built by: WinDDK
    Company : NVIDIA Corporation
    Full Path : C:\Windows\system32\drivers\nvsmu.sys
    ==================================================

    ==================================================
    Filename : usbohci.sys
    Address In Stack :
    From Address : 0x8b6fa000
    To Address : 0x8b704000
    Size : 0x0000a000
    Time Stamp : 0x49e01fcc
    Time String : 11/04/2009 04:42:52
    Product Name : Microsoft® Windows® Operating System
    File Description : OHCI USB Miniport Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\usbohci.sys
    ==================================================

    ==================================================
    Filename : usbehci.sys
    Address In Stack :
    From Address : 0x8b742000
    To Address : 0x8b751000
    Size : 0x0000f000
    Time Stamp : 0x49e01fcc
    Time String : 11/04/2009 04:42:52
    Product Name : Microsoft® Windows® Operating System
    File Description : EHCI eUSB Miniport Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\usbehci.sys
    ==================================================

    ==================================================
    Filename : Afc.sys
    Address In Stack :
    From Address : 0x8b751000
    To Address : 0x8b759000
    Size : 0x00008000
    Time Stamp : 0x421c29af
    Time String : 23/02/2005 06:58:55
    Product Name : Arcsoft(R) ASPI Shell
    File Description : Arcsoft(R) ASPI Shell
    File Version : 1, 0, 0, 2
    Company : Arcsoft, Inc.
    Full Path : C:\Windows\system32\drivers\Afc.sys
    ==================================================

    ==================================================
    Filename : cdrom.sys
    Address In Stack :
    From Address : 0x8b759000
    To Address : 0x8b771000
    Size : 0x00018000
    Time Stamp : 0x49e01ef5
    Time String : 11/04/2009 04:39:17
    Product Name : Microsoft® Windows® Operating System
    File Description : SCSI CD-ROM Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\cdrom.sys
    ==================================================

    ==================================================
    Filename : ohci1394.sys
    Address In Stack :
    From Address : 0x8b771000
    To Address : 0x8b780300
    Size : 0x0000f300
    Time Stamp : 0x49e01fd8
    Time String : 11/04/2009 04:43:04
    Product Name : Microsoft® Windows® Operating System
    File Description : 1394 OpenHCI Port Driver
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\ohci1394.sys
    ==================================================

    ==================================================
    Filename : 1394BUS.SYS
    Address In Stack :
    From Address : 0x8b781000
    To Address : 0x8b78e080
    Size : 0x0000d080
    Time Stamp : 0x47919057
    Time String : 19/01/2008 05:53:27
    Product Name : Microsoft® Windows® Operating System
    File Description : 1394 Bus Device Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\1394BUS.SYS
    ==================================================

    ==================================================
    Filename : sdbus.sys
    Address In Stack :
    From Address : 0x8b78f000
    To Address : 0x8b7a9000
    Size : 0x0001a000
    Time Stamp : 0x49e01a42
    Time String : 11/04/2009 04:19:14
    Product Name : Microsoft® Windows® Operating System
    File Description : SecureDigital Bus Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\sdbus.sys
    ==================================================

    ==================================================
    Filename : rimmptsk.sys
    Address In Stack :
    From Address : 0x8b7a9000
    To Address : 0x8b7b7000
    Size : 0x0000e000
    Time Stamp : 0x455accd7
    Time String : 15/11/2006 08:16:23
    Product Name : RICOH MMC Driver
    File Description : RICOH MMC Driver
    File Version : 6.0.1.4
    Company : REDC
    Full Path : C:\Windows\system32\drivers\rimmptsk.sys
    ==================================================

    ==================================================
    Filename : rimsptsk.sys
    Address In Stack :
    From Address : 0x8b7b7000
    To Address : 0x8b7cb000
    Size : 0x00014000
    Time Stamp : 0x455a8cb5
    Time String : 15/11/2006 03:42:45
    Product Name : Ricoh Memorystick Controller
    File Description : RICOH MS Driver
    File Version : 6.00.01.04
    Company : REDC
    Full Path : C:\Windows\system32\drivers\rimsptsk.sys
    ==================================================

    ==================================================
    Filename : rixdptsk.sys
    Address In Stack :
    From Address : 0x82d4d000
    To Address : 0x82d9e000
    Size : 0x00051000
    Time Stamp : 0x455a6ed7
    Time String : 15/11/2006 01:35:19
    Product Name : R5C852 Ricoh xD Controller
    File Description : RICOH XD SM Driver
    File Version : 6.00.01.05
    Company : REDC
    Full Path : C:\Windows\system32\drivers\rixdptsk.sys
    ==================================================

    ==================================================
    Filename : HDAudBus.sys
    Address In Stack :
    From Address : 0x8b80e000
    To Address : 0x8b89b000
    Size : 0x0008d000
    Time Stamp : 0x49e01fc1
    Time String : 11/04/2009 04:42:41
    Product Name : Microsoft® Windows® Operating System
    File Description : High Definition Audio Bus Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\HDAudBus.sys
    ==================================================

    ==================================================
    Filename : nvmfdx32.sys
    Address In Stack :
    From Address : 0x8b89b000
    To Address : 0x8b99a600
    Size : 0x000ff600
    Time Stamp : 0x489357fd
    Time String : 01/08/2008 18:37:49
    Product Name : NVIDIA Networking Driver
    File Description : NVIDIA MCP Networking Function Driver.
    File Version : 1.00.01.06789
    Company : NVIDIA Corporation
    Full Path : C:\Windows\system32\drivers\nvmfdx32.sys
    ==================================================

