Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot.Tidserv (Help!)


  • Please log in to reply
8 replies to this topic

#1 Showtime100

Showtime100

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 11 February 2012 - 10:17 PM

I have a Windows Vista Home Premium with Norton 360 that has been infected by a germ called Boot.Tidserv. Based on hits from the internet others had had this problem as well, with the same results (or lack thereof as I have).

Three days ago is was online doing usual stuff and suddenly a message came from Norton saying something tried to attach, but was blocked. I will add that the message was red and had an X in it as if the trouble was not resolved. Seconds later another message saying something in the computer was acting suspiciously. The the computer started to react to the problem. Half my desktop icons were gone and I was panicked.

I did a system restore setting it back 24 hours and it seemed to do the trick. I did not....at least I don't think so. I got another red message saying Boot.Tidserve had infected and I needed to get rid of it.

I did a full system scan, per a Norton page I had gone to and nothing. I downloaded their power eraser...nothing. I tried Malewarebyte anti-malware....nothing. After a reboot I got the same Norton message and in exasperation I hit "fix it" and "apply all" one more time. Surprisingly I got a green check mark saying it had been fixed. A red X message followed as soon as I went back online. I called Norton and got nowhere (of course).

Online research suggested that there is a chance the problem was solved but Norton simply doesn't know it since it might not have been their product that eradicated the problem, but as long as I'm getting these red X messages I can't risk that assumption.

Behavior right now is as follows: My system seems in very good heath when online. All systems are behaving normally. Then as soon as I go online and get the red message (not effecting system performance, just the message). I try to fix it per the message and of course the attempt fails. Message rarely (if ever) shows after that first one, but still will show up after first minute or two online.

Sorry for being longwinded, I was just hoping to paint an accurate picture of my circumstance.

Thank you all for your time.

John

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:52 PM

Posted 11 February 2012 - 11:22 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Showtime100

Showtime100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 12 February 2012 - 06:56 PM

Ok, thanks for your response. I really appreciate your help. I have done step 1 and got one medium threat. The log is as follows:

17:47:59.0605 6412 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
17:48:00.0145 6412 ============================================================
17:48:00.0145 6412 Current date / time: 2012/02/12 17:48:00.0145
17:48:00.0145 6412 SystemInfo:
17:48:00.0145 6412
17:48:00.0145 6412 OS Version: 6.0.6002 ServicePack: 2.0
17:48:00.0145 6412 Product type: Workstation
17:48:00.0145 6412 ComputerName: JOHN-PC
17:48:00.0146 6412 UserName: John
17:48:00.0146 6412 Windows directory: C:\Windows
17:48:00.0146 6412 System windows directory: C:\Windows
17:48:00.0146 6412 Processor architecture: Intel x86
17:48:00.0146 6412 Number of processors: 2
17:48:00.0146 6412 Page size: 0x1000
17:48:00.0146 6412 Boot type: Normal boot
17:48:00.0146 6412 ============================================================
17:48:01.0337 6412 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
17:48:01.0353 6412 \Device\Harddisk0\DR0:
17:48:01.0353 6412 MBR used
17:48:01.0353 6412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C26C711
17:48:01.0353 6412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C26C750, BlocksNum 0xF57A80
17:48:01.0435 6412 Initialize success
17:48:01.0435 6412 ============================================================
17:49:26.0153 2112 ============================================================
17:49:26.0153 2112 Scan started
17:49:26.0153 2112 Mode: Manual; TDLFS;
17:49:26.0153 2112 ============================================================
17:49:27.0480 2112 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:49:27.0488 2112 ACPI - ok
17:49:27.0560 2112 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:49:27.0572 2112 adp94xx - ok
17:49:27.0614 2112 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:49:27.0623 2112 adpahci - ok
17:49:27.0660 2112 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:49:27.0665 2112 adpu160m - ok
17:49:27.0702 2112 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:49:27.0707 2112 adpu320 - ok
17:49:27.0904 2112 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:49:27.0912 2112 AFD - ok
17:49:27.0949 2112 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:49:27.0952 2112 agp440 - ok
17:49:27.0975 2112 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:49:27.0981 2112 aic78xx - ok
17:49:28.0026 2112 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
17:49:28.0027 2112 aliide - ok
17:49:28.0047 2112 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:49:28.0050 2112 amdagp - ok
17:49:28.0071 2112 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
17:49:28.0073 2112 amdide - ok
17:49:28.0096 2112 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:49:28.0098 2112 AmdK7 - ok
17:49:28.0148 2112 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
17:49:28.0149 2112 AmdK8 - ok
17:49:28.0180 2112 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:49:28.0182 2112 arc - ok
17:49:28.0215 2112 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:49:28.0217 2112 arcsas - ok
17:49:28.0271 2112 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:49:28.0273 2112 AsyncMac - ok
17:49:28.0316 2112 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:49:28.0320 2112 atapi - ok
17:49:28.0388 2112 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:49:28.0392 2112 Beep - ok
17:49:28.0611 2112 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys
17:49:28.0630 2112 BHDrvx86 - ok
17:49:28.0714 2112 blbdrive - ok
17:49:28.0792 2112 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:49:28.0796 2112 bowser - ok
17:49:28.0842 2112 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:49:28.0845 2112 BrFiltLo - ok
17:49:28.0859 2112 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:49:28.0861 2112 BrFiltUp - ok
17:49:28.0901 2112 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:49:28.0903 2112 Brserid - ok
17:49:28.0923 2112 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:49:28.0926 2112 BrSerWdm - ok
17:49:28.0944 2112 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:49:28.0946 2112 BrUsbMdm - ok
17:49:28.0959 2112 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:49:28.0961 2112 BrUsbSer - ok
17:49:28.0979 2112 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:49:28.0981 2112 BTHMODEM - ok
17:49:29.0043 2112 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
17:49:29.0046 2112 BVRPMPR5 - ok
17:49:29.0091 2112 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:49:29.0094 2112 cdfs - ok
17:49:29.0133 2112 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:49:29.0135 2112 cdrom - ok
17:49:29.0157 2112 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:49:29.0160 2112 circlass - ok
17:49:29.0215 2112 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:49:29.0220 2112 CLFS - ok
17:49:29.0261 2112 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
17:49:29.0263 2112 cmdide - ok
17:49:29.0284 2112 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
17:49:29.0286 2112 Compbatt - ok
17:49:29.0308 2112 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:49:29.0311 2112 crcdisk - ok
17:49:29.0331 2112 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:49:29.0333 2112 Crusoe - ok
17:49:29.0380 2112 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:49:29.0383 2112 DfsC - ok
17:49:29.0443 2112 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:49:29.0446 2112 disk - ok
17:49:29.0509 2112 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:49:29.0513 2112 drmkaud - ok
17:49:29.0561 2112 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:49:29.0571 2112 DXGKrnl - ok
17:49:29.0616 2112 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:49:29.0620 2112 E1G60 - ok
17:49:29.0677 2112 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:49:29.0681 2112 Ecache - ok
17:49:29.0781 2112 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:49:29.0788 2112 eeCtrl - ok
17:49:29.0827 2112 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\Windows\system32\DRIVERS\elagopro.sys
17:49:29.0831 2112 elagopro - ok
17:49:29.0914 2112 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\elaunidr.sys
17:49:29.0916 2112 elaunidr - ok
17:49:29.0990 2112 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:49:29.0997 2112 elxstor - ok
17:49:30.0130 2112 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:49:30.0132 2112 EraserUtilRebootDrv - ok
17:49:30.0190 2112 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:49:30.0194 2112 exfat - ok
17:49:30.0218 2112 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:49:30.0222 2112 fastfat - ok
17:49:30.0269 2112 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:49:30.0270 2112 fdc - ok
17:49:30.0337 2112 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:49:30.0340 2112 FileInfo - ok
17:49:30.0381 2112 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:49:30.0385 2112 Filetrace - ok
17:49:30.0406 2112 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:49:30.0410 2112 flpydisk - ok
17:49:30.0454 2112 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:49:30.0458 2112 FltMgr - ok
17:49:30.0516 2112 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:49:30.0518 2112 Fs_Rec - ok
17:49:30.0539 2112 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:49:30.0542 2112 gagp30kx - ok
17:49:30.0591 2112 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:49:30.0592 2112 GEARAspiWDM - ok
17:49:30.0669 2112 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:49:30.0674 2112 HdAudAddService - ok
17:49:30.0726 2112 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:49:30.0736 2112 HDAudBus - ok
17:49:30.0758 2112 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:49:30.0759 2112 HidBth - ok
17:49:30.0782 2112 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:49:30.0784 2112 HidIr - ok
17:49:30.0828 2112 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:49:30.0830 2112 HidUsb - ok
17:49:30.0884 2112 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:49:30.0888 2112 HpCISSs - ok
17:49:30.0966 2112 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
17:49:30.0981 2112 HSF_DP - ok
17:49:31.0006 2112 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
17:49:31.0011 2112 HSXHWBS2 - ok
17:49:31.0052 2112 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:49:31.0061 2112 HTTP - ok
17:49:31.0108 2112 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:49:31.0110 2112 i2omp - ok
17:49:31.0175 2112 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:49:31.0177 2112 i8042prt - ok
17:49:31.0198 2112 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:49:31.0204 2112 iaStorV - ok
17:49:31.0382 2112 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120210.002\IDSvix86.sys
17:49:31.0391 2112 IDSVix86 - ok
17:49:31.0414 2112 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:49:31.0416 2112 iirsp - ok
17:49:31.0552 2112 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
17:49:31.0582 2112 IntcAzAudAddService - ok
17:49:31.0619 2112 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
17:49:31.0621 2112 intelide - ok
17:49:31.0653 2112 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
17:49:31.0656 2112 intelppm - ok
17:49:31.0704 2112 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:49:31.0706 2112 IpFilterDriver - ok
17:49:31.0720 2112 IpInIp - ok
17:49:31.0745 2112 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:49:31.0747 2112 IPMIDRV - ok
17:49:31.0792 2112 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:49:31.0795 2112 IPNAT - ok
17:49:31.0842 2112 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:49:31.0844 2112 IRENUM - ok
17:49:31.0861 2112 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:49:31.0864 2112 isapnp - ok
17:49:31.0919 2112 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:49:31.0925 2112 iScsiPrt - ok
17:49:31.0950 2112 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:49:31.0954 2112 iteatapi - ok
17:49:31.0979 2112 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:49:31.0981 2112 iteraid - ok
17:49:32.0032 2112 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:49:32.0033 2112 kbdclass - ok
17:49:32.0084 2112 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:49:32.0104 2112 kbdhid - ok
17:49:32.0169 2112 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:49:32.0179 2112 KSecDD - ok
17:49:32.0241 2112 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:49:32.0244 2112 lltdio - ok
17:49:32.0280 2112 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:49:32.0284 2112 LSI_FC - ok
17:49:32.0300 2112 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:49:32.0303 2112 LSI_SAS - ok
17:49:32.0328 2112 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:49:32.0331 2112 LSI_SCSI - ok
17:49:32.0381 2112 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:49:32.0383 2112 luafv - ok