    ==================================================
    Filename : i8042prt.sys
    Address In Stack :
    From Address : 0x8b99b000
    To Address : 0x8b9ae000
    Size : 0x00013000
    Time Stamp : 0x47918f5d
    Time String : 19/01/2008 05:49:17
    Product Name : Microsoft® Windows® Operating System
    File Description : i8042 Port Driver
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\i8042prt.sys
    ==================================================

    ==================================================
    Filename : kbdclass.sys
    Address In Stack :
    From Address : 0x8b9ae000
    To Address : 0x8b9b9000
    Size : 0x0000b000
    Time Stamp : 0x47918f5a
    Time String : 19/01/2008 05:49:14
    Product Name : Microsoft® Windows® Operating System
    File Description : Keyboard Class Driver
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\kbdclass.sys
    ==================================================

    ==================================================
    Filename : SynTP.sys
    Address In Stack :
    From Address : 0x8b9b9000
    To Address : 0x8b9e3d80
    Size : 0x0002ad80
    Time Stamp : 0x45d53809
    Time String : 16/02/2007 04:50:17
    Product Name : Synaptics Pointing Device Driver
    File Description : Synaptics Touchpad Driver
    File Version : 9.1.17 15Feb07
    Company : Synaptics, Inc.
    Full Path : C:\Windows\system32\drivers\SynTP.sys
    ==================================================

    ==================================================
    Filename : USBD.SYS
    Address In Stack :
    From Address : 0x8b9e4000
    To Address : 0x8b9e5700
    Size : 0x00001700
    Time Stamp : 0x4791904d
    Time String : 19/01/2008 05:53:17
    Product Name : Microsoft® Windows® Operating System
    File Description : Universal Serial Bus Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\USBD.SYS
    ==================================================

    ==================================================
    Filename : mouclass.sys
    Address In Stack :
    From Address : 0x8b9e6000
    To Address : 0x8b9f1000
    Size : 0x0000b000
    Time Stamp : 0x47918f5a
    Time String : 19/01/2008 05:49:14
    Product Name : Microsoft® Windows® Operating System
    File Description : Mouse Class Driver
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\mouclass.sys
    ==================================================

    ==================================================
    Filename : CmBatt.sys
    Address In Stack :
    From Address : 0x8b9f1000
    To Address : 0x8b9f4780
    Size : 0x00003780
    Time Stamp : 0x47918b7f
    Time String : 19/01/2008 05:32:47
    Product Name : Microsoft® Windows® Operating System
    File Description : Control Method Battery Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\CmBatt.sys
    ==================================================

    ==================================================
    Filename : msiscsi.sys
    Address In Stack :
    From Address : 0x8b7cb000
    To Address : 0x8b7fa000
    Size : 0x0002f000
    Time Stamp : 0x49e01f27
    Time String : 11/04/2009 04:40:07
    Product Name : Microsoft® Windows® Operating System
    File Description : Microsoft iSCSI Initiator Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\msiscsi.sys
    ==================================================

    ==================================================
    Filename : TDI.SYS
    Address In Stack :
    From Address : 0x8b9f5000
    To Address : 0x8ba00000
    Size : 0x0000b000
    Time Stamp : 0x47919136
    Time String : 19/01/2008 05:57:10
    Product Name : Microsoft® Windows® Operating System
    File Description : TDI Wrapper
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\TDI.SYS
    ==================================================

    ==================================================
    Filename : rasl2tp.sys
    Address In Stack :
    From Address : 0x82d9e000
    To Address : 0x82db5000
    Size : 0x00017000
    Time Stamp : 0x47919111
    Time String : 19/01/2008 05:56:33
    Product Name : Microsoft® Windows® Operating System
    File Description : RAS L2TP mini-port/call-manager driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\rasl2tp.sys
    ==================================================

    ==================================================
    Filename : ndistapi.sys
    Address In Stack :
    From Address : 0x8b800000
    To Address : 0x8b80b000
    Size : 0x0000b000
    Time Stamp : 0x47919108
    Time String : 19/01/2008 05:56:24
    Product Name : Microsoft® Windows® Operating System
    File Description : NDIS 3.0 connection wrapper driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\ndistapi.sys
    ==================================================

    ==================================================
    Filename : ndiswan.sys
    Address In Stack :
    From Address : 0x82db5000
    To Address : 0x82dd8000
    Size : 0x00023000
    Time Stamp : 0x49e020a7
    Time String : 11/04/2009 04:46:31
    Product Name : Microsoft® Windows® Operating System
    File Description : MS PPP Framing Driver (Strong Encryption)
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\ndiswan.sys
    ==================================================

    ==================================================
    Filename : raspppoe.sys
    Address In Stack :
    From Address : 0x82dd8000
    To Address : 0x82de7000
    Size : 0x0000f000
    Time Stamp : 0x49e020a6
    Time String : 11/04/2009 04:46:30
    Product Name : Microsoft® Windows® Operating System
    File Description : RAS PPPoE mini-port/call-manager driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\raspppoe.sys
    ==================================================

    ==================================================
    Filename : raspptp.sys
    Address In Stack :
    From Address : 0x82de7000
    To Address : 0x82dfb000
    Size : 0x00014000
    Time Stamp : 0x47919112
    Time String : 19/01/2008 05:56:34
    Product Name : Microsoft® Windows® Operating System
    File Description : Peer-to-Peer Tunneling Protocol
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\raspptp.sys
    ==================================================

    ==================================================
    Filename : rassstp.sys
    Address In Stack :
    From Address : 0x827ea000
    To Address : 0x827ff000
    Size : 0x00015000
    Time Stamp : 0x49e020b0
    Time String : 11/04/2009 04:46:40
    Product Name : Microsoft® Windows® Operating System
    File Description : RAS SSTP Miniport Call Manager
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\rassstp.sys
    ==================================================

    ==================================================
    Filename : termdd.sys
    Address In Stack :
    From Address : 0x805d9000
    To Address : 0x805e9000
    Size : 0x00010000
    Time Stamp : 0x49e021c2
    Time String : 11/04/2009 04:51:14
    Product Name : Microsoft® Windows® Operating System
    File Description : Terminal Server Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\termdd.sys
    ==================================================

    ==================================================
    Filename : swenum.sys
    Address In Stack :
    From Address : 0x8b80b000
    To Address : 0x8b80c380
    Size : 0x00001380
    Time Stamp : 0x47918f60
    Time String : 19/01/2008 05:49:20
    Product Name : Microsoft® Windows® Operating System
    File Description : Plug and Play Software Device Enumerator
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\swenum.sys
    ==================================================

    ==================================================
    Filename : ks.sys
    Address In Stack :
    From Address : 0x8bc08000
    To Address : 0x8bc32000
    Size : 0x0002a000
    Time Stamp : 0x49e01ed7
    Time String : 11/04/2009 04:38:47
    Product Name : Microsoft® Windows® Operating System
    File Description : Kernel CSA Library
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\ks.sys
    ==================================================

    ==================================================
    Filename : mssmbios.sys
    Address In Stack :
    From Address : 0x8bc32000
    To Address : 0x8bc3c000
    Size : 0x0000a000
    Time Stamp : 0x47918b87
    Time String : 19/01/2008 05:32:55
    Product Name : Microsoft® Windows® Operating System
    File Description : System Management BIOS Driver
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\mssmbios.sys
    ==================================================

    ==================================================
    Filename : umbus.sys
    Address In Stack :
    From Address : 0x8bc3c000
    To Address : 0x8bc49000
    Size : 0x0000d000
    Time Stamp : 0x47919064
    Time String : 19/01/2008 05:53:40
    Product Name : Microsoft® Windows® Operating System
    File Description : User-Mode Bus Enumerator
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\umbus.sys
    ==================================================
     
  23. captainiom

    captainiom TS Rookie Topic Starter Posts: 21

    ==================================================
    Filename : usbhub.sys
    Address In Stack :
    From Address : 0x8bc49000
    To Address : 0x8bc7e000
    Size : 0x00035000
    Time Stamp : 0x49e01fe2
    Time String : 11/04/2009 04:43:14
    Product Name : Microsoft® Windows® Operating System
    File Description : Default Hub Driver for USB
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\usbhub.sys
    ==================================================

    ==================================================
    Filename : NDProxy.SYS
    Address In Stack :
    From Address : 0x8bc7e000
    To Address : 0x8bc8f000
    Size : 0x00011000
    Time Stamp : 0x4791910c
    Time String : 19/01/2008 05:56:28
    Product Name : Microsoft® Windows® Operating System
    File Description : NDIS Proxy
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\NDProxy.SYS
    ==================================================

    ==================================================
    Filename : RTKVHDA.sys
    Address In Stack :
    From Address : 0x8be0e000
    To Address : 0x8bfb5540
    Size : 0x001a7540
    Time Stamp : 0x45d2a808
    Time String : 14/02/2007 06:11:20
    Product Name : Realtek(r) High Definition Audio Function Driver
    File Description : Realtek(r) High Definition Audio Function Driver
    File Version : 6.0.1.5374 built by: WinDDK
    Company : Realtek Semiconductor Corp.
    Full Path : C:\Windows\system32\drivers\RTKVHDA.sys
    ==================================================

    ==================================================
    Filename : portcls.sys
    Address In Stack :
    From Address : 0x8bfb6000
    To Address : 0x8bfe3000
    Size : 0x0002d000
    Time Stamp : 0x49e01fc8
    Time String : 11/04/2009 04:42:48
    Product Name : Microsoft® Windows® Operating System
    File Description : Port Class (Class Driver for Port/Miniport Devices)
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\portcls.sys
    ==================================================

    ==================================================
    Filename : drmk.sys
    Address In Stack :
    From Address : 0x8bc8f000
    To Address : 0x8bcb4000
    Size : 0x00025000
    Time Stamp : 0x47919e4e
    Time String : 19/01/2008 06:53:02
    Product Name : Microsoft® Windows® Operating System
    File Description : Microsoft Kernel DRM Descrambler Filter
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\drmk.sys
    ==================================================

    ==================================================
    Filename : MpFilter.sys
    Address In Stack :
    From Address : 0x8bcb4000
    To Address : 0x8bcda800
    Size : 0x00026800
    Time Stamp : 0x4d9cb033
    Time String : 06/04/2011 18:25:55
    Product Name : Microsoft Malware Protection
    File Description : Microsoft antimalware file system filter driver
    File Version : 3.0.8239.0
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\MpFilter.sys
    ==================================================

    ==================================================
    Filename : Fs_Rec.SYS
    Address In Stack :
    From Address : 0x8bfe3000
    To Address : 0x8bfec000
    Size : 0x00009000
    Time Stamp : 0x00000000
    Time String :
    Product Name : Microsoft® Windows® Operating System
    File Description : File System Recognizer Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\Fs_Rec.SYS
    ==================================================

    ==================================================
    Filename : Null.SYS
    Address In Stack :
    From Address : 0x8bfec000
    To Address : 0x8bff3000
    Size : 0x00007000
    Time Stamp : 0x00000000
    Time String :
    Product Name : Microsoft® Windows® Operating System
    File Description : NULL Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\Null.SYS
    ==================================================

    ==================================================
    Filename : Beep.SYS
    Address In Stack :
    From Address : 0x8bff3000
    To Address : 0x8bffa000
    Size : 0x00007000
    Time Stamp : 0x47918f56
    Time String : 19/01/2008 05:49:10
    Product Name : Microsoft® Windows® Operating System
    File Description : BEEP Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\Beep.SYS
    ==================================================