17:49:32.0432 2112 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:49:32.0454 2112 mdmxsdk - ok
17:49:32.0487 2112 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:49:32.0489 2112 megasas - ok
17:49:32.0533 2112 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:49:32.0534 2112 Modem - ok
17:49:32.0582 2112 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:49:32.0584 2112 monitor - ok
17:49:32.0626 2112 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:49:32.0649 2112 mouclass - ok
17:49:32.0695 2112 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:49:32.0697 2112 mouhid - ok
17:49:32.0747 2112 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:49:32.0750 2112 MountMgr - ok
17:49:32.0789 2112 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:49:32.0794 2112 mpio - ok
17:49:32.0819 2112 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:49:32.0824 2112 mpsdrv - ok
17:49:32.0862 2112 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:49:32.0866 2112 Mraid35x - ok
17:49:32.0916 2112 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:49:32.0922 2112 MRxDAV - ok
17:49:32.0961 2112 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:49:32.0966 2112 mrxsmb - ok
17:49:33.0000 2112 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:49:33.0008 2112 mrxsmb10 - ok
17:49:33.0040 2112 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:49:33.0045 2112 mrxsmb20 - ok
17:49:33.0064 2112 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
17:49:33.0066 2112 msahci - ok
17:49:33.0094 2112 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:49:33.0099 2112 msdsm - ok
17:49:33.0165 2112 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:49:33.0167 2112 Msfs - ok
17:49:33.0219 2112 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:49:33.0221 2112 msisadrv - ok
17:49:33.0247 2112 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:49:33.0249 2112 MSKSSRV - ok
17:49:33.0283 2112 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:49:33.0285 2112 MSPCLOCK - ok
17:49:33.0309 2112 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:49:33.0311 2112 MSPQM - ok
17:49:33.0336 2112 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:49:33.0341 2112 MsRPC - ok
17:49:33.0368 2112 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:49:33.0369 2112 mssmbios - ok
17:49:33.0389 2112 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:49:33.0390 2112 MSTEE - ok
17:49:33.0410 2112 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:49:33.0412 2112 Mup - ok
17:49:33.0481 2112 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:49:33.0485 2112 NativeWifiP - ok
17:49:33.0605 2112 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120211.006\NAVENG.SYS
17:49:33.0608 2112 NAVENG - ok
17:49:33.0680 2112 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120211.006\NAVEX15.SYS
17:49:33.0713 2112 NAVEX15 - ok
17:49:33.0834 2112 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:49:33.0842 2112 NDIS - ok
17:49:33.0893 2112 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:49:33.0894 2112 NdisTapi - ok
17:49:33.0938 2112 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:49:33.0939 2112 Ndisuio - ok
17:49:33.0985 2112 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:49:33.0988 2112 NdisWan - ok
17:49:34.0029 2112 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:49:34.0032 2112 NDProxy - ok
17:49:34.0089 2112 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:49:34.0091 2112 NetBIOS - ok
17:49:34.0118 2112 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:49:34.0121 2112 netbt - ok
17:49:34.0169 2112 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:49:34.0172 2112 nfrd960 - ok
17:49:34.0198 2112 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:49:34.0200 2112 Npfs - ok
17:49:34.0249 2112 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:49:34.0250 2112 nsiproxy - ok
17:49:34.0321 2112 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:49:34.0339 2112 Ntfs - ok
17:49:34.0357 2112 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:49:34.0358 2112 ntrigdigi - ok
17:49:34.0376 2112 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:49:34.0378 2112 Null - ok
17:49:34.0446 2112 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
17:49:34.0462 2112 NVENETFD - ok
17:49:34.0690 2112 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:49:34.0870 2112 nvlddmkm - ok
17:49:35.0163 2112 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:49:35.0175 2112 nvraid - ok
17:49:35.0201 2112 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:49:35.0203 2112 nvstor - ok
17:49:35.0249 2112 nvstor32 (a1ce1a6fd74c046f029448fcfa5e386d) C:\Windows\system32\DRIVERS\nvstor32.sys
17:49:35.0251 2112 nvstor32 - ok
17:49:35.0275 2112 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:49:35.0278 2112 nv_agp - ok
17:49:35.0289 2112 NwlnkFlt - ok
17:49:35.0303 2112 NwlnkFwd - ok
17:49:35.0357 2112 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:49:35.0359 2112 ohci1394 - ok
17:49:35.0387 2112 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:49:35.0390 2112 Parport - ok
17:49:35.0431 2112 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:49:35.0440 2112 partmgr - ok
17:49:35.0470 2112 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:49:35.0472 2112 Parvdm - ok
17:49:35.0498 2112 PcdrNdisuio - ok
17:49:35.0555 2112 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:49:35.0566 2112 pci - ok
17:49:35.0591 2112 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:49:35.0594 2112 pciide - ok
17:49:35.0614 2112 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:49:35.0618 2112 pcmcia - ok
17:49:35.0704 2112 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:49:35.0720 2112 PEAUTH - ok
17:49:35.0916 2112 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:49:35.0931 2112 PptpMiniport - ok
17:49:35.0969 2112 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:49:35.0973 2112 Processor - ok
17:49:36.0030 2112 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
17:49:36.0031 2112 Ps2 - ok
17:49:36.0089 2112 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:49:36.0090 2112 PSched - ok
17:49:36.0152 2112 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
17:49:36.0155 2112 PxHelp20 - ok
17:49:36.0207 2112 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:49:36.0232 2112 ql2300 - ok
17:49:36.0264 2112 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:49:36.0268 2112 ql40xx - ok
17:49:36.0319 2112 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:49:36.0322 2112 QWAVEdrv - ok
17:49:36.0358 2112 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:49:36.0390 2112 RasAcd - ok
17:49:36.0454 2112 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:49:36.0458 2112 Rasl2tp - ok
17:49:36.0514 2112 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:49:36.0516 2112 RasPppoe - ok
17:49:36.0581 2112 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:49:36.0590 2112 RasSstp - ok
17:49:36.0622 2112 rcmirror (2564ddfad0e934123f84c74185a3e137) C:\Windows\system32\DRIVERS\rcmirror.sys
17:49:36.0623 2112 rcmirror - ok
17:49:36.0688 2112 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:49:36.0693 2112 rdbss - ok
17:49:36.0704 2112 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:49:36.0705 2112 RDPCDD - ok
17:49:36.0749 2112 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:49:36.0753 2112 rdpdr - ok
17:49:36.0764 2112 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:49:36.0766 2112 RDPENCDD - ok
17:49:36.0819 2112 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:49:36.0826 2112 RDPWD - ok
17:49:36.0881 2112 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:49:36.0884 2112 rspndr - ok
17:49:36.0908 2112 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:49:36.0911 2112 sbp2port - ok
17:49:36.0947 2112 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:49:36.0949 2112 secdrv - ok
17:49:36.0976 2112 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:49:36.0978 2112 Serenum - ok
17:49:36.0996 2112 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:49:36.0999 2112 Serial - ok
17:49:37.0047 2112 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:49:37.0065 2112 sermouse - ok
17:49:37.0108 2112 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:49:37.0111 2112 sffdisk - ok
17:49:37.0122 2112 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:49:37.0123 2112 sffp_mmc - ok
17:49:37.0141 2112 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:49:37.0142 2112 sffp_sd - ok
17:49:37.0164 2112 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:49:37.0166 2112 sfloppy - ok
17:49:37.0194 2112 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:49:37.0196 2112 sisagp - ok
17:49:37.0221 2112 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:49:37.0223 2112 SiSRaid2 - ok
17:49:37.0242 2112 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:49:37.0245 2112 SiSRaid4 - ok
17:49:37.0312 2112 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:49:37.0320 2112 Smb - ok
17:49:37.0366 2112 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:49:37.0368 2112 spldr - ok
17:49:37.0501 2112 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS
17:49:37.0524 2112 SRTSP - ok
17:49:37.0564 2112 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS
17:49:37.0565 2112 SRTSPX - ok
17:49:37.0645 2112 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:49:37.0652 2112 srv - ok
17:49:37.0689 2112 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:49:37.0693 2112 srv2 - ok
17:49:37.0709 2112 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:49:37.0712 2112 srvnet - ok
17:49:37.0785 2112 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:49:37.0787 2112 swenum - ok
17:49:37.0823 2112 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:49:37.0826 2112 Symc8xx - ok
17:49:37.0979 2112 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS
17:49:37.0991 2112 SymDS - ok
17:49:38.0030 2112 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS
17:49:38.0043 2112 SymEFA - ok
17:49:38.0071 2112 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
17:49:38.0073 2112 SymEvent - ok
17:49:38.0092 2112 SYMFW - ok
17:49:38.0147 2112 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS
17:49:38.0151 2112 SymIRON - ok
17:49:38.0162 2112 SYMNDISV - ok
17:49:38.0268 2112 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS
17:49:38.0280 2112 SYMTDIv - ok
17:49:38.0320 2112 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:49:38.0322 2112 Sym_hi - ok
17:49:38.0339 2112 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:49:38.0341 2112 Sym_u3 - ok
17:49:38.0424 2112 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:49:38.0439 2112 Tcpip - ok