    ==================================================
    Filename : vga.sys
    Address In Stack :
    From Address : 0x8be00000
    To Address : 0x8be0c000
    Size : 0x0000c000
    Time Stamp : 0x47919006
    Time String : 19/01/2008 05:52:06
    Product Name : Microsoft® Windows® Operating System
    File Description : VGA/Super VGA Video Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\vga.sys
    ==================================================

    ==================================================
    Filename : VIDEOPRT.SYS
    Address In Stack :
    From Address : 0x8bcdb000
    To Address : 0x8bcfc000
    Size : 0x00021000
    Time Stamp : 0x4791900a
    Time String : 19/01/2008 05:52:10
    Product Name : Microsoft® Windows® Operating System
    File Description : Video Port Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\VIDEOPRT.SYS
    ==================================================

    ==================================================
    Filename : RDPCDD.sys
    Address In Stack :
    From Address : 0x8bcfc000
    To Address : 0x8bd04000
    Size : 0x00008000
    Time Stamp : 0x47919224
    Time String : 19/01/2008 06:01:08
    Product Name : Microsoft® Windows® Operating System
    File Description : RDP Miniport
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\RDPCDD.sys
    ==================================================

    ==================================================
    Filename : rdpencdd.sys
    Address In Stack :
    From Address : 0x8bd04000
    To Address : 0x8bd0c000
    Size : 0x00008000
    Time Stamp : 0x47919225
    Time String : 19/01/2008 06:01:09
    Product Name : Microsoft® Windows® Operating System
    File Description : RDP Miniport
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\rdpencdd.sys
    ==================================================

    ==================================================
    Filename : Msfs.SYS
    Address In Stack :
    From Address : 0x8bd0c000
    To Address : 0x8bd17000
    Size : 0x0000b000
    Time Stamp : 0x00000000
    Time String :
    Product Name : Microsoft® Windows® Operating System
    File Description : Mailslot driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\Msfs.SYS
    ==================================================

    ==================================================
    Filename : Npfs.SYS
    Address In Stack :
    From Address : 0x8bd17000
    To Address : 0x8bd25000
    Size : 0x0000e000
    Time Stamp : 0x49e01909
    Time String : 11/04/2009 04:14:01
    Product Name : Microsoft® Windows® Operating System
    File Description : NPFS Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\Npfs.SYS
    ==================================================

    ==================================================
    Filename : rasacd.sys
    Address In Stack :
    From Address : 0x8bd25000
    To Address : 0x8bd2e000
    Size : 0x00009000
    Time Stamp : 0x4791910f
    Time String : 19/01/2008 05:56:31
    Product Name : Microsoft® Windows® Operating System
    File Description : RAS Automatic Connection Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\rasacd.sys
    ==================================================

    ==================================================
    Filename : tdx.sys
    Address In Stack :
    From Address : 0x8bd2e000
    To Address : 0x8bd44000
    Size : 0x00016000
    Time Stamp : 0x49e02084
    Time String : 11/04/2009 04:45:56
    Product Name : Microsoft® Windows® Operating System
    File Description : TDI Translation Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\tdx.sys
    ==================================================

    ==================================================
    Filename : smb.sys
    Address In Stack :
    From Address : 0x8bd44000
    To Address : 0x8bd58000
    Size : 0x00014000
    Time Stamp : 0x49e02062
    Time String : 11/04/2009 04:45:22
    Product Name : Microsoft® Windows® Operating System
    File Description : SMB Transport driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\smb.sys
    ==================================================

    ==================================================
    Filename : netbt.sys
    Address In Stack :
    From Address : 0x8bd58000
    To Address : 0x8bd8a000
    Size : 0x00032000
    Time Stamp : 0x49e0206f
    Time String : 11/04/2009 04:45:35
    Product Name : Microsoft® Windows® Operating System
    File Description : MBT Transport driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\netbt.sys
    ==================================================

    ==================================================
    Filename : afd.sys
    Address In Stack :
    From Address : 0x8bd8a000
    To Address : 0x8bdd2000
    Size : 0x00048000
    Time Stamp : 0x4db03801
    Time String : 21/04/2011 13:58:25
    Product Name : Microsoft® Windows® Operating System
    File Description : Ancillary Function Driver for WinSock
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\afd.sys
    ==================================================

    ==================================================
    Filename : ws2ifsl.sys
    Address In Stack :
    From Address : 0x8bdd2000
    To Address : 0x8bddb000
    Size : 0x00009000
    Time Stamp : 0x47919121
    Time String : 19/01/2008 05:56:49
    Product Name : Microsoft® Windows® Operating System
    File Description : Winsock2 IFS Layer
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\ws2ifsl.sys
    ==================================================

    ==================================================
    Filename : pacer.sys
    Address In Stack :
    From Address : 0x8bddb000
    To Address : 0x8bdf1000
    Size : 0x00016000
    Time Stamp : 0x49e0207f
    Time String : 11/04/2009 04:45:51
    Product Name : Microsoft® Windows® Operating System
    File Description : QoS Packet Scheduler
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\pacer.sys
    ==================================================

    ==================================================
    Filename : netbios.sys
    Address In Stack :
    From Address : 0x8bdf1000
    To Address : 0x8bdff000
    Size : 0x0000e000
    Time Stamp : 0x479190e1
    Time String : 19/01/2008 05:55:45
    Product Name : Microsoft® Windows® Operating System
    File Description : NetBIOS interface driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\netbios.sys
    ==================================================

    ==================================================
    Filename : wanarp.sys
    Address In Stack :
    From Address : 0x805e9000
    To Address : 0x805fc000
    Size : 0x00013000
    Time Stamp : 0x4791910f
    Time String : 19/01/2008 05:56:31
    Product Name : Microsoft® Windows® Operating System
    File Description : MS Remote Access and Routing ARP Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\wanarp.sys
    ==================================================

    ==================================================
    Filename : rdbss.sys
    Address In Stack :
    From Address : 0x8c20a000
    To Address : 0x8c246000
    Size : 0x0003c000
    Time Stamp : 0x49e01922
    Time String : 11/04/2009 04:14:26
    Product Name : Microsoft® Windows® Operating System
    File Description : Redirected Drive Buffering SubSystem Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\rdbss.sys
    ==================================================

    ==================================================
    Filename : nsiproxy.sys
    Address In Stack :
    From Address : 0x8c246000
    To Address : 0x8c250000
    Size : 0x0000a000
    Time Stamp : 0x479190e6
    Time String : 19/01/2008 05:55:50
    Product Name : Microsoft® Windows® Operating System
    File Description : NSI Proxy
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\nsiproxy.sys
    ==================================================

    ==================================================
    Filename : Hotkey.SYS
    Address In Stack :
    From Address : 0x8c250000
    To Address : 0x8c252120
    Size : 0x00002120
    Time Stamp : 0x3eac9f88
    Time String : 28/04/2003 03:27:04
    Product Name :
    File Description :
    File Version :
    Company :
    Full Path : C:\Windows\system32\drivers\Hotkey.SYS
    ==================================================

    ==================================================
    Filename : dfsc.sys
    Address In Stack :
    From Address : 0x8c253000
    To Address : 0x8c26a000
    Size : 0x00017000
    Time Stamp : 0x4da70bb7
    Time String : 14/04/2011 14:59:03
    Product Name : Microsoft® Windows® Operating System
    File Description : DFS Namespace Client Driver
    File Version : 6.0.6002.18451 (vistasp2_gdr.110414-0338)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\dfsc.sys
    ==================================================

    ==================================================
    Filename : GemCCID.sys
    Address In Stack :
    From Address : 0x8c26a000
    To Address : 0x8c27fe00
    Size : 0x00015e00
    Time Stamp : 0x4a800d82
    Time String : 10/08/2009 12:07:30
    Product Name : USB Smart Card Reader
    File Description : USB Smart Card Reader Driver
    File Version : 4, 0, 8, 0
    Company : Gemalto
    Full Path : C:\Windows\system32\drivers\GemCCID.sys
    ==================================================

    ==================================================
    Filename : SMCLIB.SYS
    Address In Stack :
    From Address : 0x8c280000
    To Address : 0x8c28b000
    Size : 0x0000b000
    Time Stamp : 0x47918f6a
    Time String : 19/01/2008 05:49:30
    Product Name : Microsoft® Windows® Operating System
    File Description : Smard Card Driver Library
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\SMCLIB.SYS
    ==================================================

    ==================================================
    Filename : crashdmp.sys
    Address In Stack :
    From Address : 0x8c28b000
    To Address : 0x8c298000
    Size : 0x0000d000
    Time Stamp : 0x49e01ef0
    Time String : 11/04/2009 04:39:12
    Product Name : Microsoft® Windows® Operating System
    File Description : Crash Dump Driver
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\crashdmp.sys
    ==================================================

    ==================================================
    Filename : dump_diskdump.sys
    Address In Stack :
    From Address : 0x8c298000
    To Address : 0x8c2a2000
    Size : 0x0000a000
    Time Stamp : 0x49e01eef
    Time String : 11/04/2009 04:39:11
    Product Name :
    File Description :
    File Version :
    Company :
    Full Path :
    ==================================================

    ==================================================
    Filename : dump_nvstor32.sys
    Address In Stack :
    From Address : 0x8c2a2000
    To Address : 0x8c2bf000
    Size : 0x0001d000
    Time Stamp : 0x46bb58d8
    Time String : 09/08/2007 18:11:36
    Product Name :
    File Description :
    File Version :
    Company :
    Full Path :
    ==================================================

    ==================================================
    Filename : win32k.sys
    Address In Stack :
    From Address : 0x94c20000
    To Address : 0x94e24000
    Size : 0x00204000
    Time Stamp : 0x00000000
    Time String :
    Product Name : Microsoft® Windows® Operating System
    File Description : Multi-User Win32 Driver
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\win32k.sys
    ==================================================

    ==================================================
    Filename : Dxapi.sys
    Address In Stack :
    From Address : 0x8c3b5000
    To Address : 0x8c3bf000
    Size : 0x0000a000
    Time Stamp : 0x47918c4c
    Time String : 19/01/2008 05:36:12
    Product Name : Microsoft® Windows® Operating System
    File Description : DirectX API Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\Dxapi.sys
    ==================================================

    ==================================================
    Filename : hidusb.sys
    Address In Stack :
    From Address : 0x8c3bf000
    To Address : 0x8c3c8000
    Size : 0x00009000
    Time Stamp : 0x49e01fc8
    Time String : 11/04/2009 04:42:48
    Product Name : Microsoft® Windows® Operating System
    File Description : USB Miniport Driver for Input Devices
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\hidusb.sys
    ==================================================

    ==================================================
    Filename : HIDCLASS.SYS
    Address In Stack :
    From Address : 0x8c3c8000
    To Address : 0x8c3d8000
    Size : 0x00010000
    Time Stamp : 0x49e01fc7
    Time String : 11/04/2009 04:42:47
    Product Name : Microsoft® Windows® Operating System
    File Description : Hid Class Library
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\HIDCLASS.SYS
    ==================================================