17:49:38.0466 2112 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:49:38.0475 2112 Tcpip6 - ok
17:49:38.0511 2112 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:49:38.0514 2112 tcpipreg - ok
17:49:38.0562 2112 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:49:38.0575 2112 TDPIPE - ok
17:49:38.0599 2112 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:49:38.0601 2112 TDTCP - ok
17:49:38.0652 2112 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:49:38.0654 2112 tdx - ok
17:49:38.0672 2112 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:49:38.0691 2112 TermDD - ok
17:49:38.0769 2112 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:49:38.0770 2112 tssecsrv - ok
17:49:38.0822 2112 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:49:38.0823 2112 tunmp - ok
17:49:38.0864 2112 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:49:38.0882 2112 tunnel - ok
17:49:38.0927 2112 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:49:38.0930 2112 uagp35 - ok
17:49:38.0976 2112 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:49:38.0982 2112 udfs - ok
17:49:39.0028 2112 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:49:39.0030 2112 uliagpkx - ok
17:49:39.0056 2112 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:49:39.0061 2112 uliahci - ok
17:49:39.0083 2112 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:49:39.0086 2112 UlSata - ok
17:49:39.0107 2112 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:49:39.0110 2112 ulsata2 - ok
17:49:39.0159 2112 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:49:39.0180 2112 umbus - ok
17:49:39.0246 2112 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:49:39.0249 2112 usbccgp - ok
17:49:39.0269 2112 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:49:39.0271 2112 usbcir - ok
17:49:39.0316 2112 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:49:39.0317 2112 usbehci - ok
17:49:39.0390 2112 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:49:39.0419 2112 usbhub - ok
17:49:39.0456 2112 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:49:39.0466 2112 usbohci - ok
17:49:39.0511 2112 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:49:39.0513 2112 usbprint - ok
17:49:39.0569 2112 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:49:39.0583 2112 usbscan - ok
17:49:39.0608 2112 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:49:39.0610 2112 USBSTOR - ok
17:49:39.0691 2112 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
17:49:39.0714 2112 usbuhci - ok
17:49:39.0763 2112 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:49:39.0766 2112 vga - ok
17:49:39.0812 2112 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:49:39.0827 2112 VgaSave - ok
17:49:39.0856 2112 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:49:39.0859 2112 viaagp - ok
17:49:39.0875 2112 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:49:39.0878 2112 ViaC7 - ok
17:49:39.0896 2112 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
17:49:39.0897 2112 viaide - ok
17:49:39.0913 2112 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:49:39.0915 2112 volmgr - ok
17:49:39.0942 2112 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:49:39.0947 2112 volmgrx - ok
17:49:40.0059 2112 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:49:40.0071 2112 volsnap - ok
17:49:40.0102 2112 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:49:40.0105 2112 vsmraid - ok
17:49:40.0137 2112 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:49:40.0139 2112 WacomPen - ok
17:49:40.0174 2112 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:49:40.0189 2112 Wanarp - ok
17:49:40.0195 2112 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:49:40.0196 2112 Wanarpv6 - ok
17:49:40.0231 2112 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:49:40.0233 2112 Wd - ok
17:49:40.0284 2112 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:49:40.0294 2112 Wdf01000 - ok
17:49:40.0386 2112 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:49:40.0405 2112 winachsf - ok
17:49:40.0513 2112 WmBEnum (84a90f13eebf4380345ef9474d30f10e) C:\Windows\system32\drivers\WmBEnum.sys
17:49:40.0516 2112 WmBEnum - ok
17:49:40.0539 2112 WmFilter (eb0034ac02a44dc784a3174d2b81e764) C:\Windows\system32\drivers\WmFilter.sys
17:49:40.0540 2112 WmFilter - ok
17:49:40.0580 2112 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
17:49:40.0582 2112 WmiAcpi - ok
17:49:40.0612 2112 WmVirHid (72c4f5a748c74d8d4016ccfa7367210f) C:\Windows\system32\drivers\WmVirHid.sys
17:49:40.0638 2112 WmVirHid - ok
17:49:40.0682 2112 WmXlCore (eacdcced934a185e61ce0684f71c2dec) C:\Windows\system32\drivers\WmXlCore.sys
17:49:40.0684 2112 WmXlCore - ok
17:49:40.0735 2112 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:49:40.0737 2112 WpdUsb - ok
17:49:40.0787 2112 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:49:40.0789 2112 ws2ifsl - ok
17:49:40.0887 2112 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:49:40.0890 2112 WUDFRd - ok
17:49:40.0940 2112 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
17:49:40.0952 2112 XAudio - ok
17:49:40.0995 2112 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
17:49:41.0226 2112 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:49:41.0226 2112 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:49:41.0235 2112 Boot (0x1200) (66d7f2b1b3f8b4ae8daaa94f9c55703f) \Device\Harddisk0\DR0\Partition0
17:49:41.0236 2112 \Device\Harddisk0\DR0\Partition0 - ok
17:49:41.0256 2112 Boot (0x1200) (8e01ff2e8987a014c0c2492843830b75) \Device\Harddisk0\DR0\Partition1
17:49:41.0258 2112 \Device\Harddisk0\DR0\Partition1 - ok
17:49:41.0259 2112 ============================================================
17:49:41.0259 2112 Scan finished
17:49:41.0259 2112 ============================================================
17:49:41.0295 5532 Detected object count: 1
17:49:41.0295 5532 Actual detected object count: 1
17:50:13.0623 5532 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:50:13.0624 5532 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:50:25.0713 6556 ============================================================
17:50:25.0713 6556 Scan started
17:50:25.0713 6556 Mode: Manual; TDLFS;
17:50:25.0713 6556 ============================================================
17:50:25.0998 6556 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:50:26.0001 6556 ACPI - ok
17:50:26.0044 6556 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:50:26.0048 6556 adp94xx - ok
17:50:26.0072 6556 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:50:26.0075 6556 adpahci - ok
17:50:26.0095 6556 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:50:26.0096 6556 adpu160m - ok
17:50:26.0114 6556 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:50:26.0116 6556 adpu320 - ok
17:50:26.0174 6556 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:50:26.0176 6556 AFD - ok
17:50:26.0195 6556 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:50:26.0197 6556 agp440 - ok
17:50:26.0221 6556 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:50:26.0222 6556 aic78xx - ok
17:50:26.0248 6556 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
17:50:26.0249 6556 aliide - ok
17:50:26.0269 6556 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:50:26.0270 6556 amdagp - ok
17:50:26.0293 6556 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
17:50:26.0293 6556 amdide - ok
17:50:26.0318 6556 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:50:26.0318 6556 AmdK7 - ok
17:50:26.0361 6556 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
17:50:26.0362 6556 AmdK8 - ok
17:50:26.0385 6556 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:50:26.0386 6556 arc - ok
17:50:26.0404 6556 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:50:26.0405 6556 arcsas - ok
17:50:26.0452 6556 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:50:26.0453 6556 AsyncMac - ok
17:50:26.0497 6556 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:50:26.0498 6556 atapi - ok
17:50:26.0552 6556 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:50:26.0553 6556 Beep - ok
17:50:26.0694 6556 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys
17:50:26.0701 6556 BHDrvx86 - ok
17:50:26.0722 6556 blbdrive - ok
17:50:26.0790 6556 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:50:26.0792 6556 bowser - ok
17:50:26.0832 6556 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:50:26.0833 6556 BrFiltLo - ok
17:50:26.0848 6556 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:50:26.0850 6556 BrFiltUp - ok
17:50:26.0874 6556 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:50:26.0875 6556 Brserid - ok
17:50:26.0905 6556 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:50:26.0906 6556 BrSerWdm - ok
17:50:26.0925 6556 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:50:26.0926 6556 BrUsbMdm - ok
17:50:26.0937 6556 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:50:26.0938 6556 BrUsbSer - ok
17:50:26.0960 6556 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:50:26.0962 6556 BTHMODEM - ok
17:50:27.0008 6556 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
17:50:27.0009 6556 BVRPMPR5 - ok
17:50:27.0056 6556 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:50:27.0057 6556 cdfs - ok
17:50:27.0098 6556 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:50:27.0099 6556 cdrom - ok
17:50:27.0122 6556 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:50:27.0123 6556 circlass - ok
17:50:27.0171 6556 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:50:27.0174 6556 CLFS - ok
17:50:27.0201 6556 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
17:50:27.0202 6556 cmdide - ok
17:50:27.0224 6556 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
17:50:27.0226 6556 Compbatt - ok
17:50:27.0264 6556 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:50:27.0266 6556 crcdisk - ok
17:50:27.0287 6556 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:50:27.0289 6556 Crusoe - ok
17:50:27.0337 6556 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:50:27.0338 6556 DfsC - ok
17:50:27.0383 6556 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:50:27.0384 6556 disk - ok
17:50:27.0432 6556 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:50:27.0433 6556 drmkaud - ok
17:50:27.0492 6556 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:50:27.0497 6556 DXGKrnl - ok
17:50:27.0515 6556 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:50:27.0517 6556 E1G60 - ok
17:50:27.0567 6556 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:50:27.0569 6556 Ecache - ok
17:50:27.0688 6556 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:50:27.0691 6556 eeCtrl - ok
17:50:27.0728 6556 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\Windows\system32\DRIVERS\elagopro.sys