    ==================================================
    Filename : HIDPARSE.SYS
    Address In Stack :
    From Address : 0x8c3d8000
    To Address : 0x8c3de380
    Size : 0x00006380
    Time Stamp : 0x4791904c
    Time String : 19/01/2008 05:53:16
    Product Name : Microsoft® Windows® Operating System
    File Description : Hid Parsing Library
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\HIDPARSE.SYS
    ==================================================

    ==================================================
    Filename : snp2uvc.sys
    Address In Stack :
    From Address : 0x97809000
    To Address : 0x979af280
    Size : 0x001a6280
    Time Stamp : 0x45c9ab5c
    Time String : 07/02/2007 10:35:08
    Product Name : USB2.0 PC Camera driver
    File Description : USB2.0 PC Camera driver
    File Version : 0, 1, 2, 1
    Company :
    Full Path : C:\Windows\system32\drivers\snp2uvc.sys
    ==================================================

    ==================================================
    Filename : STREAM.SYS
    Address In Stack :
    From Address : 0x979b0000
    To Address : 0x979bcf00
    Size : 0x0000cf00
    Time Stamp : 0x49e01fc7
    Time String : 11/04/2009 04:42:47
    Product Name : Microsoft® Windows® Operating System
    File Description : WDM CODEC Class Device Driver 2.0
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\STREAM.SYS
    ==================================================

    ==================================================
    Filename : sncduvc.SYS
    Address In Stack :
    From Address : 0x979bd000
    To Address : 0x979c3d00
    Size : 0x00006d00
    Time Stamp : 0x4593384e
    Time String : 28/12/2006 03:21:50
    Product Name : MicrosoftR WindowsR Operating System
    File Description : Universal Serial Bus Camera Driver
    File Version : 1.1.6.0
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\sncduvc.SYS
    ==================================================

    ==================================================
    Filename : usbccgp.sys
    Address In Stack :
    From Address : 0x979c4000
    To Address : 0x979db000
    Size : 0x00017000
    Time Stamp : 0x47919059
    Time String : 19/01/2008 05:53:29
    Product Name : Microsoft® Windows® Operating System
    File Description : USB Common Class Generic Parent Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\usbccgp.sys
    ==================================================

    ==================================================
    Filename : mouhid.sys
    Address In Stack :
    From Address : 0x979db000
    To Address : 0x979e3000
    Size : 0x00008000
    Time Stamp : 0x47918f5c
    Time String : 19/01/2008 05:49:16
    Product Name : Microsoft® Windows® Operating System
    File Description : HID Mouse Filter Driver
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\mouhid.sys
    ==================================================

    ==================================================
    Filename : moufiltr.sys
    Address In Stack :
    From Address : 0x979e3000
    To Address : 0x979eb000
    Size : 0x00008000
    Time Stamp : 0x45a2ee52
    Time String : 09/01/2007 01:22:26
    Product Name : Chic Mouse
    File Description : Mouse Filter Driver
    File Version : 5.00.1636.1
    Company : Chic
    Full Path : C:\Windows\system32\drivers\moufiltr.sys
    ==================================================

    ==================================================
    Filename : usbscan.sys
    Address In Stack :
    From Address : 0x979eb000
    To Address : 0x979f8000
    Size : 0x0000d000
    Time Stamp : 0x47919531
    Time String : 19/01/2008 06:14:09
    Product Name : Microsoft® Windows® Operating System
    File Description : USB Scanner Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\usbscan.sys
    ==================================================

    ==================================================
    Filename : usbprint.sys
    Address In Stack :
    From Address : 0x8c3df000
    To Address : 0x8c3e9000
    Size : 0x0000a000
    Time Stamp : 0x47919550
    Time String : 19/01/2008 06:14:40
    Product Name : Microsoft® Windows® Operating System
    File Description : USB Printer driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\usbprint.sys
    ==================================================

    ==================================================
    Filename : monitor.sys
    Address In Stack :
    From Address : 0x8c3e9000
    To Address : 0x8c3f8000
    Size : 0x0000f000
    Time Stamp : 0x47919013
    Time String : 19/01/2008 05:52:19
    Product Name : Microsoft® Windows® Operating System
    File Description : Monitor Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\monitor.sys
    ==================================================

    ==================================================
    Filename : TSDDD.dll
    Address In Stack :
    From Address : 0x94e40000
    To Address : 0x94e49000
    Size : 0x00009000
    Time Stamp : 0x00000000
    Time String :
    Product Name : Microsoft® Windows® Operating System
    File Description : Framebuffer Display Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\TSDDD.dll
    ==================================================

    ==================================================
    Filename : cdd.dll
    Address In Stack :
    From Address : 0x94e60000
    To Address : 0x94e6e000
    Size : 0x0000e000
    Time Stamp : 0x00000000
    Time String :
    Product Name : Microsoft® Windows® Operating System
    File Description : Canonical Display Driver
    File Version : 7.0.6002.22573 (vistasp2_ldr.110120-0254)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\cdd.dll
    ==================================================

    ==================================================
    Filename : luafv.sys
    Address In Stack :
    From Address : 0x82d17000
    To Address : 0x82d32000
    Size : 0x0001b000
    Time Stamp : 0x47918afb
    Time String : 19/01/2008 05:30:35
    Product Name : Microsoft® Windows® Operating System
    File Description : LUA File Virtualization Filter Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\luafv.sys
    ==================================================

    ==================================================
    Filename : spsys.sys
    Address In Stack :
    From Address : 0x9d604000
    To Address : 0x9d6b4000
    Size : 0x000b0000
    Time Stamp : 0x49b69f04
    Time String : 10/03/2009 17:10:28
    Product Name : Microsoft® Windows® Operating System
    File Description : security processor
    File Version : 6.0.6002.17040 (longhorn(sepbld-s).090310-1002)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\spsys.sys
    ==================================================

    ==================================================
    Filename : lltdio.sys
    Address In Stack :
    From Address : 0x9d6b4000
    To Address : 0x9d6c4000
    Size : 0x00010000
    Time Stamp : 0x479190b7
    Time String : 19/01/2008 05:55:03
    Product Name : Microsoft® Windows® Operating System
    File Description : Link-Layer Topology Mapper I/O Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\lltdio.sys
    ==================================================

    ==================================================
    Filename : ndisuio.sys
    Address In Stack :
    From Address : 0x9d6ee000
    To Address : 0x9d6f8000
    Size : 0x0000a000
    Time Stamp : 0x479190dc
    Time String : 19/01/2008 05:55:40
    Product Name : Microsoft® Windows® Operating System
    File Description : NDIS User mode I/O driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\ndisuio.sys
    ==================================================

    ==================================================
    Filename : pnarp.sys
    Address In Stack :
    From Address : 0x9d6f8000
    To Address : 0x9d702000
    Size : 0x0000a000
    Time Stamp : 0x4a2a07a1
    Time String : 06/06/2009 06:07:29
    Product Name : Pure Networks Platform
    File Description : Address Resolution Protocol Driver
    File Version : 11.3.09156.1
    Company : Cisco Systems, Inc.
    Full Path : C:\Windows\system32\drivers\pnarp.sys
    ==================================================

    ==================================================
    Filename : purendis.sys
    Address In Stack :
    From Address : 0x9d702000
    To Address : 0x9d70c000
    Size : 0x0000a000
    Time Stamp : 0x4a29f15c
    Time String : 06/06/2009 04:32:28
    Product Name : Pure Networks Platform
    File Description : NDIS Relay Driver
    File Version : 11.3.09156.1
    Company : Cisco Systems, Inc.
    Full Path : C:\Windows\system32\drivers\purendis.sys
    ==================================================

    ==================================================
    Filename : rspndr.sys
    Address In Stack :
    From Address : 0x9d70c000
    To Address : 0x9d71f000
    Size : 0x00013000
    Time Stamp : 0x479190b7
    Time String : 19/01/2008 05:55:03
    Product Name : Microsoft® Windows® Operating System
    File Description : Link-Layer Topology Responder Driver for NDIS 6
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\rspndr.sys
    ==================================================

    ==================================================
    Filename : HTTP.sys
    Address In Stack :
    From Address : 0x9d71f000
    To Address : 0x9d78c000
    Size : 0x0006d000
    Time Stamp : 0x4b804bcb
    Time String : 20/02/2010 20:53:31
    Product Name : Microsoft® Windows® Operating System
    File Description : HTTP Protocol Stack
    File Version : 6.0.6002.18136 (vistasp2_gdr.091102-2300)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\HTTP.sys
    ==================================================

    ==================================================
    Filename : srvnet.sys
    Address In Stack :
    From Address : 0x9d78c000
    To Address : 0x9d7a9000
    Size : 0x0001d000
    Time Stamp : 0x4dbabc34
    Time String : 29/04/2011 13:25:08
    Product Name : Microsoft® Windows® Operating System
    File Description : Server Network driver
    File Version : 6.0.6002.18462 (vistasp2_gdr.110429-0338)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\srvnet.sys
    ==================================================

    ==================================================
    Filename : bowser.sys
    Address In Stack :
    From Address : 0x9d7a9000
    To Address : 0x9d7c2000
    Size : 0x00019000
    Time Stamp : 0x4d63b8ea
    Time String : 22/02/2011 13:23:54
    Product Name : Microsoft® Windows® Operating System
    File Description : NT Lan Manager Datagram Receiver Driver
    File Version : 6.0.6002.18409 (vistasp2_gdr.110222-0237)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\bowser.sys
    ==================================================

    ==================================================
    Filename : mpsdrv.sys
    Address In Stack :
    From Address : 0x9d7c2000
    To Address : 0x9d7d7000
    Size : 0x00015000
    Time Stamp : 0x479190a5
    Time String : 19/01/2008 05:54:45
    Product Name : Microsoft® Windows® Operating System
    File Description : Microsoft Protection Service Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\mpsdrv.sys
    ==================================================

    ==================================================
    Filename : mrxdav.sys
    Address In Stack :
    From Address : 0x9d7d7000
    To Address : 0x9d7f8000
    Size : 0x00021000
    Time Stamp : 0x49e0192f
    Time String : 11/04/2009 04:14:39
    Product Name : Microsoft® Windows® Operating System
    File Description : Windows NT WebDav Minirdr
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\mrxdav.sys
    ==================================================

    ==================================================
    Filename : mrxsmb.sys
    Address In Stack :
    From Address : 0x9f60f000
    To Address : 0x9f62e000
    Size : 0x0001f000
    Time Stamp : 0x4dbabc17
    Time String : 29/04/2011 13:24:39
    Product Name : Microsoft® Windows® Operating System
    File Description : Windows NT SMB Minirdr
    File Version : 6.0.6002.18462 (vistasp2_gdr.110429-0338)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\mrxsmb.sys
    ==================================================

    ==================================================
    Filename : mrxsmb10.sys
    Address In Stack :
    From Address : 0x9f62e000
    To Address : 0x9f667000
    Size : 0x00039000
    Time Stamp : 0x4e147fe2
    Time String : 06/07/2011 15:31:46
    Product Name : Microsoft® Windows® Operating System
    File Description : Longhorn SMB Downlevel SubRdr
    File Version : 6.0.6002.18490 (vistasp2_gdr.110706-0539)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\mrxsmb10.sys
    ==================================================