17:50:27.0729 6556 elagopro - ok
17:50:27.0771 6556 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\elaunidr.sys
17:50:27.0772 6556 elaunidr - ok
17:50:27.0813 6556 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:50:27.0817 6556 elxstor - ok
17:50:27.0862 6556 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:50:27.0864 6556 EraserUtilRebootDrv - ok
17:50:27.0915 6556 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:50:27.0917 6556 exfat - ok
17:50:27.0943 6556 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:50:27.0944 6556 fastfat - ok
17:50:27.0976 6556 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:50:27.0977 6556 fdc - ok
17:50:28.0036 6556 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:50:28.0038 6556 FileInfo - ok
17:50:28.0081 6556 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:50:28.0082 6556 Filetrace - ok
17:50:28.0097 6556 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:50:28.0099 6556 flpydisk - ok
17:50:28.0145 6556 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:50:28.0147 6556 FltMgr - ok
17:50:28.0173 6556 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:50:28.0174 6556 Fs_Rec - ok
17:50:28.0197 6556 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:50:28.0199 6556 gagp30kx - ok
17:50:28.0241 6556 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:50:28.0242 6556 GEARAspiWDM - ok
17:50:28.0286 6556 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:50:28.0288 6556 HdAudAddService - ok
17:50:28.0343 6556 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:50:28.0348 6556 HDAudBus - ok
17:50:28.0366 6556 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:50:28.0367 6556 HidBth - ok
17:50:28.0390 6556 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:50:28.0391 6556 HidIr - ok
17:50:28.0436 6556 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:50:28.0437 6556 HidUsb - ok
17:50:28.0467 6556 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:50:28.0468 6556 HpCISSs - ok
17:50:28.0540 6556 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
17:50:28.0549 6556 HSF_DP - ok
17:50:28.0572 6556 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
17:50:28.0575 6556 HSXHWBS2 - ok
17:50:28.0627 6556 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:50:28.0632 6556 HTTP - ok
17:50:28.0658 6556 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:50:28.0659 6556 i2omp - ok
17:50:28.0700 6556 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:50:28.0701 6556 i8042prt - ok
17:50:28.0723 6556 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:50:28.0727 6556 iaStorV - ok
17:50:28.0907 6556 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120210.002\IDSvix86.sys
17:50:28.0915 6556 IDSVix86 - ok
17:50:28.0948 6556 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:50:28.0950 6556 iirsp - ok
17:50:29.0068 6556 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
17:50:29.0086 6556 IntcAzAudAddService - ok
17:50:29.0103 6556 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
17:50:29.0104 6556 intelide - ok
17:50:29.0129 6556 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
17:50:29.0130 6556 intelppm - ok
17:50:29.0180 6556 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:50:29.0181 6556 IpFilterDriver - ok
17:50:29.0196 6556 IpInIp - ok
17:50:29.0220 6556 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:50:29.0222 6556 IPMIDRV - ok
17:50:29.0267 6556 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:50:29.0269 6556 IPNAT - ok
17:50:29.0309 6556 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:50:29.0310 6556 IRENUM - ok
17:50:29.0337 6556 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:50:29.0339 6556 isapnp - ok
17:50:29.0386 6556 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:50:29.0390 6556 iScsiPrt - ok
17:50:29.0409 6556 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:50:29.0411 6556 iteatapi - ok
17:50:29.0430 6556 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:50:29.0432 6556 iteraid - ok
17:50:29.0474 6556 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:50:29.0475 6556 kbdclass - ok
17:50:29.0527 6556 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:50:29.0527 6556 kbdhid - ok
17:50:29.0586 6556 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:50:29.0591 6556 KSecDD - ok
17:50:29.0659 6556 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:50:29.0660 6556 lltdio - ok
17:50:29.0698 6556 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:50:29.0699 6556 LSI_FC - ok
17:50:29.0717 6556 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:50:29.0718 6556 LSI_SAS - ok
17:50:29.0737 6556 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:50:29.0738 6556 LSI_SCSI - ok
17:50:29.0782 6556 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:50:29.0783 6556 luafv - ok
17:50:29.0824 6556 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:50:29.0825 6556 mdmxsdk - ok
17:50:29.0846 6556 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:50:29.0847 6556 megasas - ok
17:50:29.0878 6556 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:50:29.0879 6556 Modem - ok
17:50:29.0917 6556 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:50:29.0918 6556 monitor - ok
17:50:29.0968 6556 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:50:29.0969 6556 mouclass - ok
17:50:30.0013 6556 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:50:30.0015 6556 mouhid - ok
17:50:30.0043 6556 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:50:30.0045 6556 MountMgr - ok
17:50:30.0082 6556 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:50:30.0085 6556 mpio - ok
17:50:30.0112 6556 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:50:30.0113 6556 mpsdrv - ok
17:50:30.0138 6556 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:50:30.0139 6556 Mraid35x - ok
17:50:30.0184 6556 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:50:30.0185 6556 MRxDAV - ok
17:50:30.0221 6556 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:50:30.0222 6556 mrxsmb - ok
17:50:30.0251 6556 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:50:30.0254 6556 mrxsmb10 - ok
17:50:30.0282 6556 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:50:30.0284 6556 mrxsmb20 - ok
17:50:30.0307 6556 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
17:50:30.0308 6556 msahci - ok
17:50:30.0329 6556 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:50:30.0330 6556 msdsm - ok
17:50:30.0383 6556 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:50:30.0384 6556 Msfs - ok
17:50:30.0421 6556 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:50:30.0422 6556 msisadrv - ok
17:50:30.0457 6556 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:50:30.0459 6556 MSKSSRV - ok
17:50:30.0511 6556 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:50:30.0515 6556 MSPCLOCK - ok
17:50:30.0536 6556 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:50:30.0536 6556 MSPQM - ok
17:50:30.0579 6556 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:50:30.0582 6556 MsRPC - ok
17:50:30.0603 6556 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:50:30.0604 6556 mssmbios - ok
17:50:30.0624 6556 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:50:30.0625 6556 MSTEE - ok
17:50:30.0645 6556 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:50:30.0646 6556 Mup - ok
17:50:30.0700 6556 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:50:30.0702 6556 NativeWifiP - ok
17:50:30.0833 6556 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120211.006\NAVENG.SYS
17:50:30.0835 6556 NAVENG - ok
17:50:30.0899 6556 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120211.006\NAVEX15.SYS
17:50:30.0918 6556 NAVEX15 - ok
17:50:31.0027 6556 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:50:31.0032 6556 NDIS - ok
17:50:31.0078 6556 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:50:31.0079 6556 NdisTapi - ok
17:50:31.0123 6556 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:50:31.0124 6556 Ndisuio - ok
17:50:31.0170 6556 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:50:31.0172 6556 NdisWan - ok
17:50:31.0215 6556 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:50:31.0217 6556 NDProxy - ok
17:50:31.0267 6556 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:50:31.0269 6556 NetBIOS - ok
17:50:31.0295 6556 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:50:31.0299 6556 netbt - ok
17:50:31.0354 6556 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:50:31.0355 6556 nfrd960 - ok
17:50:31.0383 6556 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:50:31.0384 6556 Npfs - ok
17:50:31.0434 6556 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:50:31.0435 6556 nsiproxy - ok
17:50:31.0507 6556 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:50:31.0520 6556 Ntfs - ok
17:50:31.0542 6556 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:50:31.0543 6556 ntrigdigi - ok
17:50:31.0561 6556 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:50:31.0562 6556 Null - ok
17:50:31.0631 6556 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
17:50:31.0640 6556 NVENETFD - ok
17:50:31.0910 6556 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:50:31.0974 6556 nvlddmkm - ok
17:50:32.0096 6556 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:50:32.0098 6556 nvraid - ok
17:50:32.0120 6556 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:50:32.0122 6556 nvstor - ok
17:50:32.0169 6556 nvstor32 (a1ce1a6fd74c046f029448fcfa5e386d) C:\Windows\system32\DRIVERS\nvstor32.sys
17:50:32.0170 6556 nvstor32 - ok
17:50:32.0195 6556 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:50:32.0197 6556 nv_agp - ok
17:50:32.0208 6556 NwlnkFlt - ok
17:50:32.0225 6556 NwlnkFwd - ok
17:50:32.0269 6556 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:50:32.0270 6556 ohci1394 - ok
17:50:32.0299 6556 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:50:32.0300 6556 Parport - ok
17:50:32.0342 6556 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:50:32.0343 6556 partmgr - ok
17:50:32.0365 6556 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:50:32.0366 6556 Parvdm - ok
17:50:32.0383 6556 PcdrNdisuio - ok
17:50:32.0425 6556 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:50:32.0427 6556 pci - ok
17:50:32.0445 6556 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:50:32.0446 6556 pciide - ok
17:50:32.0475 6556 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:50:32.0478 6556 pcmcia - ok
17:50:32.0518 6556 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:50:32.0527 6556 PEAUTH - ok
17:50:32.0619 6556 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:50:32.0621 6556 PptpMiniport - ok
17:50:32.0640 6556 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:50:32.0641 6556 Processor - ok
17:50:32.0684 6556 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
17:50:32.0685 6556 Ps2 - ok
17:50:32.0734 6556 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:50:32.0736 6556 PSched - ok
17:50:32.0790 6556 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
17:50:32.0791 6556 PxHelp20 - ok
17:50:32.0836 6556 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:50:32.0845 6556 ql2300 - ok
17:50:32.0869 6556 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:50:32.0870 6556 ql40xx - ok
17:50:32.0924 6556 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:50:32.0925 6556 QWAVEdrv - ok
17:50:32.0971 6556 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:50:32.0972 6556 RasAcd - ok
17:50:33.0025 6556 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:50:33.0026 6556 Rasl2tp - ok
17:50:33.0078 6556 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:50:33.0079 6556 RasPppoe - ok
17:50:33.0124 6556 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:50:33.0125 6556 RasSstp - ok
17:50:33.0160 6556 rcmirror (2564ddfad0e934123f84c74185a3e137) C:\Windows\system32\DRIVERS\rcmirror.sys
17:50:33.0161 6556 rcmirror - ok
17:50:33.0210 6556 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:50:33.0213 6556 rdbss - ok
17:50:33.0224 6556 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:50:33.0225 6556 RDPCDD - ok
17:50:33.0278 6556 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:50:33.0283 6556 rdpdr - ok
17:50:33.0298 6556 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:50:33.0300 6556 RDPENCDD - ok
17:50:33.0340 6556 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:50:33.0344 6556 RDPWD - ok
17:50:33.0411 6556 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:50:33.0412 6556 rspndr - ok
17:50:33.0438 6556 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:50:33.0439 6556 sbp2port - ok
17:50:33.0477 6556 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:50:33.0479 6556 secdrv - ok
17:50:33.0515 6556 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:50:33.0516 6556 Serenum - ok
17:50:33.0542 6556 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:50:33.0544 6556 Serial - ok
17:50:33.0593 6556 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:50:33.0594 6556 sermouse - ok
17:50:33.0630 6556 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:50:33.0631 6556 sffdisk - ok
17:50:33.0643 6556 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:50:33.0644 6556 sffp_mmc - ok
17:50:33.0662 6556 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:50:33.0663 6556 sffp_sd - ok
17:50:33.0677 6556 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:50:33.0678 6556 sfloppy - ok
17:50:33.0707 6556 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:50:33.0708 6556 sisagp - ok
17:50:33.0726 6556 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:50:33.0727 6556 SiSRaid2 - ok
17:50:33.0747 6556 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:50:33.0749 6556 SiSRaid4 - ok
17:50:33.0803 6556 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:50:33.0804 6556 Smb - ok
17:50:33.0855 6556 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:50:33.0857 6556 spldr - ok
17:50:33.0949 6556 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS
17:50:33.0959 6556 SRTSP - ok
17:50:34.0003 6556 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS
17:50:34.0004 6556 SRTSPX - ok
17:50:34.0052 6556 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:50:34.0056 6556 srv - ok
17:50:34.0095 6556 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:50:34.0098 6556 srv2 - ok
17:50:34.0131 6556 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:50:34.0134 6556 srvnet - ok
17:50:34.0199 6556 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:50:34.0200 6556 swenum - ok
17:50:34.0245 6556 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:50:34.0247 6556 Symc8xx - ok
17:50:34.0276 6556 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS
17:50:34.0281 6556 SymDS - ok
17:50:34.0344 6556 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS
17:50:34.0350 6556 SymEFA - ok
17:50:34.0376 6556 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
17:50:34.0378 6556 SymEvent - ok
17:50:34.0392 6556 SYMFW - ok
17:50:34.0437 6556 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS
17:50:34.0438 6556 SymIRON - ok
17:50:34.0450 6556 SYMNDISV - ok
17:50:34.0498 6556 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS
17:50:34.0502 6556 SYMTDIv - ok
17:50:34.0535 6556 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:50:34.0536 6556 Sym_hi - ok
17:50:34.0554 6556 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:50:34.0555 6556 Sym_u3 - ok
17:50:34.0638 6556 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:50:34.0645 6556 Tcpip - ok
17:50:34.0674 6556 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:50:34.0681 6556 Tcpip6 - ok
17:50:34.0725 6556 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:50:34.0726 6556 tcpipreg - ok
17:50:34.0768 6556 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:50:34.0769 6556 TDPIPE - ok
17:50:34.0797 6556 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:50:34.0799 6556 TDTCP - ok
17:50:34.0850 6556 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:50:34.0851 6556 tdx - ok
17:50:34.0878 6556 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:50:34.0879 6556 TermDD - ok
17:50:34.0942 6556 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:50:34.0944 6556 tssecsrv - ok
17:50:34.0987 6556 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:50:34.0988 6556 tunmp - ok
17:50:35.0029 6556 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:50:35.0030 6556 tunnel - ok
17:50:35.0067 6556 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:50:35.0068 6556 uagp35 - ok
17:50:35.0116 6556 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:50:35.0119 6556 udfs - ok
17:50:35.0168 6556 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:50:35.0169 6556 uliagpkx - ok
17:50:35.0196 6556 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:50:35.0199 6556 uliahci - ok
17:50:35.0223 6556 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:50:35.0224 6556 UlSata - ok
17:50:35.0247 6556 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:50:35.0249 6556 ulsata2 - ok
17:50:35.0291 6556 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:50:35.0292 6556 umbus - ok
17:50:35.0345 6556 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:50:35.0346 6556 usbccgp - ok
17:50:35.0367 6556 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:50:35.0369 6556 usbcir - ok
17:50:35.0406 6556 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:50:35.0407 6556 usbehci - ok
17:50:35.0488 6556 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:50:35.0490 6556 usbhub - ok
17:50:35.0513 6556 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:50:35.0515 6556 usbohci - ok
17:50:35.0535 6556 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:50:35.0536 6556 usbprint - ok
17:50:35.0584 6556 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:50:35.0585 6556 usbscan - ok
17:50:35.0607 6556 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:50:35.0608 6556 USBSTOR - ok
17:50:35.0632 6556 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
17:50:35.0633 6556 usbuhci - ok
17:50:35.0663 6556 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:50:35.0664 6556 vga - ok
17:50:35.0712 6556 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:50:35.0713 6556 VgaSave - ok
17:50:35.0731 6556 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:50:35.0733 6556 viaagp - ok
17:50:35.0750 6556 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:50:35.0752 6556 ViaC7 - ok
17:50:35.0779 6556 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
17:50:35.0780 6556 viaide - ok
17:50:35.0804 6556 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:50:35.0806 6556 volmgr - ok
17:50:35.0858 6556 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:50:35.0861 6556 volmgrx - ok
17:50:35.0910 6556 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:50:35.0912 6556 volsnap - ok
17:50:35.0935 6556 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:50:35.0937 6556 vsmraid - ok
17:50:35.0970 6556 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:50:35.0971 6556 WacomPen - ok
17:50:36.0016 6556 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:50:36.0018 6556 Wanarp - ok
17:50:36.0023 6556 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:50:36.0024 6556 Wanarpv6 - ok
17:50:36.0056 6556 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:50:36.0057 6556 Wd - ok
17:50:36.0117 6556 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:50:36.0122 6556 Wdf01000 - ok
17:50:36.0203 6556 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:50:36.0208 6556 winachsf - ok
17:50:36.0279 6556 WmBEnum (84a90f13eebf4380345ef9474d30f10e) C:\Windows\system32\drivers\WmBEnum.sys
17:50:36.0281 6556 WmBEnum - ok
17:50:36.0297 6556 WmFilter (eb0034ac02a44dc784a3174d2b81e764) C:\Windows\system32\drivers\WmFilter.sys
17:50:36.0299 6556 WmFilter - ok
17:50:36.0322 6556 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
17:50:36.0323 6556 WmiAcpi - ok
17:50:36.0354 6556 WmVirHid (72c4f5a748c74d8d4016ccfa7367210f) C:\Windows\system32\drivers\WmVirHid.sys
17:50:36.0355 6556 WmVirHid - ok
17:50:36.0374 6556 WmXlCore (eacdcced934a185e61ce0684f71c2dec) C:\Windows\system32\drivers\WmXlCore.sys
17:50:36.0375 6556 WmXlCore - ok
17:50:36.0419 6556 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:50:36.0420 6556 WpdUsb - ok
17:50:36.0448 6556 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:50:36.0449 6556 ws2ifsl - ok
17:50:36.0503 6556 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:50:36.0505 6556 WUDFRd - ok
17:50:36.0550 6556 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
17:50:36.0551 6556 XAudio - ok
17:50:36.0579 6556 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
17:50:36.0669 6556 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:50:36.0669 6556 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:50:36.0674 6556 Boot (0x1200) (66d7f2b1b3f8b4ae8daaa94f9c55703f) \Device\Harddisk0\DR0\Partition0
17:50:36.0675 6556 \Device\Harddisk0\DR0\Partition0 - ok
17:50:36.0684 6556 Boot (0x1200) (8e01ff2e8987a014c0c2492843830b75) \Device\Harddisk0\DR0\Partition1
17:50:36.0685 6556 \Device\Harddisk0\DR0\Partition1 - ok
17:50:36.0688 6556 ============================================================
17:50:36.0688 6556 Scan finished
17:50:36.0688 6556 ============================================================
17:50:36.0703 6948 Detected object count: 1
17:50:36.0704 6948 Actual detected object count: 1