    ==================================================
    Filename : mrxsmb20.sys
    Address In Stack :
    From Address : 0x9f667000
    To Address : 0x9f67f000
    Size : 0x00018000
    Time Stamp : 0x4dbabc19
    Time String : 29/04/2011 13:24:41
    Product Name : Microsoft® Windows® Operating System
    File Description : Longhorn SMB 2.0 Redirector
    File Version : 6.0.6002.18462 (vistasp2_gdr.110429-0338)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\mrxsmb20.sys
    ==================================================

    ==================================================
    Filename : srv2.sys
    Address In Stack :
    From Address : 0x9f67f000
    To Address : 0x9f6a7000
    Size : 0x00028000
    Time Stamp : 0x4dbabc35
    Time String : 29/04/2011 13:25:09
    Product Name : Microsoft® Windows® Operating System
    File Description : Smb 2.0 Server driver
    File Version : 6.0.6002.18462 (vistasp2_gdr.110429-0338)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\srv2.sys
    ==================================================

    ==================================================
    Filename : srv.sys
    Address In Stack :
    From Address : 0x9f6a7000
    To Address : 0x9f6f6000
    Size : 0x0004f000
    Time Stamp : 0x4d5e7c30
    Time String : 18/02/2011 14:03:28
    Product Name : Microsoft® Windows® Operating System
    File Description : Server driver
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\srv.sys
    ==================================================

    ==================================================
    Filename : peauth.sys
    Address In Stack :
    From Address : 0x9f70e000
    To Address : 0x9f7ec000
    Size : 0x000de000
    Time Stamp : 0x453c8384
    Time String : 23/10/2006 08:55:32
    Product Name : Microsoft® Windows® Operating System
    File Description : Protected Environment Authentication and Authorization Export Driver
    File Version : 6.0.5840.16385 (VISTA_RTM_CLIENT_akaDMD.061022-1800)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\peauth.sys
    ==================================================

    ==================================================
    Filename : secdrv.SYS
    Address In Stack :
    From Address : 0x9f7ec000
    To Address : 0x9f7f6000
    Size : 0x0000a000
    Time Stamp : 0x45080528
    Time String : 13/09/2006 13:18:32
    Product Name : Macrovision SECURITY Driver
    File Description : Macrovision SECURITY Driver
    File Version : 4.03.086
    Company : Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
    Full Path : C:\Windows\system32\drivers\secdrv.SYS
    ==================================================

    ==================================================
    Filename : tcpipreg.sys
    Address In Stack :
    From Address : 0x9f600000
    To Address : 0x9f60c000
    Size : 0x0000c000
    Time Stamp : 0x4e7898a3
    Time String : 20/09/2011 13:44:03
    Product Name : Microsoft® Windows® Operating System
    File Description : TCP/IP Registry Compatibility Driver
    File Version : 6.0.6002.22719 (vistasp2_ldr.110920-0346)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\tcpipreg.sys
    ==================================================

    ==================================================
    Filename : ipnat.sys
    Address In Stack :
    From Address : 0xa320d000
    To Address : 0xa3233000
    Size : 0x00026000
    Time Stamp : 0x4791910c
    Time String : 19/01/2008 05:56:28
    Product Name : Microsoft® Windows® Operating System
    File Description : IP Network Address Translator
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\ipnat.sys
    ==================================================

    ==================================================
    Filename : cdfs.sys
    Address In Stack :
    From Address : 0xa3233000
    To Address : 0xa3249000
    Size : 0x00016000
    Time Stamp : 0x47918a62
    Time String : 19/01/2008 05:28:02
    Product Name : Microsoft® Windows® Operating System
    File Description : CD-ROM File System Driver
    File Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\cdfs.sys
    ==================================================

    ==================================================
    Filename : MpNWMon.sys
    Address In Stack :
    From Address : 0xa3249000
    To Address : 0xa3252200
    Size : 0x00009200
    Time Stamp : 0x4d9cb032
    Time String : 06/04/2011 18:25:54
    Product Name : Microsoft Malware Protection
    File Description : Network monitor driver
    File Version : 3.0.8239.0
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\MpNWMon.sys
    ==================================================

    ==================================================
    Filename : NisDrvWFP.sys
    Address In Stack :
    From Address : 0xa3253000
    To Address : 0xa3261680
    Size : 0x0000e680
    Time Stamp : 0x4d9cb056
    Time String : 06/04/2011 18:26:30
    Product Name : Microsoft Forefront System
    File Description : Microsoft Network Inspection System Driver
    File Version : 3.0.8239.0
    Company : Microsoft Corporation
    Full Path : C:\Windows\system32\drivers\NisDrvWFP.sys
    ==================================================

    ==================================================
    Filename : ATMFD.DLL
    Address In Stack :
    From Address : 0x94e70000
    To Address : 0x94ebd000
    Size : 0x0004d000
    Time Stamp : 0x00000000
    Time String :
    Product Name : Adobe Type Manager
    File Description : Windows NT OpenType/Type 1 Font Driver
    File Version : 5.1 Build 232
    Company : Adobe Systems Incorporated
    Full Path : C:\Windows\system32\ATMFD.DLL
    ==================================================
     
  24. captainiom

    captainiom TS Rookie Topic Starter Posts: 21

    Manaed to et it in two parts this time - rouhly 50k each. O/S still tryin to install driver for unidentified device. System seems stable other than that. No crashes since BSOD.txt created.

    jsm
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I don't see any BSOD fro 2012.

    As for that installer....

    Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    No installation required.
    Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
    Go File>Save, and save it as AutoRuns.txt file to know location.
    You must select Text from drop-down menu as a file type:

    [​IMG]

    Attach the file to your next reply.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...