Next step is GMER. Going to download now and will post results here or in a subsequent post if you have responded.

#4 Showtime100

Showtime100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 12 February 2012 - 08:32 PM

Did GMER scan....I was never asked about a full scan so I guess it did one? Again, thank you.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-12 19:29:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\000000b3 SAMSUNG_ rev.VT10
Running: ut5db370.exe; Driver: C:\Users\John\AppData\Local\Temp\kwldypog.sys


---- System - GMER 1.0.15 ----

SSDT 887C5C30 ZwAlertResumeThread
SSDT 88EA2430 ZwAlertThread
SSDT 88817F00 ZwAllocateVirtualMemory
SSDT 88707D88 ZwAlpcConnectPort
SSDT 88818E60 ZwAssignProcessToJobObject
SSDT 8881DBB8 ZwCreateMutant
SSDT 88818AC8 ZwCreateSymbolicLinkObject
SSDT 88FC4330 ZwCreateThread
SSDT 88818D30 ZwDebugActiveProcess
SSDT 89003400 ZwDuplicateObject
SSDT 88817C00 ZwFreeVirtualMemory
SSDT 88508008 ZwImpersonateAnonymousToken
SSDT 8881CCD0 ZwImpersonateThread
SSDT 88707D10 ZwLoadDriver
SSDT 88817B20 ZwMapViewOfSection
SSDT 888C2DA8 ZwOpenEvent
SSDT 890035A0 ZwOpenProcess
SSDT 88817FD0 ZwOpenProcessToken
SSDT 888C2BB0 ZwOpenSection
SSDT 890034D0 ZwOpenThread
SSDT 88819A88 ZwProtectVirtualMemory
SSDT 88371CD0 ZwResumeThread
SSDT 8881BDD0 ZwSetContextThread
SSDT 8881BF38 ZwSetInformationProcess
SSDT 88819F08 ZwSetSystemInformation
SSDT 888C2CC8 ZwSuspendProcess
SSDT 88371D70 ZwSuspendThread
SSDT 88FC4510 ZwTerminateProcess
SSDT 8881CC98 ZwTerminateThread
SSDT 88817A60 ZwUnmapViewOfSection
SSDT 88817D88 ZwWriteVirtualMemory
SSDT 88818BB8 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 820BB8A0 8 Bytes [30, 5C, 7C, 88, 30, 24, EA, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 820BB8B4 4 Bytes [00, 7F, 81, 88]
.text ntkrnlpa.exe!KeSetEvent + 13D 820BB8C0 4 Bytes [88, 7D, 70, 88]
.text ntkrnlpa.exe!KeSetEvent + 191 820BB914 4 Bytes [60, 8E, 81, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820BB978 4 Bytes [B8, DB, 81, 88]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91405340, 0x3DA8C7, 0xE8000020]
? system32\drivers\28256300.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2068] kernel32.dll!SetUnhandledExceptionFilter 7682A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!EnableWindow 764FCD8B 5 Bytes JMP 709E9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!DialogBoxParamW 765210B0 5 Bytes JMP 7094170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!DialogBoxIndirectParamW 76522EF5 5 Bytes JMP 70B362BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!DialogBoxParamA 76538152 5 Bytes JMP 70B36259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!DialogBoxIndirectParamA 7653847D 5 Bytes JMP 70B36323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!MessageBoxIndirectA 7654D4D9 5 Bytes JMP 70B361E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!MessageBoxIndirectW 7654D5D3 5 Bytes JMP 70B36167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!MessageBoxExA 7654D639 5 Bytes JMP 70B36103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6040] USER32.dll!MessageBoxExW 7654D65D 5 Bytes JMP 70B3609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] kernel32.dll!CreateThread 7684CB2E 5 Bytes JMP 709A7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!CreateDialogParamW 764F72A2 5 Bytes JMP 70B36628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!GetAsyncKeyState 764F863C 5 Bytes JMP 7098DD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!SetWindowsHookExW 764F87AD 5 Bytes JMP 709E2194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!CallNextHookEx 764F8E3B 5 Bytes JMP 70A07BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!UnhookWindowsHookEx 764F98DB 5 Bytes JMP 70A2EB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!EnableWindow 764FCD8B 5 Bytes JMP 709E9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!DefWindowProcA 764FDB88 7 Bytes JMP 709A952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!CreateWindowExA 764FDC2A 5 Bytes JMP 709B3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!CreateWindowExW 76501305 5 Bytes JMP 70A0FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!GetKeyState 76508CB1 5 Bytes JMP 7098DC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!DefWindowProcW 765103B4 7 Bytes JMP 70A07C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!IsDialogMessageW 76510745 5 Bytes JMP 70B36D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!CreateDialogParamA 765117AA 5 Bytes JMP 70B365F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!IsDialogMessage 76511847 2 Bytes JMP 70B36D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!IsDialogMessage + 3 7651184A 2 Bytes [62, FA]
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!CreateDialogIndirectParamA 765126F1 5 Bytes JMP 70B36660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!CreateDialogIndirectParamW 76519A62 5 Bytes JMP 70B36698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!SetKeyboardState 76520987 5 Bytes JMP 70B37649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!DialogBoxParamW 765210B0 5 Bytes JMP 7094170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!DialogBoxIndirectParamW 76522EF5 5 Bytes JMP 70B362BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!SendInput 76522F75 5 Bytes JMP 70B375F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!EndDialog 7652326E 5 Bytes JMP 70B3702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!SetCursorPos 76536FB2 5 Bytes JMP 70B376CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!DialogBoxParamA 76538152 5 Bytes JMP 70B36259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!DialogBoxIndirectParamA 7653847D 5 Bytes JMP 70B36323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!MessageBoxIndirectA 7654D4D9 5 Bytes JMP 70B361E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!MessageBoxIndirectW 7654D5D3 5 Bytes JMP 70B36167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!MessageBoxExA 7654D639 5 Bytes JMP 70B36103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!MessageBoxExW 7654D65D 5 Bytes JMP 70B3609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] USER32.dll!keybd_event 7654D972 5 Bytes JMP 70B375AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] SHELL32.dll!SHRestricted + D95 76BA89A8 4 Bytes [CF, 01, 8D, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] SHELL32.dll!SHRestricted + D9D 76BA89B0 8 Bytes [E0, 61, 8C, 6E, 79, F7, 8C, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6896] ole32.dll!OleLoadFromStream 76641E80 5 Bytes JMP 70B36A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7484A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74828395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7487CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7481C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[564] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6E8C47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6E8C47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6E8D029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E8C5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6E8DBC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6E8DE089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6E8DC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6E8D7F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E8DF500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6E8DF94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6E8E07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6E8DFCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6E8C6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E8C63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E8DB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E8C4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6E8C47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E8DABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E8D1555] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6E8D0E28] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E8C60B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6E8C7278] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E8E33C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E8D19CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6E8C6692] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E8C5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E8C6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E8DBC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6E8C47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E8C4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E8C63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6E8D029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E8DC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6E8DF94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6E8DF9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6E8E072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6E8DFCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6E8E07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6E8D0ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6E8DEFD7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6E8D9229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6E8DE73F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6E8DECFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6E8DC6B1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6E8C5F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E8DF500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6E8D939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6E8C6291] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6E8DC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6E8DE089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6E8DEE67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6E8DDFBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6E8C47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6E8C6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [6E8D7BE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [6E8D7F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6E8CF1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6E8C63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6E8C4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E8C4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E8DE457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E8DB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E8DABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E8DAA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E8DC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E8C5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E8D939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E8C63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E8DFCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E8E07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E8D029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E8C5F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E8D9229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E8CF1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E8DF9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E8E072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E8DF94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E8DF2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E8D0ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E8C6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6E8C47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6E8DD6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6E8DD557] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6E8C6692] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6E8E2FB4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6E8E327D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E8E3B2F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6E8CEEBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6E8D19CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6E8C60B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6E8D0859] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6E8E3983] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6E8E33C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E8D1555] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6E8C7278] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6E8D0E28] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6E8E3E89] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6E8CF30B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6E8E3FED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6E8E3D27] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6E8CFCC5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E8DA56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6E8E07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E8DE457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E8DA89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E8DB245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E8DB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E8DC49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E8DF500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E8DBC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E8D9F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6E8C5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6E8D7F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E8DE089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6E8DFCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6E8DF94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E8D9AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6E8D0ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6E8D029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E8DA249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E8DABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6E8DEE67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6E8C6291] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6E8DC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6E8D939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6E8C5F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E8DE0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6E8D9C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E8C4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6E8C63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6E8D968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6E8C6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6E8D997F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E8DCB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E8DD6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E8DD11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6E8E0DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6E8CF725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6E8CF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6E8E0D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6E8E1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6E8E1095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6E8CFB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6E8E12D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6E8CFA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6E8E1542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6E8E1590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6E8E1C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6E8E1191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6E8E1BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6E8E19EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6E8CE265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6E8E1B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6E8E136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [6E8E162F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6E8E1284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6E8E194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6E8E0F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6E8E2769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6E8E2937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6E8C7430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E8D0178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6E8CFC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6E8C4984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6E8E140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6E8E17B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6E8E171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6E8E1CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6E8E18A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6E8CFA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6E8C5D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6E8C4927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6E8E0F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6E8E2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6E8E2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6E8E20D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6E8E218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6E8D0123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6E8E1F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6E8D8C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6E8DF94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6E8DFCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6E8C5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6E8D029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6E8D7F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6E8DC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6E8D9C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6E8D968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6E8C63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E8C4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6E8C5F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6E8C6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6E8CF6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6E8E1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6E8E2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6E8E2B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6E8E2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E8D0178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [6E8C64C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6E8C4CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6E8C4927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6E8C4984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6E8C6528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6E8C47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6E8C47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [6E8C47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [6E8C47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6E8C47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6E8C47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6E8C47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6896] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6E8C47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\60880079 \Device\KLMD16012012_207010 28256300.sys

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB34577$\3610791977 0 bytes
File C:\WINDOWS\$NtUninstallKB34577$\3610791977\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB34577$\3610791977\cfg.ini 109 bytes
File C:\WINDOWS\$NtUninstallKB34577$\3610791977\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB34577$\3610791977\L 0 bytes
File C:\WINDOWS\$NtUninstallKB34577$\3610791977\L\qnbwvoto 67072 bytes
File C:\WINDOWS\$NtUninstallKB34577$\3610791977\U 0 bytes
File C:\WINDOWS\$NtUninstallKB34577$\3610791977\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB34577$\3610791977\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB34577$\3610791977\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB34577$\3610791977\U\80000000.@ 66048 bytes
File C:\WINDOWS\$NtUninstallKB34577$\3610791977\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB34577$\3610791977\U\80000032.@ 73216 bytes
File C:\WINDOWS\$NtUninstallKB34577$\3610791977\version 856 bytes
File C:\WINDOWS\$NtUninstallKB34577$\638541133 0 bytes

---- EOF - GMER 1.0.15 ----

#5 Showtime100

Showtime100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 12 February 2012 - 10:32 PM

Ok, sir. I hope I did this as requested. The aswMBR scan is as follows...

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-12 19:37:25
-----------------------------
19:37:25.403 OS Version: Windows 6.0.6002 Service Pack 2
19:37:25.403 Number of processors: 2 586 0x4B02
19:37:25.404 ComputerName: JOHN-PC UserName: John
19:37:27.068 Initialize success
19:38:34.615 AVAST engine defs: 12021201
19:38:54.240 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\000000b3
19:38:54.246 Disk 0 Vendor: SAMSUNG_ VT10 Size: 238475MB BusType: 6
19:38:54.528 Disk 0 MBR read successfully
19:38:54.533 Disk 0 MBR scan
19:38:54.539 Disk 0 unknown MBR code
19:38:54.646 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 230616 MB offset 63
19:38:54.745 Disk 0 Partition 2 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 488391120
19:38:54.751 Disk 0 Partition 2 **INFECTED** MBR:Alureon-K [Rtk]
19:38:54.844 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 7855 MB offset 472303440
19:38:55.053 Disk 0 scanning sectors +488397152
19:38:55.818 Disk 0 scanning C:\Windows\system32\drivers
19:40:42.264 Service scanning
19:40:43.430 Modules scanning
19:42:54.943 Disk 0 trace - called modules:
19:42:55.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys HSX_CNXT.sys
19:42:55.053 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86626ac8]
19:42:55.059 3 CLASSPNP.SYS[8a79e8b3] -> nt!IofCallDriver -> [0x8565a128]
19:42:55.067 5 acpi.sys[826936bc] -> nt!IofCallDriver -> \Device\000000b3[0x8565ab60]
19:42:56.046 AVAST engine scan C:\Windows
19:44:58.119 AVAST engine scan C:\Windows\system32
20:06:45.892 AVAST engine scan C:\Windows\system32\drivers
20:11:19.295 AVAST engine scan C:\Users\John
20:49:19.073 AVAST engine scan C:\ProgramData
21:21:53.398 Scan finished successfully
21:22:40.775 Disk 0 MBR has been saved successfully to "C:\Users\John\Documents\MBR.dat"
21:22:40.788 The log file has been saved successfully to "C:\Users\John\Documents\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:52 PM

Posted 13 February 2012 - 12:39 AM

Hi

Your PC is infected with zero access rootkit which needs advanced tools

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#7 Showtime100

Showtime100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 13 February 2012 - 01:05 AM

I am not sure I understand. Please elaborate. I feel I'm being admonished and am not sure why.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:52 PM

Posted 13 February 2012 - 01:13 AM

Your PC is infected with a rootkit .We need to use advanced tools to remove it.You should a create a topic in another forum.

Before creating a topic we need to follow some guide Follow this guide here,on posting the logs.

http://www.bleepingcomputer.com/forums/topic34773.html

This is where you need to start a topic

http://www.bleepingcomputer.com/forums/forum22.html

Create a topic,post the logs and wait for expert help

good luck

Edited by narenxp, 13 February 2012 - 01:15 AM.


#9 Showtime100

Showtime100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 13 February 2012 - 02:26 AM

I wish you would have said that 3 hours-worth of scans ago. Look, thanks for the help, but to tell me all this only to leave me hanging after the fact........(Expletive)

If for reason I am still not getting it (though I do understand....another section for this post) I apologize, but I still don't understand why the scans...then this. I still have the same problem.

Edited by Showtime100, 13 February 2012 - 02:32 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users